-
The Social Contract of Security: Why Employees Ignore Policies
Understanding the Real Reasons Behind Policy Bypass Go to Source
-
ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach
ConnectWise breached by suspected nation-state actor in May 2025; Google Mandiant leads probe; flaw CVE-2025–3935 patched earlier. Read more | > Go to Source
-
Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools
Fake AI installers for ChatGPT and InVideo deliver ransomware and info-stealers via SEO scams and social ads, targeting businesses. Read more | > Go to Source
-
New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers
Cybersecurity researchers have taken the wraps off an unusual cyber attack that leveraged malware with corrupted DOS and PE headers, according to new findings from Fortinet. The DOS (Disk Operating System) and PE (Portable Executable) headers are essential parts of a Windows PE file, providing information about the executable. While the DOS header makes the…
-
DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints
DragonForce exploited three SimpleHelp CVEs to hijack an MSP’s RMM tool, steal data, and deploy ransomware on customer systems. Read more | > Go to Source
-
Cybercriminals exploit AI hype to spread ransomware, malware
Threat actors linked to lesser-known ransomware and malware projects now use AI tools as lures to infect unsuspecting victims with malicious payloads. This development follows a trend that has been growing since last year, starting with advanced threat actors using deepfake content generators to infect victims with malware. These lures have become widely adopted by…
-
Threat actors abuse Google Apps Script in evasive phishing attacks
Threat actors are abusing the ‘Google Apps Script’ development platform to host phishing pages that appear legitimate and steal login credentials. This new trend was spotted by security researchers at Cofense, who warn that the fraudulent login window is “carefully designed to look like a legitimate login screen.” “The attack uses an email masquerading as…
-
Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations
APT41 used Google Calendar to control TOUGHPROGRESS malware via encrypted events; Google shut it down. Read more | > Go to Source
-
New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto
PumaBot hijacks Linux IoT devices via SSH brute-force, fakes Redis services, and mines crypto using stealthy rootkits. Read more | > Go to Source
-
Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware
Cybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools like LetsVPN and QQ Browser to deliver the Winos 4.0 framework. The campaign, first detected by Rapid7 in February 2025, involves the use of a multi-stage, memory-resident loader called Catena. “Catena uses embedded shellcode and configuration switching logic to…