Interview: Madoc Batters, head of cloud and IT security, Warner Leisure Hotels
Madoc Batters likes a challenge. As head of cloud and IT security at Warner Leisure Hotels, he’s inherited a big task – leading the UK…
Month: March 2025
Data breach at Japanese telecom giant NTT hits 18,000 companies
Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident. The data…
Hackers Leveraging x86-64 Binaries on Apple Silicon to Deploy macOS malware
Advanced threat actors increasingly leverage x86-64 binaries and Apple’s Rosetta 2 translation technology to bypass execution policies and deploy malware on Apple Silicon devices. The…
A Brand New Botnet Is Delivering Record-Size DDoS Attacks
A newly discovered network botnet comprising an estimated 30,000 webcams and video recorders—with the largest concentration in the US—has been delivering what is likely to be…
Critical DrayTek Router Vulnerabilities Expose Devices to RCE Attacks
A recent security analysis of Draytek Vigor routers has uncovered severe vulnerabilities that could allow attackers to hijack devices, execute arbitrary code, and bypass critical…
Microsoft Dismantles Malvertising Scam Using GitHub, Discord, Dropbox
Microsoft Threat Intelligence exposes a malvertising campaign exploiting GitHub, Discord, and Dropbox. Discover the multi-stage attack chain, the use of LOLBAS, and the various malware…
Ransomware gang encrypted network from a webcam to bypass EDR
The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim’s network, effectively circumventing Endpoint Detection and Response (EDR), which…
Critical Vulnerabilities in DrayTek Routers Exposes Devices to RCE Attack
A series of critical vulnerabilities in DrayTek Vigor routers widely deployed in small office/home office (SOHO) environments have been uncovered, exposing devices to remote code…
Multiple Jenkins Vulnerabilities Allow Attackers to Expose Secrets
Jenkins, the widely-used open-source automation server, issued a high-priority security advisory on March 5, 2025, disclosing four medium-severity vulnerabilities affecting its core platform. The flaws—tracked…
Avoiding the Single Point of Failure
In July of 2024, cybersecurity software company CrowdStrike pushed an update to millions of computers around the world. The update, which should have been perfunctory,…
North Korean hackers join Qilin ransomware gang
Microsoft says a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of recent attacks. “Since late…
Operation Sea Elephant Attacking Organizations to Steal Research Details
A sophisticated cyber espionage campaign dubbed “Operation Sea Elephant” has been discovered targeting scientific research organizations, with a particular focus on ocean-related studies. The operation,…