Category: Uncategorized
-
Business impact analysis vs. risk assessment explained
Post ContentRead More
-
Follow Patch Tuesday best practices for optimal results
Post ContentRead More
-

PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps [email protected] (The Hacker News)
An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise of chat apps. “PJobRAT can steal SMS messages, phone contacts, device and app information, documents, and media files from infected Android devices,” Sophos security researcher Pankaj Kohli said in…
-
Apache Tomcat RCE
FortiGuard Labs has identified ongoing attack attempts aimed at exploiting the recently discovered Apache Tomcat remote code execution vulnerability, CVE-2025-24813. If successful, attackers could gain access to sensitive security files, allowing them to view or inject arbitrary content and potentially execute code remotely on target systems.Read More
-

Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts [email protected] (The Hacker News)
Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems. “Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers,” Sonatype researcher Ax Sharma said. “However, […] the latestRead More
-

Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability [email protected] (The Hacker News)
Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape.…
-

New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records [email protected] (The Hacker News)
Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the moniker Morphing Meerkat.…
-

Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks [email protected] (The Hacker News)
A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that’s designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as…
-

APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware [email protected] (The Hacker News)
An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India’s public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a…
-

New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It [email protected] (The Hacker News)
Whether it’s CRMs, project management tools, payment processors, or lead management tools – your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for protecting against shadow SaaS, data damage, and more. A new report, Understanding SaaS…
