A recent analysis by cybersecurity platform ANY.RUN has revealed the top 10 malware threats dominating the digital landscape over the past week, with information stealers Lumma and Snake showing significant increases in activity. The findings, shared via a detailed post…
Tag: Cyber Security News
China Reportedly Admits Their Role in Cyber Attacks Against U.S. Infrastructure
Chinese officials have implicitly acknowledged responsibility for a series of sophisticated cyber intrusions targeting critical U.S. infrastructure. During a high-level meeting in Geneva with American officials, representatives from China’s Ministry of Foreign Affairs indirectly linked years of computer network breaches…
Threat Actors Enhances HijackLoader With New Module for Stealth and Evasion
Cybersecurity experts have identified significant enhancements to HijackLoader, a sophisticated malware loader also known as GHOSTPULSE or IDAT Loader. The malware, which has been circulating in underground forums, has received a substantial upgrade focused on evading detection systems and improving…
Surge in Cloud Threats Spikes Rapid Adoption of CNAPPs for Cloud-Native Security
As organizations accelerate their digital transformation initiatives and migrate to cloud environments, securing cloud-native applications has become increasingly complex and challenging. Traditional security approaches designed for on-premises infrastructures often fall short in addressing the dynamic nature of modern cloud deployments.…
How to Build a Cyber Risk Tolerance Statement for Your Organization as a CISO
In today’s rapidly evolving digital landscape, organizations face an increasingly complex array of cyber threats. Establishing a clear cyber risk appetite statement has become essential for effective governance and strategic decision-making. A cyber risk appetite statement formally defines what an…
Slow Pisces Hackers Attacking Developers With Coding Challenges & Python Malware
A sophisticated threat actor group dubbed “Slow Pisces” has emerged as a significant threat to software developers, employing deceptive coding challenges as an initial attack vector to distribute Python-based malware. The campaign specifically targets developers through professional networking sites, coding…
SSL/TLS Certificates Validity To Be Reduced From 398 Days to 47 Days
CA/Browser Forum has approved a proposal to reduce the maximum validity of SSL/TLS certificates from the current 398 days to just 47 days by 2029. The measure, initially proposed by Apple and endorsed by Sectigo, will be implemented in phases…
New Stealthy ResolverRAT With Advanced in-memory Execution Techniques
A newly identified remote access trojan (RAT) dubbed ResolverRAT has emerged as a significant threat to global enterprises, leveraging advanced in-memory execution and multi-layered evasion techniques to bypass traditional security measures. The attack targeting healthcare and pharmaceutical organizations, this malware…
AI-Powered Phishing Detection – Does It Actually Work?
Phishing attacks remain one of the most pervasive threats in the cybersecurity landscape, targeting individuals and organizations alike. These attacks, which involve tricking victims into revealing sensitive information or installing malicious software, have become increasingly sophisticated over time. The rise…
Chinese Hackers Attacking Critical Infrastructure to Sabotage Networks
In an alarming escalation of cyber threats, Chinese state-sponsored hackers have intensified their operations targeting critical infrastructure across the United States, Europe, and the Asia-Pacific region. Recent intelligence reports reveal that sophisticated threat actors, including Volt Typhoon and Salt Typhoon,…
Cloud Security Posture Management – The CISO’s Essential Guide
Cloud Security Posture Management (CSPM) has emerged as an essential component in the modern CISO’s security arsenal. As organizations increasingly adopt cloud-first strategies, the complexity of managing security across dynamic, multi-cloud environments presents unprecedented challenges. CISOs today must balance the…
CISOs Turn to Cyber Risk Quantification to Bridge the Gap Between Security and Business
Cyber Risk Quantification (CRQ) represents a fundamental shift in how organizations approach cybersecurity management. By transforming technical security metrics into financial terms that business executives understand, CRQ bridges the longstanding communication gap between security professionals and business leaders. In an…
Zero Trust 2025 – Emerging Trends Every Security Leader Needs to Know
As we navigate deeper into 2025, Zero Trust has evolved from an emerging security concept to the fundamental architecture underpinning enterprise security. Organizations implementing Zero Trust practices experience significantly lower breach costs compared to those without such measures. Security leaders…
69% of Critical & High Severity Vulnerabilities Not Patched by Organizations
A recent report, the “2025 State of Pentesting Report,” highlights a troubling issue in cybersecurity. It reveals that organizations are only dealing with 69% of their most serious security weaknesses. This means that many critical issues remain unresolved, putting companies…
Windows Server 2025 Restart Bug Breaks Connection with Active Directory Domain Controller
Microsoft has warned IT administrators about a critical issue affecting Windows Server 2025 domain controllers. Following a system restart, these servers may fail to manage network traffic correctly, potentially causing disruptions in Active Directory (AD) environments. This problem arises because…
Medusa Ransomware Claims NASCAR Hack, Demands $4 Million Ransom
The Medusa ransomware group has reportedly launched a major cyberattack on the National Association for Stock Car Auto Racing (NASCAR), demanding a $4 million ransom to prevent the release of sensitive data. The breach, revealed on Medusa’s dark web leak…
CISOs Face Cyber Threats 2025 with Shrinking Budgets and High Demands
Chief Information Security Officers (CISOs) find themselves at the intersection of escalating threats, tighter budgets, and rising expectations. This year marks a pivotal moment for CISOs as they adapt to new challenges while striving to align security strategies with business…
VMware ESXi 8.0 Update 3e Released for Free, What’s New!
Broadcom has officially reintroduced the free version of VMware ESXi with the release of ESXi 8.0 Update 3e (Build 24674464) on April 10, 2025. This marks a significant policy reversal after Broadcom discontinued the free ESXi offering following its acquisition…
Threat Actors Weaponize Shell Techniques to Maintain Persistence and Exfiltrate Data
Shells provide crucial command-line interfaces to operating systems. While legitimate for system administration tasks, when weaponized by threat actors, shells transform into dangerous avenues for unauthorized access, system control, and data theft across organizational networks. The misuse of these tools…
Chinese Hackers Exploit Ivanti VPN Vulnerabilities to Infiltrate Organizations
A China-linked advanced persistent threat (APT) group has exploited critical vulnerabilities in Ivanti Connect Secure VPN appliances to infiltrate organizations across 12 countries and 20 industries, cybersecurity firm TeamT5 revealed in a report shared with Cyber Security News. The campaign,…