Celebrating 10 Years of Partnership: Snap and HackerOne Reach $1M in Bounties
Q: Tell us about your role at Snap and why cybersecurity is vital to your business. Jim Higgins: I’m Snap’s Chief Information Security Officer (CISO).…
Month: February 2025
Chinese hackers abuse Microsoft APP-v tool to evade antivirus
The Chinese APT hacking group “Mustang Panda” has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes…
New Research Aims to Strengthen MITRE ATT&CK for Evolving Cyber Threats
A recent study by researchers from the National University of Singapore and NCS Cyber Special Ops R&D explores how the MITRE ATT&CK framework can be…
Critical OpenSSH Vulnerabilities Expose Users to MITM and DoS Attacks
Two critical OpenSSH vulnerabilities discovered! Qualys TRU finds client and server flaws (CVE-2025-26465 & CVE-2025-26466) enabling MITM and DoS. Upgrade to 9.9p2 now to protect…
New OpenSSH flaws expose SSH servers to MiTM and DoS attacks
OpenSSH has released security updates addressing two vulnerabilities, a machine-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a…
Threat Actors Trojanize Popular Games to Evade Security and Infect Systems
A sophisticated malware campaign was launched by cybercriminals, targeting users through trojanized versions of popular games. Exploiting the holiday season’s heightened torrent activity, the attackers…
New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now
Feb 18, 2025Ravie LakshmananVulnerability / Network Security Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could…
DeepSeek-R1: Budgeting challenges for on-premise deployments
Until now, IT leaders have needed to consider the cyber security risks posed by allowing users to access large language models (LLMs) like ChatGPT directly…
China-linked APT group Winnti targets Japanese organizations
China-linked APT group Winnti targets Japanese organizations since March 2024 Pierluigi Paganini February 18, 2025 China-linked threat actor Winnti targeted Japanese companies in the manufacturing,…
A New Approach to Proving Cybersecurity Value (That Isn’t ROI)
Over the past 8 months, Luke (hakluke) Stephens and I have spoken with 10 security executives, surveyed over 550 security professionals, and incorporated insights from HackerOne’s…
Highly Obfuscated .NET sectopRAT Mimic as Chrome Extension
SectopRAT, also known as Arechclient2, is a sophisticated Remote Access Trojan (RAT) developed using the .NET framework. This malware is notorious for its advanced obfuscation…
Snake Keylogger Variant Hits Windows, Steals Data via Telegram Bots
The New Snake Keylogger variant targets Windows users via phishing emails, using AutoIt for stealth. Learn how it steals credentials and evades detection. Cybersecurity researchers…