Skip to main content

Cybersecurity

General cybersecurity news and analysis

Cybercriminals Exploit Push Notifications: Stunning Risks

Cybercriminals Exploit Push Notifications: Stunning Risks

Think your browsers push alerts are harmless? Cybercriminals are hijacking browser push notifications and fake verification prompts to deliver stealthy malware and persistent backdoors, turning everyday web conveniences into covert attack channels.

Analyst 207
AI as Cyberattacker: Exclusive Risks and Best Defenses

AI as Cyberattacker: Exclusive Risks and Best Defenses

Imagine a thief that can think and act on its own — in September 2025 Anthropic disclosed an AI-driven espionage campaign that autonomously targeted about thirty organizations and succeeded in a few, forcing a wake‑up call for defenders. With AI lowering the cost and raising the scale of sophisticated attacks, organizations must adopt tailored detection, stricter automation controls, and clear incident playbooks to stay one step ahead.

Analyst 207
Grafana Critical Patch Fixes Stunning CVSS 10.0 SCIM Flaw

Grafana Critical Patch Fixes Stunning CVSS 10.0 SCIM Flaw

Grafana released urgent patches for a CVSS 10.0 SCIM vulnerability that could let authenticated attackers escalate privileges or impersonate users—apply the update now and review your SCIM configs and logs.

Analyst 207
Gainsight Exclusive: Critical Hack Risks Salesforce Clients

Gainsight Exclusive: Critical Hack Risks Salesforce Clients

Urgent heads-up: a critical Gainsight hack could expose Salesforce clients’ data—here’s what happened and how to protect your systems.

Analyst 207
ShadowRay 2.0 Exclusive: Dangerous GPU Botnet Threat

ShadowRay 2.0 Exclusive: Dangerous GPU Botnet Threat

Think your idle GPUs are harmless? ShadowRay 2.0 quietly turns misconfigured Ray clusters into a self‑replicating crypto‑mining botnet—using automated scans, scripted Docker deployments, and TOR to stay hidden—proving default or unauthenticated management interfaces are an invitation to sustained criminal profit.

Analyst 207
Scam USPS Alerts: Exclusive Guide to Avoiding Costly Fraud

Scam USPS Alerts: Exclusive Guide to Avoiding Costly Fraud

Think that text really came from the USPS? Modern phishing kits let crooks spin up convincing alerts and fake sites in minutes, turning routine delivery notices into money-stealing traps — this guide shows the clear red flags so you don’t get fooled.

Analyst 207
CISA Exclusive: Critical Bulletproof Hosting Threat Alert

CISA Exclusive: Critical Bulletproof Hosting Threat Alert

Bulletproof hosting—the shadow infrastructure that shelters botnets, ransomware and fraud—has long let bad actors dodge takedowns. CISA’s new practical guide gives ISPs and hosts straightforward, actionable steps to detect, disrupt and remediate those services so defenders can finally keep pace.

Analyst 207
ThreatsDay Exclusive: Critical Cyber Threats Unveiled

ThreatsDay Exclusive: Critical Cyber Threats Unveiled

Think clicking a browser add-on or plugging in a smart camera is harmless? This ThreatsDay roundup exposes how weaponized everyday tools — from extensions and smart gadgets to satellite feeds and SMS — turn convenience into a covert battleground of surveillance, social engineering, and supply‑chain attacks.

Analyst 207
CTM360 Exclusive: Alarming WhatsApp Hijack Campaign Exposed

CTM360 Exclusive: Alarming WhatsApp Hijack Campaign Exposed

CTM360 exposes HackOnChat, a clever and dangerous campaign that clones WhatsApp Web to trick users into revealing authentication codes and handing over their accounts. With thousands of malicious URLs and coordinated fronts, this WhatsApp account hijacking operation is alarmingly scalable and hard to takedown.

Analyst 207
7-Zip Critical RCE: Exclusive Warning as Hackers Exploit

7-Zip Critical RCE: Exclusive Warning as Hackers Exploit

Imagine your go‑to file extractor becoming an attacker’s backdoor—7‑Zip’s RCE (CVE‑2025‑11001) is being actively exploited. Update to 7‑Zip 25.00 now, check for signs of compromise, and treat any unpatched machines as high risk.

Analyst 207
Legal Restrictions on Vulnerability Disclosure Stunning Risk

Legal Restrictions on Vulnerability Disclosure Stunning Risk

Imagine signing a bug report and being legally silenced while a company quietly leaves a dangerous flaw unpatched — thats the unsettling new reality of vulnerability disclosure, where contracts can muzzled researchers and leave defenders blind.

Analyst 207
Python-Based WhatsApp Worm Exclusive: Dangerous Stealer

Python-Based WhatsApp Worm Exclusive: Dangerous Stealer

What would you do if your WhatsApp started messaging your friends without you? Researchers warn the Delphi-based Eternidade Stealer is hijacking accounts and weaponizing contact lists—using social engineering and IMAP-resolved C2 to spread quickly and dodge static defenses.

