A China-aligned APT threat actor named “TheWizards” abuses an IPv6 networking feature to launch adversary-in-the-middle (AitM) attacks that hijack software updates to install Windows malware. According to ESET, the group has been active since at least 2022, targeting entities in the Philippines, Cambodia, the United Arab Emirates, China, and Hong Kong. Victims include individuals, gambling companies, … Read more
Today, the French foreign ministry blamed the APT28 hacking group linked to Russia’s military intelligence service (GRU) for targeting or breaching a dozen French entities over the last four years. “France condemns in the strongest terms the use by the Russian military intelligence service (GRU) of the APT28 attack procedure, which has led to several … Read more
Threat actors are intensifying internet-wide scanning for Git configuration files that can reveal sensitive secrets and authentication tokens used to compromise cloud services and source code repositories. In a new report from threat monitoring firm GreyNoise, researchers have recorded a massive spike in searches for exposed Git configs between April 20-21, 2025. “GreyNoise observed nearly … Read more
The FBI has asked the public for information on Chinese Salt Typhoon hackers behind widespread breaches of telecommunications providers in the United States and worldwide. In October, the FBI and CISA confirmed that the Chinese state hackers had breached multiple telecom providers (including AT&T, Verizon, Lumen, Charter Communications, Consolidated Communications, and Windstream) and many other … Read more
Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights. The adversary is impersonating officials from European countries and contact targets through WhatsApp and Signal messaging platforms. The purpose is to convince potential victims to provide Microsoft authorization codes that … Read more
In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. The threat actor combined a watering hole attack strategy with an exploit for a vulnerability in a file transfer client that is required in South Korea to complete certain financial and … Read more
ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick servers. The flaw impacts American Megatrends International’s MegaRAC Baseboard Management Controller (BMC) software, used by over a dozen server hardware vendors, including HPE, ASUS, and ASRock. The CVE-2024-54085 flaw is remotely exploitable, potentially leading to … Read more
A hacking group dubbed ‘Elusive Comet’ targets cryptocurrency users in social engineering attacks that exploit Zoom’s remote control feature to trick users into granting them access to their machines. Zoom’s remote control feature allows meeting participants to take control of another participant’s computer. According to cybersecurity firm Trail of Bits, which encountered this social engineering campaign, … Read more
ClickFix attacks are gaining traction among threat actors, with multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia adopting the technique in recent espionage campaigns. ClickFix is a social engineering tactic where malicious websites impersonate legitimate software or document-sharing platforms. Targets are lured via phishing or malvertising and shown fake error messages … Read more
Let’s be real, cybersecurity is turning into an all-out war, and the battleground? Your data. On one side, you’ve got hackers getting smarter by the day. On the flip side, AI is acting as a digital superhero. So… who’s actually winning? In software and hardware security, both the attackers and the defenders are constantly evolving. … Read more