Microsoft, PayPal, Docusign, and others are among the trusted brands threat actors use in socially engineered scams that try to get victims to call adversary-controlled phone numbers. Go to Source Author: Elizabeth Montalbano, Contributing Writer
Category Archives: Uncategorized
Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users’ digital assets at risk. “These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox Go to Source […]
If you’re evaluating AI-powered SOC platforms, you’ve likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions rely on pre-trained AI models that are hardwired for a handful of specific use cases. While that might work for yesterday’s SOC, today’s reality is […]
The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices. The campaign, detected at the beginning of Go […]
Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges. The vulnerability, tracked as CVE-2025-20309, carries a […]
Passengers’ personal information was likely accessed via a third-party platform used at a call center, but didn’t include passport or credit card info. Go to Source Author: Nate Nelson, Contributing Writer
A likely China-nexus threat actor has been exploiting unpatched Ivanti vulnerabilities to gain initial access to victim networks and then patching the systems to block others from breaking in to the same network. Go to Source Author: Jai Vijayan, Contributing Writer
In the past, the bulletproof group has been affiliated with many well-known ransomware and malware groups, such as BianLian and Lumma Stealer. Go to Source Author: Kristina Beek
A Russian APT known as “Gamaredon” is using spear-phishing attacks and network-drive weaponization to target government entities in Ukraine. Go to Source Author: Alexander Culafi
A new threat vector exploits how modern browsers save HTML files, bypassing Mark of the Web and giving attackers another social-engineering attack for delivering malware. Go to Source Author: Elizabeth Montalbano, Contributing Writer