Author: nitya

Microsoft has warned organizations about a sophisticated cyberattack campaign aimed at companies in the energy sector. The attacks combine advanced phishing methods with business email compromise techniques. According to Microsoft’s security researchers, the goal is to steal credentials and gain long-term access to corporate email accounts. The findings highlight growing cyber risks for critical infrastructure. … Continued

The Australian government has started a fresh review of Chinese-made electric buses after overseas reports raised cybersecurity concerns. The issue came into focus after European transport authorities warned that some electric buses could potentially be controlled or shut down remotely. These findings have pushed Australian officials to re-examine similar buses used locally. Authorities say the … Continued

Security researchers have identified a malicious Python package uploaded to PyPI that impersonates the popular SymPy mathematics library. The package was created to deceive developers into believing it is legitimate. Once installed, it silently executes malicious code on Linux systems. The attack mainly targets developer machines and automated environments. The malicious package uses a name … Continued

Security experts have identified a series of automated cyberattacks targeting Fortinet firewall devices through weaknesses in FortiCloud Single Sign-On (SSO). These attacks allow unauthorized access to firewalls without using valid usernames or passwords. Once access is gained, attackers can change critical firewall settings. The activity is confirmed to be happening in real-world environments. The attacks … Continued

Security researchers have recently identified serious security flaws in the Chainlit AI framework, a tool widely used to build AI-powered chatbots and interactive applications. These flaws could allow attackers to steal sensitive data from servers running vulnerable versions. The findings have drawn attention from the cybersecurity community due to the nature of data handled by … Continued

LastPass has issued a fresh warning to its users about a new phishing campaign that is actively trying to steal master passwords. The company says attackers are sending fake emails that look like official maintenance or security alerts. These messages are designed to scare users into taking quick action. The main goal is to trick … Continued

Cloudflare has fixed a security flaw in its infrastructure that could allow attackers to bypass Web Application Firewall protections. The issue was linked to how Cloudflare handled ACME certificate validation requests. These requests are used to automatically issue and renew HTTPS certificates. The flaw affected how certain validation traffic was processed. The vulnerability involved the … Continued

Tudou Guarantee, a major marketplace operating on Telegram, has stopped handling transactions through its public channels. Blockchain analysis confirms the platform processed more than $12 billion in cryptocurrency before this move. The findings were reported by trusted blockchain intelligence researchers. The halt marks a major shift for one of Telegram’s largest underground markets. The platform … Continued

Security researchers have identified a new malware campaign that spreads a remote access trojan called ModeloRAT through a fake Google Chrome extension. The activity is being tracked under the name “CrashFix.” Instead of exploiting technical flaws, the attackers rely on social engineering to trick users. The campaign has been confirmed by multiple trusted cybersecurity research … Continued