Tag: emerging threats
3091 articles
Cisco Discloses High-Severity DoS Flaw Requiring Manual Reboot
Beware: a high-severity flaw in Cisco's system could allow attackers to overwhelm your network, causing a manual reboot to regain control. This vulnerability can be exploited remotely with ease, putting your connection resources at risk of exhaustion and leaving you vulnerable to a denial-of-service condition.
Palo Alto Firewalls Targeted in Active Exploitation
Thousands of Palo Alto firewalls are at risk due to an actively exploited vulnerability, CVE-2026-0300, that allows hackers to execute arbitrary code with root privileges. This alarming flaw affects 5,821 internet-exposed VM-Series firewalls, leaving them open to potential cyber attacks.
Iranian Spies Masquerade as Ransomware Gangs in Espionage Ops
A new wave of cyber threats has emerged, where Iranian spies masquerade as ransomware gangs to secretly infiltrate and gather intel from targeted organizations. Behind the scenes, they're hiding a wide-open backdoor, putting defenders and the organizations they protect at risk.
DAEMON Tools Breach Exposes Thousands to Malware
A recent breach at DAEMON Tools exposed thousands to malware, prompting an immediate response from the company to secure its infrastructure and release a clean build of its software. Version 12.6 of DAEMON Tools Lite has been confirmed safe, and users of paid versions can continue using their software as usual.
US Cyber Officials Tighten Patching Deadlines Amid AI-Driven Threats
US cyber officials are considering a drastic reduction in patching deadlines, from two weeks to just three days, as AI-driven threats rapidly escalate and attackers gain unprecedented speed in discovering and exploiting vulnerabilities. This proposed shift reflects a urgent response to the evolving threat landscape, where AI-powered tools are revolutionizing the speed and efficiency of cyber attacks.
CloudZ Malware Exploits Phone Link to Harvest SMS OTPs
Beware of CloudZ malware, a sneaky Windows threat that's been stealing SMS messages and one-time passwords since January 2026 by exploiting Microsoft's Phone Link app. This malicious duo, paired with the Pheno plugin, can capture mobile authentication data without ever touching your smartphone.
MuddyWater Exploits Microsoft Teams in False Flag Ransomware Attacks
MuddyWater hackers are impersonating Chaos ransomware affiliates, using clever social engineering tactics via Microsoft Teams to steal credentials and gain access to sensitive systems. Their sophisticated campaign involves interactive screen-sharing and manipulation of multi-factor authentication.
Ransomware Attacks Expose Backup Vulnerabilities
Ransomware attackers often destroy backup systems before encrypting data, rendering your recovery plan useless. This deliberate tactic follows a predictable sequence, allowing attackers to systematically dismantle your defenses and leave you with limited options.
Kaspersky Exposes Web Filtering Category for Sites with Undefined Trust Levels
Kaspersky has introduced a new web-filtering category for sites that just don't feel right - they're not quite phishing sites, but you still shouldn't trust them. The new "Sites with an undefined trust level" category helps keep you safe from manipulative or shady online resources.
OceanLotus Exploits PyPI to Deliver ZiChatBot Malware
Kaspersky's analysis uncovered a sneaky malware attack on PyPI, where OceanLotus hackers uploaded fake packages that looked like harmless libraries, tricking users into installing the ZiChatBot malware. The malicious packages, uploaded in July 2025, masqueraded as legitimate tools like uuid32-utils, colorinal, and termncolor.
Japan, Australia Forge Deeper Security Ties Amid Global Upheaval
As the world navigates a period of seismic change, Japan and Australia are bolstering their security ties to safeguard their interests and shape a more stable future. In response to a shifting global landscape, marked by a US pivot towards an America First doctrine, rising Chinese assertiveness, and Russia's aggression, Tokyo and Canberra are taking decisive action.
NVIDIA Chips Vulnerable to Rowhammer Attacks
Researchers have discovered that NVIDIA chips are vulnerable to Rowhammer attacks, which can be exploited to gain unauthorized access to computer systems. This security threat can lead to a complete compromise of the machine, allowing attackers to read and write data freely.
