Aug 22, 2025Ravie LakshmananCybercrime / Malware A 55-year-old Chinese national has been sentenced to four years in prison and three years of supervised release for sabotaging his former employer’s network with custom malware and deploying…
Aug 21, 2025Ravie LakshmananVulnerability / Software Security Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances. The list of vulnerabilities, identified in Commvault…
Aug 21, 2025Ravie LakshmananMalware / Cryptocurrency Threat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3. Google-owned Mandiant described the activity, which it tracks…
Aug 21, 2025Ravie LakshmananMalware / Email Security Cybersecurity researchers have disclosed details of a new malware loader called QuirkyLoader that’s being used to deliver via email spam campaigns an array of next-stage payloads ranging from…
As security professionals, it’s easy to get caught up in a race to counter the latest advanced adversary techniques. Yet the most impactful attacks often aren’t from cutting-edge exploits, but from cracked credentials and compromised…
Aug 21, 2025Ravie LakshmananData Breach / Cybercrime A 20-year-old member of the notorious cybercrime gang known as Scattered Spider has been sentenced to ten years in prison in the U.S. in connection with a series…
Aug 21, 2025Ravie LakshmananVulnerability / Zero-Day Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild. The zero-day out-of-bounds…
Aug 20, 2025Ravie LakshmananVulnerability / Browser Security Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication (2FA) codes, and…
Aug 20, 2025Ravie LakshmananCyber Espionage / Vulnerability A Russian state-sponsored cyber espionage group known as Static Tundra has been observed actively exploiting a seven-year-old security flaw in Cisco IOS and Cisco IOS XE software as…
Cybersecurity researchers have demonstrated a new prompt injection technique called PromptFix that tricks a generative artificial intelligence (GenAI) model into carrying out intended actions by embedding the malicious instruction inside a fake CAPTCHA check on…