All Articles (2450)

Sort by

13538469687?profile=RESIZE_400xAccording to Dutch military intelligence, Russia is increasing its hybrid attacks aimed at undermining society in the Netherlands and its European allies, and Russian hackers have already targeted the Dutch public service.  "We see the Russian threat against Europe is increasing, including after a possible end to the war against Ukraine," MIVD director Peter Reesink said in the agency's annual report.  In the Netherlands, we saw the first (Russian) cyber sabotage act against a public service, wi

13539045857?profile=RESIZE_400xWhenever a new form of digital communication becomes prevalent, actors inevitably adopt it to send spam and try to profit from unsuspecting users. Email has been the perennial choice for spam delivery, but the prevalence of new communications platforms has expanded the spam attack surface considerably.

This report explores AkiraBot, a Python framework that targets contact forms and chat widgets on small to medium-sized business websites. AkiraBot is designed to post AI-generated spam messages ta

13538736287?profile=RESIZE_400xOne of the new challenges in cybersecurity is the rise of AI-driven phishing campaigns. Recent findings from Hoxhunt https://noxhunt.com show that artificial intelligence is now outpacing human red teams in developing more sophisticated phishing attacks. As these attacks become more personalized and effective, it is crucial for organizations worldwide to understand the profound impact of AI on cyber threats. This understanding is vital for developing strategies to counteract these advanced threa

13538224685?profile=RESIZE_400xFortiGuard Labs recently discovered a new botnet propagating through TOTOLINK devices.  Unlike previous malware targeting these devices, this variant is written in Rust, a programming language introduced by Mozilla in 2010.  Due to its Rust-based implementation, analysts have named the malware “RustoBot.”

Incidents - In January and February of 2025, FortiGuard Labs observed a significant increase in alerts related to attacking via TOTOLINK vulnerabilities.

TOTOLINK vulnerabilities often stem fro

13538643696?profile=RESIZE_180x180Cybercriminals are constantly finding new ways to trick people, and one of the latest scams on the rise is called vishing, short for voice phishing. Unlike email scams (also known as phishing), vishing occurs over the phone. Recent studies have highlighted a dramatic escalation in vishing attacks.

See: https://redskyalliance.org/xindustry/let-s-talk-about-vishing

The 2025 CrowdStrike Global Threat Report documented a 442% surge in vishing incidents from the first to the second half of 2024. Addi

13538466691?profile=RESIZE_400xThe Maritime Union of Australia (MUA) has claimed that DP World’s port automation plan at Melbourne, Sydney and Brisbane will make Australian container terminals become less productive, more costly and less safe.  In correspondence to the MUA, DP World has indicated plans to spend more than AU$600m (US$383m) on automated equipment within the Australian container terminal network.

The announcement has been made without fulfilling consultation requirements set out in the Enterprise Agreement signe

13536586278?profile=RESIZE_400xA newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) was actively exploited within a few hours of public disclosure. The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites.

"The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to

13536919285?profile=RESIZE_400xOn 16 April, US DHS CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability.

Found in CVE-2021-20035, this security flaw impacts SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v (ESX, KVM, AWS, Azure) devices.  Successful exploitation can allow remote threat actors with low privileges to execute arbitrary code in low-complexity attacks.  "Improper neutralization of speci

13536552653?profile=RESIZE_400xArtificial intelligence (AI) has made remarkable strides over the past few decades, transforming various industries and applications.  Among the most notable advancements is the development of AI-generated chatbots, which have revolutionized customer service, personal assistance, and content generation. These chatbots, powered by sophisticated algorithms and machine learning techniques, offer seamless and intuitive interactions with users, redefining the boundaries of human-machine communication

13536588282?profile=RESIZE_400xThe rapid adoption of Generative AI (GenAI) and the emergence of Agentic AI has unlocked new opportunities for security teams to stay ahead of attacks better. In security operations centers worldwide, organizations rapidly adopt AI tools to augment human analysts, improve efficiency, and lay the foundation for a more autonomous SOC. Across the industry, the focus has shifted from whether to adopt AI, from behavioral AI and machine learning to generative AI and now agentic AI, to how best to impl

