When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider
As enterprises continue to shift their operations to the browser, security teams face a growing set of cyber…
ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics
Cybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft (aka…
Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling
Cybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed an open-source endpoint…
WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices
WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said…
Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution
Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve…
Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authentication
Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated…
Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaign
An abandoned update server associated with input method editor (IME) software Sogou Zhuyin was leveraged by threat actors…
Can Your Security Stack See ChatGPT? Why Network Visibility Matters
Generative AI platforms like ChatGPT, Gemini, Copilot, and Claude are increasingly common in organizations. While these solutions improve…
Click Studios Patches Passwordstate Authentication Bypass Vulnerability in Emergency Access Page
Click Studios, the developer of enterprise-focused password management solution Passwordstate, said it has released security updates to address…
FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available
The Sangoma FreePBX Security Team has issued an advisory warning about an actively exploited FreePBX zero-day vulnerability that…