Breaking cybersecurity news and threat intelligence
Security researchers have identified a sophisticated new Android banking trojan that represents one of the most comprehensive mobile threats to emerge this year. Named Rokarolla, this malware exhibits an alarming range of capabilities that give attackers virtually complete control over compromised…
Security researchers have uncovered a concerning development in the threat landscape as the notorious Lorem Ipsum malware campaign has pivoted its delivery mechanism, now leveraging the ClickFix technique to compromise vulnerable systems. This evolution represents a significant escalation in the…
Security professionals are on high alert as threat actors actively target critical vulnerabilities in Fortinet's FortiSandbox solution, a key component of many enterprise security infrastructures designed to detect and analyze advanced threats. This development underscores the persistent challenge…
North Korean threat actors have escalated their cyber operations with a sophisticated new campaign leveraging deceptive Microsoft security alerts to distribute malware. Security researchers at Genians Security Center recently uncovered an attack campaign conducted by the notorious ScarCruft group…
Security researchers have identified a concerning malware delivery method that exploits Windows' native virtual disk handling capabilities to distribute Remcos Remote Access Trojan (RAT). This attack vector demonstrates how threat actors continue to evolve their tactics by leveraging legitimate…
Cisco has alerted customers to a medium-severity vulnerability in its Catalyst SD-WAN Manager that is being actively exploited by threat actors. The networking giant has released security patches to address the security flaw, underscoring the persistent threat landscape facing enterprise network…
The U.S. Cybersecurity and Infrastructure Security Agency has issued a critical alert regarding a security vulnerability in the LiteSpeed cPanel Plugin that is currently being exploited in active attacks. This development signals elevated risk for organizations relying on this popular web server…
North Korean threat actors have reportedly devised a sophisticated new approach to infiltrating organizations by exploiting the very tools developers rely on daily. According to cybersecurity researchers, a persistent threat cluster known as Contagious Interview—also tracked as Famous Chollima,…
Security researchers recently uncovered a critical vulnerability in Microsoft's Copilot that demonstrates a concerning evolution in AI-related threats. The "SearchLeak" attack represents a new frontier of security risks associated with generative AI tools, highlighting how prompt injection…
A sophisticated cyber espionage operation linked to Chinese threat actors has been uncovered after successfully infiltrating US research institutions undetected for approximately one year. The sprawling campaign, recently discovered and disrupted by Google's security researchers, represents a stark…
A troubling tension exists in many corporate boardrooms today, as Chief Information Security Officers (CISOs) find themselves caught between their duty to report security issues accurately and increasing pressure to present a more favorable picture of their organization's security posture. Recent…
Security researchers have uncovered a critical vulnerability in Microsoft's AI-powered Copilot Enterprise Search that could have allowed attackers to exfiltrate sensitive corporate data with just a single click. The discovery highlights the emerging security challenges organizations face as they…
A dangerous vulnerability chain recently discovered in LiteLLM, a popular open-source AI gateway, demonstrates how seemingly minor security weaknesses can be chained together for complete server compromise. Researchers at Obsidian Security have revealed how attackers with minimal privileges can…