Cybersecurity researchers have uncovered a new tactic being used by a ransomware group to hide malicious communications by abusing Microsoft Teams relay infrastructure. The technique allows attackers to disguise their command-and-control traffic as legitimate Microsoft Teams activity. By blending in with trusted network traffic, the criminals make it much harder for security tools and defenders … Continued
Cybersecurity experts are warning organizations after critical vulnerabilities in Fortinet FortiSandbox were found to be actively exploited in real-world attacks. The issue has gained attention because FortiSandbox is widely used to analyze suspicious files and detect threats before they reach corporate networks. The confirmation of active exploitation means attackers are no longer just studying the … Continued
Why the old model of vendor oversight is broken, what Gartner analysts say comes next, and how security leaders must prepare for an era of continuous risk intelligence Today’s biggest cyber risk may not be inside your organisation at all it could be sitting somewhere in your … Continued
Cybersecurity researchers have uncovered a serious supply chain attack involving dozens of popular WordPress plugins. The incident came to light after security experts discovered that plugin code had been secretly modified to include hidden backdoors. These plugins were previously trusted by thousands of website owners and had been downloaded by a large number of WordPress … Continued
Cybersecurity researchers have uncovered a large online scam operation that targeted internet users across the Middle East and North Africa (MENA) region. The campaign relied on fake Facebook accounts that pretended to be politicians, public figures, telecom companies, and trusted organizations. These accounts were used to attract users with offers that appeared genuine. The goal … Continued
Novo Nordisk, one of the world’s largest pharmaceutical companies, has disclosed a cybersecurity incident that resulted in unauthorized access to data related to some of its clinical trial participants. The company confirmed that certain information was copied from a limited number of internal IT systems without permission. Following the discovery, Novo Nordisk launched an investigation … Continued
INTERPOL’s large-scale cybercrime operation, known as Operation Ramz, has led to the shutdown of the long-running SniperDz phishing platform and the arrest of its main administrator in Algeria. The operation was carried out with support from law enforcement agencies and cybersecurity partners across the Middle East and North Africa region. Investigators described the takedown as … Continued
The source code of the Miasma worm, a credential-stealing malware framework linked to recent supply-chain attacks, was briefly exposed on GitHub before being removed. Security researchers reported that the publication appeared intentional and closely resembled an earlier leak involving the Shai-Hulud worm. The incident immediately attracted attention across the cybersecurity community because of Miasma’s growing … Continued
A major cybersecurity incident has affected the University of Nottingham after hackers gained access to a large amount of student and alumni data. The breach involved the university’s Campus Solutions student records platform, which is used to manage academic and administrative information. Reports indicate that more than 450,000 current and former students may have been … Continued
Many organizations today rely on automated penetration-testing tools to evaluate their cybersecurity defenses. These tools can quickly scan systems, identify known vulnerabilities, and generate reports that appear reassuring. However, security experts behind a recent webinar warn that a clean automated pentest report does not always mean an organization is truly secure. Automated tools can only … Continued
