New Osiris Ransomware Leverages POORTRY for BYOVD Attack
The emergence of the Osiris ransomware, utilizing a bespoke driver to bypass security protocols, underscores a troubling evolution in cyber threats. As ransomware tactics diversify,...
IT & Security
Ring Introduces New Content Verification Feature for Videos
Ring's introduction of the Verify feature aims to curb video manipulation by allowing users to detect alterations in shared footage. This move raises questions about...
Automated Attacks Compromise FortiCloud SSO Security Protocols
Arctic Wolf has identified a surge in automated attacks targeting Fortinet's FortiGate devices, exploiting critical vulnerabilities that allow unauthorized SSO logins. This breach not only...
Security Flaw Exposes StealC Malware Operations to Researchers
A recently discovered XSS vulnerability in the StealC malware's control panel highlights staggering irony: a tool designed for cookie theft failed to safeguard its own....
Tudou Marketplace Suspends Telegram Transactions Amid Controversy
The decline of Tudou Guarantee, a major Telegram-based illicit marketplace, underscores the fragility of cyber fraud ecosystems. As law enforcement intensifies scrutiny, the potential for...
North Korean Hackers Exploit VS Code Projects to Target Developers
North Korean threat actors are exploiting Microsoft Visual Studio Code projects to deploy sophisticated backdoors, manipulating developer workflows for malicious gains. This evolution in tactics...
Black Basta Ransomware Leader Faces EU and INTERPOL Pursuit
Ukrainian and German authorities have identified key members of the Black Basta ransomware group, including its Russian leader, Oleg Nefedov. Despite law enforcement's efforts, the...
GootLoader Malware Exploits ZIP Archives for Evasion
The emergence of GootLoader, leveraging malicious ZIP archives, underscores a critical vulnerability in automated detection systems. By employing techniques like hashbusting, attackers ensure each payload...
Hacking Campaign Exposes Vulnerabilities of High-Profile Users
A recent phishing campaign targeting Iranian activists highlights the vulnerabilities in digital security during political turmoil. With attackers potentially tied to state-sponsored espionage, the implications...
China-Linked APT Targets US Infrastructure via Sitecore Zero-Day
A China-aligned threat actor, UAT-8837, is infiltrating North American critical infrastructure, exploiting vulnerabilities like a recent zero-day in Sitecore. This raises alarms about potential supply...
AWS CodeBuild Misconfiguration Risks GitHub Repository Security
A critical misconfiguration in AWS CodeBuild exposed its GitHub repositories to potential takeover, revealing a stark vulnerability in CI pipelines. This oversight not only jeopardizes...
IBM’s AI Data Control Push: A Double-Edged Sword
IBM's Sovereign Core platform attempts to address the pressing need for secured AI access amidst tightening regulations. However, its emphasis on sovereignty raises questions about...
