A new cyber-espionage campaign has come to light, this time linked to hackers connected with Iran. Security researchers discovered that attackers compromised more than 100 embassy and government email accounts to target diplomats around the world. By abusing official mailboxes, the hackers were able to make their phishing messages look completely authentic. Investigators found that … Continued
WordPress, the world’s most widely used website platform, is facing yet another wave of security issues. Researchers have revealed that many WordPress sites are being compromised and abused through malicious or vulnerable plugins. These hacked sites are being used to spread two major threats, known as ClickFix attacks and Traffic Distribution Systems (TDS). Both of … Continued
A Ukrainian network known as FDN3 has been identified as the source of large brute-force attacks targeting SSL VPNs and Remote Desktop Protocol (RDP) devices. Security researchers observed these attacks during June and July 2025, with the most intense surge recorded between July 6 and July 8. Instead of quick hits, some of the campaigns … Continued
A new malicious npm package has been discovered, and this time the target was not just developers but also cryptocurrency users. The package, named nodejs-smtp, was designed to look like the widely used Nodemailer library. On the surface, it worked like a normal tool for sending emails, but hidden inside was code that attempted to … Continued
“In a regulated industry, you cannot rush adoption—you need a granular understanding of the risks.” – Sandip Wadje Sandip Wadje, Managing Director and Global Head of Emerging Technology Risks at BNP Paribas, is a seasoned Cyber Security and Technology Risk leader with 23 years of experience across Cyber Security, Operational Risk, IT Risk, Internal Controls, … Continued
Cloud security is no longer optional; it‘s survival. With attackers targeting misconfigurations, APIs, and identities, organizations need to test their defenses before criminals do. Two popular approaches Penetration Testing and Red Teaming play a huge role. What Is Cloud Penetration Testing? A controlled, simulated attack on cloud systems (AWS, Azure, GCP). Focuses on misconfigured buckets, … Continued
ScarCruft, a North Korean state-linked hacking group also known as APT37, has recently carried out a new cyber-espionage operation that researchers have named Operation HanKook Phantom. This campaign is focused on South Korean academics, researchers, and policy experts, and its main weapon is a malware strain called RokRAT. The operation was uncovered by Seqrite and … Continued
FreePBX servers have come under attack after hackers found a new zero-day vulnerability. The company behind the software, Sangoma, has confirmed that criminals are already using this flaw to break into systems. An emergency patch has now been released to fix the issue, and all administrators are being told to act quickly. The problem is … Continued
Cybersecurity researchers have recently exposed a dangerous new malware campaign that hides inside what looks like a harmless PDF editing tool. Attackers are disguising their malicious software as “AppSuite PDF Editor,” which is being pushed through fake advertisements online. The campaign has already affected multiple organizations in Europe and poses a serious threat to anyone … Continued
The United States Treasury has imposed new sanctions on people and companies linked to North Korea’s illegal use of remote IT workers. Officials said the scheme is designed to secretly earn money for Pyongyang, which then directs the funds toward its prohibited weapons programs. The sanctions list names two individuals and two companies accused of … Continued
