Author Info

Cybersecurity experts have raised alarms about threat actors exploiting a newly uncovered vulnerability in Apache Struts—labeled CVE-2024-53677. This flaw carries a critical CVSS score of 9.5, underscoring its severity. Exploiting this vulnerability could allow attackers to upload harmful files, leading to potential remote code execution. According to an

Mark Sokolovsky, a Ukrainian citizen, has received a five-year prison sentence for his pivotal role in the notorious Raccoon Stealer malware operation. Court documents reveal that Sokolovsky, known by aliases such as raccoon-stealer, Photix, and black21jack77777, collaborated with co-conspirators to distribute the malware through a MaaS (malware-as-a-service) model, charging $75

Phishing attacks are evolving as cybercriminals find creative ways to infiltrate user inboxes. A recent campaign is exploiting Google Calendar invites and Google Drawings to deceitfully harvest user credentials while evading spam detection. Platform Abuse The tactic leverages Google Calendar invites, cleverly embedding phishing links within event descriptions or attachments.

The Russia-linked cyber espionage unit APT29—known by various aliases including Cozy Bear and Nobelium—has adapted red teaming tactics to perpetrate rogue RDP attacks. This campaign, primarily targeting governmental and academic sectors, marks a sophisticated step in the group's cyber activities. Cyber Group Identity APT29, also recognized

Recent discoveries have revealed a series of harmful Visual Studio Code (VSCode) extensions infiltrating the VSCode marketplace, designed to unleash heavily disguised PowerShell payloads. These attacks focus on software developers and the cryptocurrency sector, posing a significant risk through supply chain vulnerabilities. Timeline and Discovery According to a report by

In a recent phishing campaign, 20,000 employees from European manufacturing firms have found themselves in the crosshairs of cybercriminals. This attack, which spanned from June to at least September, primarily affected automotive, chemical, and industrial compound companies in the UK, France, and Germany, according to research by Palo Alto

The FBI has issued a warning regarding a new surge of HiatusRAT malware targeting internet-connected surveillance cameras and DVRs from Chinese brands. The alert, shared through a Private Industry Notification, outlines ongoing scanning campaigns exploiting these vulnerabilities. Emergence and Persistence HiatusRAT, which has been active since July 2022, gained traction

Security analysts have exposed a sophisticated phishing operation targeting an organization in Turkey's defense sector, showcasing the evolving strategies of the threat actor TA397, also known as "Bitter." Phishing Campaign Breakdown According to research by Proofpoint, the campaign utilized spear phishing techniques through emails containing RAR

A recently identified social engineering scheme has taken advantage of Microsoft Teams to distribute the notorious DarkGate malware. Researchers at Trend Micro, including Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta, revealed how attackers impersonate clients via Teams calls to gain unauthorized access to victims' systems. During these attacks, threat