Researcher Uncovers Potential Wiretapping Bugs in Google Home Smart Speakers

A security researcher was awarded a bug bounty of $107,500 for identifying security issues in...

1 Comment

CISA Warns of Active exploitation of JasperReports Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two-years-old security flaws impacting TIBCO Software’s JasperReports...

Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities

Thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints remain vulnerable to two critical...

New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software

Users searching for popular software are being targeted by a new malvertising campaign that abuses...

BitKeep Confirms Cyber Attack, Loses Over $9 Million in Digital Currencies

Decentralized multi-chain crypto wallet BitKeep on Wednesday confirmed a cyberattack that allowed threat actors to...

APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector

Microsoft’s decision to block Visual Basic for Applications (VBA) macros by default for Office files...

BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection

BlueNoroff, a subcluster of the notorious Lazarus Group, has been observed adopting new techniques into...

Facebook to Pay $725 Million to settle Lawsuit Over Cambridge Analytica Data Leak

Meta Platforms, the parent company of Facebook, Instagram, and WhatsApp, has agreed to pay $725...

1 Comment

GuLoader Malware Utilizing New Techniques to Evade Security Software

Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader...

2022 Top Five Immediate Threats in Geopolitical Context

As we are nearing the end of 2022, looking at the most concerning threats of...

PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware

The pay-per-install (PPI) malware downloader service known as PrivateLoader is being used to distribute a...

W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names

Threat actors have published yet another round of malicious packages to Python Package Index (PyPI)...

FrodoPIR: New Privacy-Focused Database Querying System

The developers behind the Brave open-source web browser have revealed a new privacy-preserving data querying...

Customer details compromised in LastPass data breaches

A malicious actor copied personal information from LastPass’ third-party cloud storage provider...

Researchers Warn of Kavach 2FA Phishing Attacks Targeting Indian Govt. Officials

A new targeted phishing campaign has zoomed in on a two-factor authentication solution called Kavach...

Accelerate Your Incident Response

Tis the season for security and IT teams to send out that company-wide email: “No,...

Vice Society Ransomware Attackers Adopt Robust Encryption Methods

The Vice Society ransomware actors have switched to yet another custom ransomware payload in their...

France Fines Microsoft €60 Million for Using Advertising Cookies Without User Consent

France’s privacy watchdog has imposed a €60 million ($63.88 million) fine against Microsoft’s Ireland subsidiary...

1 Comment

LastPass Admits to Severe Data Breach, Encrypted Password Vaults Compromised

The August 2022 security breach of LastPass may have been more severe than previously disclosed by the...

FIN7 Cybercrime Syndicate Emerges as Major Player in Ransomware Landscape

An exhaustive analysis of FIN7 has unmasked the cybercrime syndicate’s organizational hierarchy, alongside unraveling its role as...

The Era of Cyber Threat Intelligence Sharing

We spent forty years defending ourselves as individuals. Trying to outsmart cybercriminals, outpower them, and...

Critical Security Flaw Reported in Passwordstate Enterprise Password Manager

Multiple high-severity vulnerabilities have been disclosed in Passwordstate password management solution that could be exploited...

Two New Security Flaws Reported in Ghost CMS Blogging Software

Cybersecurity researchers have detailed two security flaws in the JavaScript-based blogging platform known as Ghost, one...

Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities

The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected...

Hackers Breach Okta’s GitHub Repositories, Steal Source Code

Okta, a company that provides identity and access management services, disclosed on Wednesday that some...

Threat Report 22nd December 2022

The NCSC’s threat report is drawn from recent open source reporting....

NCSC’s cyber security training for staff now available

The NCSC’s e-learning package ‘Top Tips For Staff’ can be completed online, or built into...

Be Wary of Scammers in the Holiday Season

As 2022 comes to a close, stress can be at an all-time high. This time...

Raspberry Robin Worm Strikes Again, Targeting Telecom and Government Systems

The Raspberry Robin worm has been used in attacks against telecommunications and government office systems across Latin...

The Rise of the Rookie Hacker – A New Trend to Reckon With

More zero knowledge attacks, more leaked credentials, more Gen-Z cyber crimes – 2022 trends and...