Jul 24, 2025Ravie LakshmananNetwork Security / Vulnerability Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances that could be exploited to achieve remote…
Jul 24, 2025The Hacker News Is Managing Customer Logins and Data Giving You Headaches? You’re Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let’s be honest, we’re also more careful…
You wouldn’t run your blue team once a year, so why accept this substandard schedule for your offensive side? Your cybersecurity teams are under intense pressure to be proactive and to find your network’s weaknesses…
Jul 24, 2025Ravie LakshmananCyber Espionage / Malware The Tibetan community has been targeted by a China-nexus cyber espionage group as part of two campaigns conducted last month ahead of the Dalai Lama’s 90th birthday on…
Jul 24, 2025Ravie LakshmananVulnerability / Ransomware Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targeted systems. The tech giant, in an update…
Europol on Monday announced the arrest of the suspected administrator of XSS.is (formerly DaMaGeLaB), a notorious Russian-speaking cybercrime platform. The arrest, which took place in Kyiv, Ukraine, on July 222, 2025, was led by the…
Jul 24, 2025Ravie LakshmananCybersecurity / Web Security Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the “mu-plugins” directory in WordPress sites to grant threat actors persistent access and allow them to perform arbitrary…
Jul 23, 2025Ravie LakshmananMalware / Cryptocurrency The threat actor behind the exploitation of vulnerable Craft Content Management System (CMS) instances has shifted its tactics to target Magento CMS and misconfigured Docker instances. The activity has…
Jul 23, 2025Ravie LakshmananWindows Security / Cryptocurrency The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework called UI Automation (UIA) to harvest sensitive information.…
Security experts have been talking about Kerberoasting for over a decade, yet this attack continues to evade typical defense methods. Why? It’s because existing detections rely on brittle heuristics and static rules, which don’t hold…