Blog
Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization
Attackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue to progress their attacks in these environments, not by exploiting vulnerabilities, but by abusing...
Encryption Flaws in Popular Chinese Language App Put Users’ Typed Data at Risk
A widely used Chinese language input app for Windows and Android has been found vulnerable to serious security flaws that could allow a malicious interloper to decipher the text typed by users. The findings from the University of Toronto's Citizen Lab, which carried...
White House Launches AI Cyber Challenge to Make Software More Secure
The Biden-Harris Administration has launched a major two-year competition using AI to protect the United States’ most important software, such as code that helps run the internet and critical infrastructure.
Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives
Threat actors are increasingly using a phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to...
New Zero-Day Vulnerabilities Could Instantly Drain Crypto Wallets
Multiple zero-day vulnerabilities have been discovered in some of the most used cryptographic multi-party computation (MPC) protocols, putting consumers’ cryptocurrency funds at risk of theft.
Balada Injector Still at Large – New Domains Discovered
The Balada Injector malware continues to evade security software by using new domain names and obfuscation techniques, posing a persistent threat to vulnerable WordPress websites.
High-Severity Access Control Vulnerability Found in Spring WebFlux
An advisory on the vulnerability published by JFrog shed light on the exact nature of the flaw, its potential victims, and a proof-of-concept (POC) illustrating the scenarios in which this flaw could be triggered for unauthorized access.
Interpol Busts Phishing-as-a-Service Platform ’16Shop,’ Leading to 3 Arrests
Interpol has announced the takedown of a phishing-as-a-service (PhaaS) platform called 16Shop, in addition to the arrests of three individuals in Indonesia and Japan. 16Shop specialized in the sales of phishing kits that other cybercriminals can purchase to mount...
New Report Exposes Vice Society’s Collaboration with Rhysida Ransomware
Tactical similarities have been unearthed between the double extortion ransomware group known as Rhysida and Vice Society, including in their targeting of education and healthcare sectors.
OpenBullet Campaign: Cybercriminals Target Script Kiddies
Experienced cybercriminals are taking on script kiddies in a new malware campaign through malicious OpenBullet configuration files. Malicious configurations are shared on platforms like Telegram to deliver a Rust-based dropper and a Python-based RAT named Patent....
FREE GUIDE