Attacks

Critical analysis of sophisticated malvertising campaign using fake Homebrew sites to distribute AmosStealer malware, targeting Mac and Linux users through Google Ads with $1000/month criminal subscriptions

Technical analysis of the largest DDoS attack in history (5.6 Tbps) with strategic recommendations for enterprise security teams and ISPs

Ransomware operators combine email bombing with social engineering via Microsoft Teams to trick employees into granting remote access, highlighting critical Microsoft Teams security configuration risks

Critical analysis of CVE-2024-49415 vulnerability affecting Samsung devices running Android 12-14, enabling zero-click remote code execution through RCS messaging

Research reveals how expired domains enabled control of 4,000+ backdoors, compromising government and academic systems globally with minimal cost and effort.

Stealthy JavaScript skimmer conceals itself in WordPress wp_options database tables to harvest payment data from e-commerce checkout pages while evading detection tools

Critical analysis of escalating ESXi ransomware threats demanding $5M+, targeting 8,000+ exposed hosts. Details attack vectors, encryption methods and essential mitigation strategies.

Critical zero-day vulnerability in Ivanti Connect Secure VPN appliances enables unauthenticated remote code execution, with active exploitation by suspected Chinese threat actors deploying sophisticated malware.

Critical vulnerability CVE-2024-50603 in Aviatrix Controller enables unauthenticated remote code execution, leading to cryptomining and backdoor deployment. Immediate patching required.

Russian state-sponsored group UAC-0063 launches sophisticated cyber espionage campaign against Kazakhstan using HATVIBE malware, while SORM surveillance platform expands across Central Asia

Critical vulnerability in Fortinet firewalls (CVE-2024-55591) allows attackers to gain super-admin privileges through exposed management interfaces, impacting versions 7.0.14-7.0.16.

A critical vulnerability in Google's OAuth implementation enables attackers to gain unauthorized access to SaaS applications by acquiring expired domains of defunct startups.

Global botnet of 13,000 compromised MikroTik routers leverages DNS misconfigurations to bypass email security, enabling malspam campaigns and potential DDoS attacks

Murdoc_Botnet campaign exploits AVTECH and Huawei vulnerabilities, compromising 1,370+ IoT devices across Asia and Latin America for orchestrating DDoS attacks.

Python backdoor enables persistent access for RansomHub ransomware deployment following SocGholish WordPress plugin exploitation, with lateral movement via SOCKS5 proxy tunneling.

Threat actors leverage image steganography and .NET loaders to deploy VIP Keylogger and 0bj3ctivity Stealer, demonstrating increased sophistication in malware delivery techniques

Russian threat actor Star Blizzard adopts new WhatsApp-based spear-phishing tactics targeting diplomatic and Ukraine aid personnel through QR code exploitation, marking significant TTP evolution.

Multiple critical vulnerabilities in SimpleHelp remote access software allow attackers to steal admin credentials, escalate privileges, and execute remote code. Immediate patching required.

FBI successfully executes large-scale malware removal operation targeting Chinese state-sponsored PlugX infections across US systems, demonstrating proactive cyber defense capabilities

North Korean threat actors stole $1.34 billion through cryptocurrency hacks in 2024, while expanding IT worker fraud schemes linked to historical scams dating back to 2016.

Operation 99 uses sophisticated social engineering to target Web3 developers globally, deploying multi-platform malware to steal cryptocurrency and source code

Sophisticated phishing campaign exploits Google Ads platform vulnerabilities to harvest credentials and 2FA codes, using compromised accounts to perpetuate attacks.

Multiple malicious packages discovered across NPM and PyPI repositories targeting Solana wallets, utilizing Gmail SMTP for data exfiltration and implementing destructive capabilities

DoNot Team APT group launches sophisticated Tanzeem Android malware campaign using fake chat apps to collect sensitive data through exploited permissions and push notification abuse

Comprehensive analysis of emerging remote access scam targeting Ukrainian organizations through fake security audit requests, with documented incidents and mitigation strategies

New malware campaign uses sophisticated PNGPlug loader to deliver ValleyRAT through fake software installers, targeting Hong Kong, Taiwan, and Mainland China with advanced persistence techniques.