13536584263?profile=RESIZE_400xSeveral government security agencies worldwide are warning people about spyware that has been snooping on mobile phone users' private data. An advisory from the various agencies recently revealed that the spyware variants have been targeting users connected to Taiwanese independence and similar movements. Known as Badbazaar and Moonshine, the two spyware strains have been spoofing legitimate apps to trick unsuspecting victims. [1]

The advisory comes from a host of agencies, including the Austral

13536336072?profile=RESIZE_400xThreat actors are using a technique known as "spam bombing" to overload victims' email inboxes and provide cover for more harmful activity. Security vendor Darktrace, analysts Maria Geronikolou and Cameron Boyd detailed an example of the technique where the threat actor used a legitimate email campaign product to swarm a victim with spam emails and then attempted to phish them under the guise of a "helpful" IT staffer. The attack is an example of how threat actors use legitimate products for mal

13536231676?profile=RESIZE_400xThe social media platform, owned by leading Chinese technology firm Bytedance, was the target of legislation following an order by the US Congress that it be sold or face a permanent ban in the US market, where it has 170 million users. The original deadline was set for the end of February, although this was extended by 90 days following Donald Trump's inauguration. The US President has signed an executive order and given TikTok a 75-day extension in a move intended to provide his administration

13534963296?profile=RESIZE_400xRecent reports indicate that the US Cybersecurity and Infrastructure Security Agency (CISA) is preparing for significant workforce reductions.  These changes are the result of budgetary pressures, duplication of departments, advances in AI and evolving threat landscapes, have far-reaching implications across multiple levels of the cybersecurity ecosystem.

CISA, known as "America's Cyber Defense Agency," is facing massive layoffs that could impact its ability to safeguard the nation's critical in

13534902694?profile=RESIZE_400xChinese counterparts reveal that hacks had been targeting networks for years as a warning against aiding Taiwan.  China openly admitted it was behind a series of cyber-attacks on US infrastructure in a secret meeting with American officials, according to reports.  Members of the Chinese delegation indicated to their US counterparts in December 2024 that they had spent years targeting computer networks in electrical grids, water supplies and ports, in what appeared to be a warning against the US

13533156863?profile=RESIZE_400xAs more organizations adopt containerization, Kubernetes adoption is at an all-time high. A key component of any Kubernetes cluster is allowing and managing external traffic to the services organizations are building. Enter Ingress. As a powerful component and set of resources that expose services to the outside world, Ingress’s power and complexity lend themselves to a considerable risk profile when compromised.

In this report, Sentinel Labs discusses a grouping of critical vulnerabilities dubb

13532510277?profile=RESIZE_400xWeb-based credit card skimming remains a widespread and persistent threat, known for its ability to adapt and evolve over time.  FortiGuard Labs recently observed a sophisticated campaign called “RolandSkimmer,” named after the unique string “Rol@and4You” found embedded in its payload.  This threat actor targets users in Bulgaria and represents a new wave of credit card skimming attacks leveraging malicious browser extensions across Chrome, Edge, and Firefox.

Link to full report:  IR-25-097-002_

13532383276?profile=RESIZE_400xAnother vulnerability impacting firewall products from Ivanti is being exploited by alleged China-based hackers.  An Ivanti advisory released last week confirmed that a “limited number of customers”  have been attacked through a bug impacting its Connect Secure, Policy Secure & ZTA Gateways tools, which are used by large organizations and government clients to keep malicious traffic out while allowing employees to have remote access to systems.

The next day, the US Cybersecurity and Infrastructu

13533050692?profile=RESIZE_400xThe Google Threat Intelligence team (GTIG) has published new research outlining how IT workers from the Democratic People's Republic of Korea (DPRK) are expanding the scope and scale of their operations, targeting companies across the globe with more advanced deception and cyber extortion tactics. The report offers a stark reminder that nation-state threats do not always originate with malware; they can also come disguised as job applicants. [1]

"DPRK IT workers present a unique threat by posing

13531889083?profile=RESIZE_400xA technique that hostile nation-states and financially motivated ransomware groups are using to hide their operations poses a threat to critical infrastructure and national security, the National Security Agency has warned.

The technique is known as fast flux.  It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would otherwise succeed.  

Fast flux works by cycling through a range of IP addresses and domain names that these b