Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw
A number of state-back threat actors from Russia and China have been observed exploiting a recent security flaw in the…
2023
Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps
The North Korea-linked Lazarus Group (aka Hidden Cobra or TEMP.Hermit) has been observed using trojanized versions of Virtual Network Computing…
Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms
Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could…
Unraveling Real-Life Attack Paths – Key Lessons Learned
In the ever-evolving landscape of cybersecurity, attackers are always searching for vulnerabilities and exploits within organizational environments. They don't just…
Qubitstrike Targets Jupyter Notebooks with Crypto Mining and Rootkit Campaign
A threat actor, presumably from Tunisia, has been linked to a new campaign targeting exposed Jupyter Notebooks in a two-fold…
TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments
Government entities in the Asia-Pacific (APAC) region are the target of a long-running cyber espionage campaign dubbed TetrisPhantom. "The attacker…
New Admin Takeover Vulnerability Exposed in Synology’s DiskStation Manager
A medium-severity flaw has been discovered in Synology's DiskStation Manager (DSM) that could be exploited to decipher an administrator's password…
D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack
Taiwanese networking equipment manufacturer D-Link has confirmed a data breach that led to the exposure of what it said is…
Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure
In what's the latest evolution of threat actors abusing legitimate infrastructure for nefarious ends, new findings show that nation-state hacking…
Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software
Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve…