A highly sophisticated Russian threat actor known as Seashell Blizzard (also tracked as APT44, Sandworm, and Voodoo Bear) has been conducting extensive cyber operations against organizations worldwide. Linked to Russian Military Intelligence Unit 74455 (GRU), this adversary has targeted critical…
Category: Cyber Security News
Qilin Operators Mimic ScreenConnect Login Page to Deliver Ransomware & Gain Admin Access
A sophisticated ransomware attack targeted Managed Service Providers (MSPs) through well-crafted phishing emails designed to appear as authentication alerts for their ScreenConnect Remote Monitoring and Management (RMM) tool. This attack resulted in the deployment of Qilin ransomware across multiple customer…
Operation HollowQuill Weaponizing PDF Documents to Infiltrate Academic & Government Networks
A sophisticated cyber espionage campaign dubbed “Operation HollowQuill” has been uncovered targeting academic institutions and government agencies worldwide through weaponized PDF documents. The operation employs social engineering tactics, disguising malicious PDFs as research papers, grant applications, or government communiqués to…
AI-based Gray Bots Targeting Web Application, with Request of 17,000+ Per Hour
A new generation of sophisticated AI-powered Gray Bots has emerged, targeting web applications with unprecedented intensity. These bots utilize machine learning to mimic human behavior while generating over 17,000 requests per hour. Unlike traditional attacks, they adjust traffic patterns to…
SonicWall Firewall Vulnerability Exploited to Gain Unauthorized Network Access
Attackers are actively exploiting a critical authentication bypass vulnerability in SonicWall firewalls to gain unauthorized network access. The vulnerability tracked as CVE-2024-53704, with a critical CVSS score of 9.8, allows remote attackers to hijack active SSL VPN sessions without requiring…
EvilCorp & RansomHub Working Together to Attack Organizations Worldwide
A dangerous partnership has emerged in the cybercriminal landscape, as EvilCorp, a sanctioned Russia-based cybercriminal enterprise, has begun working with RansomHub, one of the most active ransomware-as-a-service (RaaS) operations. This collaboration, identified through shared indicators of compromise (IOCs) and tactics,…
Cisco AnyConnect VPN Server Vulnerability Let Attacker Trigger DoS Condition
Cisco disclosed a critical security vulnerability affecting Cisco Meraki MX and Z Series devices, which presents significant risks to enterprise networks. The vulnerability tracked as CVE-2025-20212 and associated with allows authenticated remote attackers to trigger denial of service (DoS) conditions…
Hackers Leveraging DeepSeek & Remote Desktop Apps to Deliver TookPS Malware
Cybersecurity experts have uncovered a sophisticated malware campaign that initially exploited the popular DeepSeek LLM as a lure but has now expanded significantly. In early March 2025, researchers identified malicious operations using DeepSeek as bait, but subsequent telemetry analysis has…
Hackers Actively Scanning for Juniper’s Smart Router With Default Password
Recent network monitoring data from SANS reveals a significant spike in targeted scans seeking to exploit default credentials in Juniper Networks’ Session Smart Router (SSR) platform. Security researchers have observed a massive coordinated campaign attempting to identify and compromise vulnerable…
Hackers Exploiting Apache Tomcat Vulnerability to Steal SSH Credentials & Gain Server Control
A new sophisticated attack campaign targeting Apache Tomcat servers has emerged, with attackers deploying encrypted and encoded payloads designed to run on both Windows and Linux systems. The attack chain begins with brute-force attempts against Tomcat management consoles using commonly…
Threat Actors Allegedly Selling SnowDog RAT Malware With Control Panel on Hacker Forums
A new Remote Access Trojan (RAT) dubbed “SnowDog RAT” is malicious software purportedly marketed for $300 per month. It appears to have been specifically developed for corporate espionage and targeted attacks on business environments. The malware advertisement, discovered on Thursday,…
New Malware Attacking Magic Enthusiasts to Steal Login Credentials
A sophisticated new malware campaign targeting the magic community has emerged. Dubbed “AbracadabraStealer,” this malware steals login credentials from magic forums, online shops, and streaming platforms where enthusiasts store payment information. The attackers have crafted a particularly deceptive operation that…
Multiple Jenkins Plugins Vulnerability Let Attackers Access Sensitive Information
The Jenkins project has disclosed multiple security vulnerabilities affecting its core platform and several plugins, exposing organizations to potential data breaches and code execution attacks. Eight distinct vulnerabilities observed across Jenkins core and various plugins that could allow attackers to…
Google’s Quick Share for Windows Vulnerability Let Attackers Remote Code
Critical vulnerabilities in Google’s Quick Share file transfer utility for Windows allowed attackers to achieve remote code execution (RCE) without user interaction. The flaws exposed millions of Windows users to potential attacks through this peer-to-peer data transfer application. Ten unique…
SmokeLoader Malware Using Weaponized 7z Archive to Distribute Infostealers
A sophisticated malware campaign leveraging SmokeLoader has been identified targeting the First Ukrainian International Bank. Attackers are using weaponized 7z archives as the initial attack vector, leading to the deployment of infostealer malware through a complex infection chain. The attack…
Hackers Exploit Default Voicemail Passwords to Hijack Telegram Accounts
A sophisticated attack campaign targeting Telegram users has emerged, with cybercriminals exploiting a commonly overlooked vulnerability: default voicemail passwords. Security experts have identified a surge in account hijacking incidents, particularly in Israel, where attackers leverage voicemail systems to intercept authentication…
1,500+ PostgreSQL Servers Compromised With Fileless Malware Attack
A widespread cryptojacking campaign targeting poorly secured PostgreSQL database servers has impacted over 1,500 victims globally. The attack leverages fileless execution techniques and credential brute-forcing to deploy Monero (XMR)-mining malware while evading traditional cloud workload protection (CWPP) tools. Security analysts…
Verizon Call Filter App Vulnerability Let Attackers Access Call History Logs
A critical security vulnerability in the Verizon Call Filter iOS app exposed the incoming call records of potentially millions of Verizon Wireless customers, allowing unauthorized access to sensitive communication metadata without device compromise or user notification. Independent security researcher Evan…
39M Secret API Keys & Credentials Leaked from GitHub – New Tools to Revamp Security
GitHub has revealed that over 39 million secrets were leaked across its platform in 2024 alone, prompting the company to launch new security tools to combat this persistent threat. The exposed secrets include API keys, credentials, tokens, and other sensitive…
GoResolver – A New Tool to Analyze Golang Malware & Extract Obfuscated Functions
GoResolver, a ground-breaking open-source tool, was unveiled to address one of the most persistent issues in malware analysis: deobfuscating Golang binaries. Developed by Volexity, this innovative solution employs control-flow graph similarity techniques to recover obfuscated function names, significantly enhancing reverse…