cyber threat actors – Threat Note

From Dark Reading – How an Interdiction Mindset Can Help Win War on Cyberattacks

The US military and law enforcement learned to outthink insurgents. It's time for cybersecurity to learn to outsmart and outmaneuver threat actors with the same framework. Read More

shaikh Saqib April 2, 2025

News

From Dark Reading – Gootloader Malware Resurfaces in Google Ads for Legal Docs

Attackers target a familiar industry, law professionals, by hiding the infostealer in ads delivered via Google-based malvertising. Read More

shaikh Saqib April 2, 2025

News

From The Hacker News – Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers

Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw (aka Dota) that's known for targeting SSH servers with weak credentials. "Outlaw is a Linux malware that relies on SSH brute-force attacks, cryptocurrency mining, and worm-like propagation to infect and maintain control over systems," Elastic Security Labs said in a new analysis

shaikh Saqib April 2, 2025

Vulnerabilities

From Cybersecurity Help – Earth Alux cyberespionage group expands operations beyond APAC region

Earth Alux’s modus operandi involves exploiting vulnerabilities in exposed servers to gain initial access. Read More

Samir K March 31, 2025

News

From Dark Reading – Iran’s MOIS-Linked APT34 Spies on Allies Iraq & Yemen

The Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors. Read More

shaikh Saqib March 28, 2025

News

From The Hacker News – Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks

A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that's designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used by RansomHub actors in

shaikh Saqib March 27, 2025

News

From Dark Reading – Salt Typhoon: A Wake-up Call for Critical Infrastructure

The Salt Typhoon attacks underscored the need for unity, innovation, and resilience in the face of an increasingly sophisticated cyber-threat landscape. Read More

shaikh Saqib March 13, 2025

Vulnerabilities

From Cybersecurity Help – Japan’s NTT Com discloses data breach affecting nearly 18K corporate clients

The compromised systems contained a range of sensitive information about NTT Com’s corporate customers. Read More

shaikh Saqib March 10, 2025

News

From The Hacker News – U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations

The U.S. Department of Justice (DoJ) has announced charges against 12 Chinese nationals for their alleged participation in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally. The individuals include two officers of the People's Republic of China's (PRC) Ministry of Public Security (MPS), eight employees of an ostensibly private PRC company, Anxun

shaikh Saqib March 6, 2025

News

From The Hacker News – PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql. "An

shaikh Saqib February 14, 2025