Jan 29, 2025Ravie LakshmananCyber Espionage / Threat Intelligence The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal…
Jan 29, 2025Ravie LakshmananVulnerability / Software Security Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked…
Jan 29, 2025Ravie LakshmananVulnerability / Network Security Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild. “Attackers can leverage this vulnerability to…
Jan 28, 2025Ravie LakshmananPhishing Attack / Network Security A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in…
Jan 28, 2025Ravie Lakshmanan Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals. “By exploiting this flaw, attackers can gain unauthorized access…
Triaging and investigating alerts is central to security operations. As SOC teams strive to keep up with ever-increasing alert volumes and complexity, modernizing SOC automation strategies with AI has emerged as a critical solution. This…
Jan 28, 2025Ravie LakshmananRansomware / Threat Intelligence Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2)…
While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing…
Jan 28, 2025Ravie LakshmananCybersecurity / Cyber Espionage The Council of the European Union has sanctioned three individuals for allegedly carrying out “malicious cyber activities” against Estonia. The three Russian nationals – Nikolay Alexandrovich Korchagin, Vitaly…
Jan 28, 2025Ravie LakshmananArtificial Intelligence / Technology DeepSeek, the Chinese AI startup that has captured much of the artificial intelligence (AI) buzz in recent days, said it’s restricting registrations on the service, citing malicious attacks.…