A sophisticated malware campaign utilizing the notorious ViperSoftX malware has been targeting users through cracked software and torrent downloads since early April 2025. This PowerShell-based threat operates through a multi-stage infection process, establishing command and control communications before downloading additional…
Category: EN
Shuckworm Group Uses PowerShell Based GammaSteel Malware in Targeted Attacks
The Russia-linked espionage group Shuckworm has continued its relentless focus on Ukraine into 2025, with new attacks targeting a Western country’s military mission based in Eastern Europe. This latest campaign, observed from February through March 2025, represents an evolution in…
Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248), (Sat, Apr 12th)
Two weeks ago, version 1.3.0 of Langflow was released. The release notes list many fixes but do not mention that one of the “Bug Fixes” addresses a major vulnerability. Instead, the release notes state, “auth current user on code validation.”…
100,000 WordPress Sites Vulnerable to Rogue Creation Vulnerability
A critical vulnerability affecting over 100,000 WordPress websites has been discovered in the SureTriggers WordPress plugin, potentially allowing attackers to create unauthorized administrator accounts. The flaw, identified as CVE-2025-3102 with a CVSS score of 8.1 (High), impacts all versions of…
Exploring Innovative NHIs Lifecycle Management Solutions
Why is NHI Lifecycle Management Crucial? Every organization looking to assert control over its cybersecurity posture should ponder this question. Non-Human Identities (NHIs) and their secrets form the backbone of advanced cloud security control. However, the adoption of innovative NHI…
Rest Assured with Top-tier Cloud-Native Security
Are You Leveraging the Full Potential of Cloud-Native Security? Organizations implementing cloud-based services must ensure robust data protection. Enter the realm of cloud-native security, a specialized field that brings top-tier protection for cloud environments. This discipline holds particular relevance for…
GOFFEE Leveraging PowerModul Tool to Attack Government & Energy Organizations
The threat actor known as GOFFEE has escalated its malicious campaign in 2024, introducing a new implant dubbed “PowerModul” to target government entities and energy organizations primarily located in Russia. First identified in early 2022, GOFFEE has evolved from deploying…
LLMs can’t stop making up software dependencies and sabotaging everything
Hallucinated package names fuel ‘slopsquatting’ The rise of LLM-powered code generation tools is reshaping how developers write software – and introducing new risks to the software supply chain in the process.… This article has been indexed from The Register –…
BSidesLV24 – Breaking Ground – From Keyless To Careless: Abusing Misconfigured OIDC Authentication In Cloud Environments
Author/Presenter: Christophe Tafani-Dereeper Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink The post BSidesLV24…
Symbolic Link trick lets attackers bypass FortiGate patches, Fortinet warns
Fortinet warns attackers can keep read-only access to FortiGate devices even after the original vulnerability is patched. Fortinet warns that threat actors can retain read-only access to FortiGate devices even after the original vulnerability used for the breach has been…
Seven Years Old Cisco Vulnerability Exposes Cisco Devices to Remote Code Execution Attacks
A seven-year-old vulnerability in Cisco networking equipment continues to pose significant security risks, enabling attackers to execute remote code on unpatched systems. Discovered initially in 2018, CVE-2018-0171 targets Cisco’s Smart Install feature, a plug-and-play configuration utility designed to simplify network…
The Growing Cost of Non-Compliance and the Need for Security-First Solutions
Organizations across the world are facing mounting pressures to comply with a complex web of regulations. Failure to meet these requirements doesn’t just result in inconvenience or minor setbacks –… The post The Growing Cost of Non-Compliance and the Need…
Karnataka Sets Up India’s First Cyber Command Centre to Tackle Online Crimes
Karnataka has taken a big step to fight the rising number of online crimes. It has launched the country’s first Cyber Command Centre. This new centre will handle all matters related to cyber safety and crime under one roof.…
Why Personal Identity Should Remain Independent of Social Platforms
Digital services are now as important as other public utilities such as electricity and water in today’s interconnected world. It is very important for society to expect a similar level of consistency and quality when it comes to these…
Generative AI Fuels Identity Theft, Aadhaar Card Fraud, and Misinformation in India
A disturbing trend is emerging in India’s digital landscape as generative AI tools are increasingly misused to forge identities and spread misinformation. One user, Piku, revealed that an AI platform generated a convincing Aadhaar card using only a name,…
WinRAR Bug Circumvents Windows Mark of Web Security Notifications.
A security flaw in the WinRAR file archiver solution might be used to circumvent the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows computer. The vulnerability is known as CVE-2025-31334 and impacts all…
The Art of Delegation in a Digital Age: Empowering Teams, Not Just Offloading Tasks
Effective task delegation is a vital skill for any manager. Strategically transferring specific tasks to capable team members can boost efficiency, improve decision-making, and empower staff to create a healthy,… The post The Art of Delegation in a Digital Age:…
0-Click RCE in the SuperNote Nomad E-ink Tablet Lets Hackers Install Rootkit & Gain Full Control
Security researcher Prizm Labs has discovered a serious flaw in the SuperNote A6 X2 Nomad, a well-known 7.8-inch E-Ink tablet made by Ratta Software. The flaw, now assigned CVE-2025-32409, could allow a malicious attacker on the same network to fully…
Attackers are exploiting recently disclosed OttoKit WordPress plugin flaw
Threat actors are exploiting a vulnerability in the OttoKit WordPress plugin, a few hours after public disclosure. Threat actors are exploiting a recently discovered vulnerability, tracked as CVE-2025-3102 (CVSS score of 8.1) in the OttoKit WordPress plugin (formerly SureTriggers), a few hours after public disclosure. An…
AI can’t stop making up software dependencies and sabotaging everything
Hallucinated package names fuel ‘slopsquatting’ The rise of AI-powered code generation tools is reshaping how developers write software – and introducing new risks to the software supply chain in the process.… This article has been indexed from The Register –…