Intel
A new variant of the notorious XCSSET MacOS malware has been identified by Microsoft, signaling a potential resurgence of this threat. This sophisticated malware, known for targeting Apple's Xcode projects, has been observed in limited attacks, prompting Microsoft to share this information to help users and organizations safeguard
In a concerning development, cybersecurity experts have identified a sophisticated phishing campaign orchestrated by the group known as Storm-2372. This threat actor, suspected to have links to Russia, has been exploiting a technique called "device code phishing" since August 2024. The campaign primarily targets governments, non-governmental organizations (NGOs)
A novel malware named FinalDraft has been identified leveraging Outlook email drafts for command-and-control (C2) communications. This sophisticated attack has targeted a government ministry in a South American nation, as discovered by Elastic Security Labs. Malware Attack Overview The attack employs a comprehensive toolkit, including a custom malware loader called
In a significant cybersecurity development, the China-linked Advanced Persistent Threat (APT) group known as Salt Typhoon has successfully breached multiple U.S. telecommunications providers. This breach was accomplished by exploiting vulnerabilities in Cisco IOS XE network devices that had not been patched. The ongoing cyber espionage campaign highlights the persistent
Cybersecurity experts have identified active exploitation of a critical vulnerability, CVE-2025-0108, in Palo Alto Networks PAN-OS firewalls. This flaw allows attackers to bypass authentication on the management web interface, posing significant risks to affected systems. Details of the Vulnerability The vulnerability resides in the PAN-OS management web interface, where an
A recent cyberattack has compromised the personal data of approximately 12 million Zacks Investment Research accounts. This breach, initially claimed to involve 15 million records, has been verified to affect slightly fewer accounts, following a detailed investigation. Zacks, renowned for its "Zacks Ranks" stock market analysis, has faced
Recent reports have highlighted a novel cyberattack method employed by the North Korean hacking group known as 'Kimsuky,' also referred to as 'Emerald Sleet' or 'Velvet Chollima.' This group has adopted a sophisticated social engineering tactic reminiscent of the infamous ClickFix campaigns, which are
The BadPilot campaign, orchestrated by a subgroup within the Russian state actor Seashell Blizzard, represents a significant cybersecurity threat. This multiyear operation has targeted Internet-facing infrastructure worldwide, enabling persistent access to high-value targets and supporting tailored network operations. This article delves into the tactics, techniques, and procedures (TTPs) of this
OpenSSL has addressed a critical security flaw identified as CVE-2024-12797, which was discovered by Apple researchers. This vulnerability could allow man-in-the-middle attacks due to improper server authentication checks in certain configurations. Understanding the OpenSSL Vulnerability The OpenSSL library, which is crucial for secure communications over computer networks, implements the Secure