Jun 24, 2025Ravie LakshmananMalware / Cryptocurrency Cybersecurity researchers have detailed two novel methods that can be used to disrupt cryptocurrency mining botnets. The methods take advantage of the design of various common mining topologies in…
Jun 24, 2025Ravie LakshmananVulnerability / Malware Unidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials. Positive Technologies, in a new…
Jun 24, 2025Ravie LakshmananThreat Exposure Management I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn’t have asked for a better kickoff panel: three…
Jun 24, 2025Ravie LakshmananCloud Security / Cryptojacking Misconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in susceptible environments. “Attackers are exploiting misconfigured Docker APIs…
Jun 24, 2025Ravie LakshmananData Protection / Mobile Security The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns. The development was first reported by Axios.…
Jun 24, 2025Ravie LakshmananMalware / Threat Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat actors using Signal chat messages…
Jun 24, 2025Ravie LakshmananCyber Espionage / Chinese Hackers The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt…
Jun 23, 2025Ravie LakshmananLLM Security / AI Security Cybersecurity researchers are calling attention to a new jailbreaking method called Echo Chamber that could be leveraged to trick popular large language models (LLMs) into generating undesirable…
Jun 23, 2025Ravie LakshmananHacktivism / Cyber Warfare The United States government has warned of cyber attacks mounted by pro-Iranian groups after it launched airstrikes on Iranian nuclear sites as part of the Iran–Israel war that…
Jun 23, 2025Ravie LakshmananCyber Espionage / Vulnerability Cybersecurity researchers have uncovered a Go-based malware called XDigo that has been used in attacks targeting Eastern European governmental entities in March 2025. The attack chains are said…