Year: 2025

AI-Powered Social Engineering: Ancillary Tools and Techniques

by
Social engineering is advancing fast, at the speed of generative AI. This is offering bad actors multiple new tools and techniques for researching, scoping, and exploiting organizations. In a recent communication, the FBI pointed out: ‘As technology continues to evolve, so do cybercriminals’ tactics.’
This article explores some of the impacts of this GenAI-fueled acceleration. And examines what

Microsoft: Russian-Linked Hackers Using ‘Device Code Phishing’ to Hijack Accounts

by
Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024.
The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas

RansomHub Becomes 2024’s Top Ransomware Group, Hitting 600+ Organizations Globally

by
The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network’s domain controller as part of their post-compromise strategy.
“RansomHub has targeted over 600 organizations globally, spanning sectors

SecPod Partner Journey: Navigating the SecPod Partner Experience

by

At SecPod, partnerships are more than just transactions – they are built on collaboration, shared growth, and long-term success. Whether you’re an established organization or an emerging player, we ensure that our structured partner journey equips you with everything needed to succeed in cybersecurity space. So, what can you expect when you become a SecPod … Read more

Culture Begins When : #WeLoveWhatWeDo

by

There’s a saying, ‘Do what you love, and you’ll never work a day in your life.’ But how many of us truly feel that way? Work is often seen as a routine, but for those who love what they do, it’s an adventure filled with learning, challenges, and growth. This Valentine’s, we are celebrating not … Read more

Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks

by
Threat actors are exploiting a zero-day SQL injection vulnerability in PostgreSQL, according to researchers from cybersecurity firm Rapid7. Rapid7 researchers discovered a high-severity SQL injection flaw, tracked as CVE-2025-1094, in PostgreSQL’s psql tool. The experts discovered the flaw while investigating the exploitation of the vulnerability CVE-2024-12356 for remote code execution. BeyondTrust patched CVE-2024-12356 in December […]

Love and Lies: The Tinder Swindler’s Ayleen Charlotte talks to Bitdefender about Romance Scams (Part 2)

by
In Part 1 of our conversation with Ayleen Charlotte, we explored her personal story and the emotional manipulation that romance scammers use to deceive their victims. Now, in Part 2, we shift our focus to the lessons she learned, and expert advice on how to stay safe from romance scams.

How did your life change after the scam? How long did it take you to heal emotionally, and what steps did you take to recover?

“It took a long time, longer than I expected. The financial loss was one thing,

Love and Lies: The Tinder Swindler’s Ayleen Charlotte talks to Bitdefender about Romance Scams (Part 1)

by
Finding love is not like the sweet romances of the movies – you don’t just bump into your soulmate in the park and live happily ever after. In another sense, though, it can sometimes resemble a movie script – that attractive, suave “love of your life” might just be acting.

Especially when courtship is online.

While online dating has made the search for a partner more accessible, it has also opened the door to an emotionally devastating type of scam: romance fraud.

These criminals prey on the

Valve removed the game PirateFi from the Steam video game platform because contained a malware

by
Valve removed a game from Steam because it contained malware, the company also warned affected users to reformat their operating systems. Valve removed the game PirateFi from the Steam video game platform because it contained a Windows malicious code to steal browser cookies and hijack accounts. The company also warned affected users to fully reformatting […]

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

by
Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7.
The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql.
“An