A sophisticated cyberespionage campaign leveraging malicious Microsoft Management Console (MMC) scripts to deploy the stealthy MysterySnail remote access trojan (RAT). First identified in 2021 during an investigation into the CVE-2021-40449 zero-day vulnerability, MysterySnail RAT had seemingly disappeared from the cyber…
Category: Cyber Security News
Top Security Frameworks Used by CISOs in 2025
In today’s rapidly evolving digital landscape, Chief Information Security Officers (CISOs) face unprecedented challenges as cyber threats grow in sophistication and frequency. The year 2025 has witnessed a significant shift in how organizations approach cybersecurity, with CISOs stepping out of…
The Future of GRC – Integrating ESG, Cyber, and Regulatory Risk
The future of GRC (Governance, Risk, and Compliance) is being reshaped as organizations navigate complex challenges at the crossroads of sustainability, digital security, and regulatory oversight. Traditional GRC frameworks that treated these domains as separate functions are rapidly becoming obsolete.…
Why Threat Modeling Should Be Part of Every Security Program
In today’s hyperconnected business environment, security teams face unprecedented challenges protecting organizational assets against increasingly sophisticated threats. Threat modeling stands out as a structured methodology that helps organizations systematically identify, evaluate, and prioritize potential security threats before they manifest. This…
43% Top 100 Enterprise-Used Mobile Apps Opens Door for Hackers to Access Sensitive Data
A recent comprehensive security audit has revealed that 43% of the top 100 mobile applications used in enterprise environments contain critical vulnerabilities that could allow malicious actors to access sensitive corporate data. These vulnerabilities primarily exist in apps’ data storage…
LummaStealer Abuses Windows Utility to Execute Remote Code Mimic as .mp4 File
LummaStealer, a sophisticated information-stealing malware distributed as Malware-as-a-Service (MaaS), has evolved with new evasion techniques that abuse legitimate Windows utilities. Originally observed in 2022 and developed by Russian-speaking adversaries, this malware has demonstrated remarkable agility in evading detection while targeting…
China Plans to Strengthen Its Cybersecurity Cooperation With Russia
Chinese Ambassador to Russia Zhang Hanhui has officially announced Beijing’s intention to strengthen strategic cooperation with Moscow in cybersecurity, signaling a significant expansion of the two nations’ digital partnership. The announcement comes as both countries seek to counter what they…
Beware of Weaponized Amazon Gift Cards That Steals Microsoft Credentials
Cybercriminals have launched a sophisticated phishing campaign exploiting the popularity of digital gift cards to steal Microsoft credentials from unsuspecting users. This new attack vector disguises malicious links within seemingly legitimate Amazon gift card emails, creating a perfect social engineering…
Security Teams Shrink as Automation Rises—Is This the Future?
In today’s fast-evolving cybersecurity landscape, a significant shift is taking place. As organizations adopt automation to manage traditional security tasks, security teams are noticeably shrinking; automation trims security teams. This shift represents more than cost-cutting; it reflects a fundamental reimagining…
Harvest Ransomware Attack – Details of the Data Breach Released
Harvest SAS, a leading French fintech company specializing in wealth management software, has fallen victim to a sophisticated ransomware attack. The ransomware attack was first detected on February 27, 2025, but Harvest publicly disclosed the incident on April 10, 2025,…
How to Prepare for Your Next Cybersecurity Audit
In today’s hyper-connected business world, cybersecurity audits are not just a regulatory requirement but a vital component of organizational risk management and digital trust. The frequency and sophistication of cyber threats are rising, as are customers’, partners’, and regulators’ expectations.…
Ghost Ransomware Breaching Organizations in Over 70+ Countries
Ghost Ransomware, also known as Cring, has emerged as a formidable cyber threat targeting organizations across more than 70 countries. Since its first appearance in 2021, this malware variant has rapidly evolved into one of the most dangerous ransomware strains,…
CISA Warns of SonicWall Command Injection Vulnerability Exploited in Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical SonicWall vulnerability that is actively being exploited by threat actors. On April 16, 2025, CISA added CVE-2021-20035, a command injection vulnerability affecting SonicWall SMA100 appliances,…
Google Blocks 5 Billion Malicious Ads & Suspend 700,000+ Offending Advertiser
Google revealed a significant crackdown on malicious advertising activity across its platforms, blocking more than 5.1 billion bad ads and suspending upwards of 700,000 advertiser accounts involved in policy violations and scams. Google’s ability to detect and prevent malicious ads…
Researchers Uncovered Gamaredon’s PteroLNK VBScript Malware Infrastructure & TTP’s
A sophisticated malware campaign attributed to the Russia-linked Gamaredon threat group has been actively targeting Ukrainian entities since late 2024, according to new research published on April 16, 2025. Samples of the Pterodo malware family were identified on public malware…
Mustang Panda Employs Using Weaponized RAR Archives to Install New ToneShell Malware
Security researchers have uncovered new malicious activities attributed to Mustang Panda, a China-sponsored espionage group known for targeting government entities, military organizations, and non-governmental organizations primarily in East Asia and Europe. The threat actor has been observed utilizing weaponized RAR…
Windows 11 24H2 Update Bug Triggers BSOD Error – Emergency Fix Released
Microsoft has officially confirmed a major bug in its recent Windows 11 24H2 updates that is causing widespread Blue Screen of Death (BSOD) crashes, displaying the stop error code “SECURE_KERNEL_ERROR” (0x18B). The issue, first reported by Windows Latest in March…
Cisco Webex Vulnerability Allows Code Execution via Weaponized Meeting Links
A critical vulnerability in Cisco Webex App that could allow attackers to execute malicious code on target systems through specially crafted meeting invitation links. The high-severity flaw, tracked as CVE-2025-20236, has prompted Cisco to release emergency patches for affected versions…
2 Apple Iphone Zero-Day Vulnerabilities Actively Exploited in Extremely Sophisticated Attacks
Apple has released iOS 18.4.1 and iPadOS 18.4.1 to address two critical zero-day vulnerabilities that were actively exploited in highly targeted, sophisticated attacks against specific individuals iPhone. The vulnerabilities, identified in the CoreAudio and RPAC components, could allow attackers to…
Server-Side Phishing Attacks Employees & Member Portals to Steal Login Credentials
Credential theft through phishing remains one of the most reliable methods for gaining unauthorized access to enterprise environments. A sophisticated phishing campaign has been identified targeting employee and member portals of major organizations including Aramark, Highmark, and various healthcare providers.…