Apr 14, 2025Ravie LakshmananCyber Attack / Malware A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously…
Apr 11, 2025Ravie LakshmananNetwork Security / Vulnerability Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the…
The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul. The activity, which took place between July and December 2024, singled out organizations in the…
What are IABs? Initial Access Brokers (IABs) specialize in gaining unauthorized entry into computer systems and networks, then selling that access to other cybercriminals. This division of labor allows IABs to concentrate on their core…
Apr 11, 2025Ravie LakshmananVulnerability / Network Security Palo Alto Networks has revealed that it’s observing brute-force login attempts against PAN-OS GlobalProtect gateways, days after threat actors warned of a surge in suspicious login scanning activity…
Cybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware called SpyNote. These bogus websites masquerade as Google Play Store install pages…
Apr 11, 2025Ravie LakshmananWebsite Security / Vulnerability A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure. The vulnerability, tracked as CVE-2025-3102 (CVSS…
Apr 10, 2025Ravie LakshmananContainer Security / Vulnerability Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive…
Apr 10, 2025Ravie LakshmananMalware / Cryptocurrency Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries to execute malicious code in what’s…
Overview of the PlayPraetor Masquerading Party Variants CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking attack has now grown…