CISA Launches Framework to Fortify Critical Infrastructure Against Cyber-Attacks
The US Cybersecurity and Infrastructure Security Agency (CISA) has launched CI Fortify, a vital planning framework designed to shield critical infrastructure sectors like water, energy, and transportation from devastating cyber-attacks. This timely guidance helps organizations safeguard their networks and essential services from threat actors seeking to disrupt and degrade infrastructure.
AI Agents Expose Governance Gaps in Enterprise Identity Security
As AI agents become increasingly integral to enterprise operations, a concerning gap is emerging: the rapid adoption of AI is outpacing the development of essential governance policies to secure identities and access. Discover how this vulnerability impacts corporate applications and what you can do to protect your organization.
Iran-Linked APT Exploits Ransomware Disguise for Espionage
MuddyWater, an Iran-linked APT group, has been caught exploiting a ransomware disguise to secretly infiltrate systems, using interactive tactics to harvest credentials and gain internal access. By masquerading as a Chaos ransomware affiliate, the group aimed to throw off detectives and cover its espionage tracks.
MuddyWater hackers exploit Chaos ransomware as cyber-espionage decoy
MuddyWater hackers have cleverly used Chaos ransomware as a decoy to mask their true intentions - and it's not about making a quick buck. Instead, their tactics suggest a more sinister goal, blurring the lines between state-sponsored espionage and cybercrime.
UK Age-Gating Plans Threaten Internet Openness, Privacy Groups Warn
Privacy groups, including EFF and Mozilla, are warning that UK age-gating plans could threaten the openness and freedom of the internet, stifling opportunities for individuals, businesses, and society as a whole. The proposed measures have sparked a joint public pushback from leading advocates for civil liberties and online rights.
Voter Data Exposes Sensitive Information to Potential Misuse
A simple experiment by Noah M. Kenney revealed alarming privacy risks when he linked publicly available voter data from two counties with other public records, highlighting the sensitive information at risk of misuse. By analyzing voter files from Texas and North Carolina, Kenney showed just how easily voter data can be exploited.
AI-BOMs Emerge to Secure Enterprise AI Supply Chains
Imagine biting into a mysterious birthday cake without knowing its ingredients or who baked it - that's what it's like for enterprises trying to secure their AI supply chains without visibility into the components used to build their AI systems. Traditional software bills of materials just aren't cutting it in this new landscape.
Teens Exploit Age Checks with Simple Facial Manipulation Tactics
Kids are outsmarting age checks with a surprisingly simple trick: drawing on a fake mustache. This clever tactic allows them to bypass age verification systems with ease.
Romance Scammers Pocket £102M via Cyber Deception Tactics
Romance scammers made off with a staggering £102 million in the UK last year, using their silver tongues to swindle victims out of their hard-earned cash. Their tactics, cloaked in sweet talk and false affection, ultimately led to a £102 million payday.
ShinyHunters Leak Exposes 119K Vimeo Emails
A massive data leak, allegedly perpetrated by the threat actor group ShinyHunters, has put 119,000 Vimeo email addresses at risk, according to a recent report. This alarming breach raises serious concerns about online data security and user privacy.
Real Estate Giant Hit by Vishing Incident from ShinyHunters, Qilin Gang
Cushman & Wakefield, a real estate giant, has confirmed a vishing incident at the hands of notorious threat actors ShinyHunters and Qilin Gang, highlighting the growing threat of social engineering attacks. This recent breach serves as a stark reminder of the importance of robust security measures.
Attackers Exploit Fresh 'CopyFail' Linux Flaw for Financial Gain
Attackers are already exploiting a newly discovered Linux flaw called CopyFail to line their pockets, and it's essential to stay informed about this developing threat. The vulnerability has been identified, and malicious actors are capitalizing on it - but details on affected systems and patches are still emerging.