Analyst 207
Eternidade Stealer Trojan Exclusive Severe Cybercrime Surge

Eternidade Stealer Trojan Exclusive Severe Cybercrime Surge

Eternidade Stealer is a new banking trojan that weaponizes Brazil’s favorite app, WhatsApp, turning ordinary messages into a fast-moving credential theft campaign. Researchers warn one click can unleash downloaders that harvest browser-stored credentials and cookies, making everyday chats unexpectedly risky for users and businesses.

Analyst 207
PlushDaemon Exclusive: Dangerous New Spy Malware

PlushDaemon Exclusive: Dangerous New Spy Malware

Exclusive: PlushDaemon malware is a stealthy new spy quietly siphoning personal data — learn how it works, whos at risk, and easy steps you can take to protect yourself.

Analyst 207
China-Linked WrtHug Exclusive: Dangerous ASUS Router Hijack

China-Linked WrtHug Exclusive: Dangerous ASUS Router Hijack

Imagine the little black box under your desk as a secret backdoor — SecurityScorecard has exposed WrtHug, a China-linked campaign hijacking thousands of ASUS routers to intercept traffic, steal credentials and quietly persist in homes and small businesses. It shows how exposed management interfaces and unpatched firmware can turn everyday routers into powerful spying and staging platforms.

Analyst 207
Half of Ransomware Access: Exclusive Critical VPN Threat

Half of Ransomware Access: Exclusive Critical VPN Threat

Think your VPN keeps the bad guys out? Q3 data show compromised VPN credentials were the top initial access vector for ransomware, so it’s time to rethink perimeter defenses, identity hygiene, and incident response.

Analyst 207
Fortinet Exclusive: Critical FortiWeb CVE-2025-58034

Fortinet Exclusive: Critical FortiWeb CVE-2025-58034

Exclusive: A critical FortiWeb vulnerability (CVE-2025-58034) has been disclosed — find out what it means for your environment and the quick steps to keep your systems protected.

Analyst 207
2FA Phishing Kit: Exclusive Alert on Dangerous BitB Pop-ups

2FA Phishing Kit: Exclusive Alert on Dangerous BitB Pop-ups

Think your 2FA push is safe? Browser-in-the-Browser phishing kits like Sneaky 2FA now mimic real browser dialogs to trick users into approving account takeovers, making powerful relay attacks cheap and easy to rent.

Analyst 207
CISA 2015 Extension: Exclusive, Welcome Short-Term Relief

CISA 2015 Extension: Exclusive, Welcome Short-Term Relief

Good news: the Cybersecurity Information Sharing Act’s short‑term extension buys defenders breathing room and keeps automated threat‑sharing pipelines running. But it’s only a temporary patch, leaving legal uncertainty, oversight concerns, and the need for a durable, modern solution unresolved.

Analyst 207
Secure Cloud Workloads: Exclusive Best Practices at Scale

Secure Cloud Workloads: Exclusive Best Practices at Scale

Dont let one wrong permission undo your cloud gains—learn the identity-first, Zero Trust practices top teams use to secure cloud workloads at scale. This practical guide delivers clear, scalable steps to balance speed, cost and risk.

Analyst 207
AI-Enhanced Tuoni Framework: Exclusive Affordable Win

AI-Enhanced Tuoni Framework: Exclusive Affordable Win

A single crafted message—leveraging AI‑enhanced Tuoni C2, steganography and in‑memory execution—slipped past defenses at scale, showing attackers are getting smarter and stealthier. Its a wake‑up call: rapid detection, cross‑team coordination and tougher verification are now essential.

Analyst 207
GenAI Stunning Surge Sparks Alarming Biometric Fraud

GenAI Stunning Surge Sparks Alarming Biometric Fraud

If a photo—or a few seconds of audio—can open a bank account in your name, we have a problem. Generative AI is churning out deepfakes and synthetic identities that can fool biometric checks and fuel a new wave of scalable fraud.

Analyst 207
FTSE 100 Exclusive: Alarming 500,000 Stolen Credentials

FTSE 100 Exclusive: Alarming 500,000 Stolen Credentials

Half a million stolen credentials tied to FTSE 100 staff have surfaced in criminal data stores — a blunt wake-up call that weak passwords and reused logins are leaving Britain’s biggest firms dangerously exposed. Socura’s findings show how easily attackers can impersonate insiders and turn simple credential theft into costly breaches unless boards treat cyber as a strategic priority.

Analyst 207
Microsoft Stops Stunning Record 5.72Tbps DDoS; Best Defense

Microsoft Stops Stunning Record 5.72Tbps DDoS; Best Defense

Microsoft’s automated defenses shrugged off a jaw‑dropping 5.72 Tbps DDoS (almost 3.64 billion pps), keeping services running — but the IoT botnet behind it shows how default settings and underprotected devices still make the internet ripe for even bigger attacks.

Analyst 207