Norway says ‘no way’ to global financial crime
In 2024, the Norwegian government set out a national digitisation strategy with the aim of making the country the most digitised in the world by…
Month: March 2025
The Silk Typhoon Campaign Targets IT Supply Chain
The Chinese espionage group known as Silk Typhoon has expanded the cyberattacks to target the global IT supply chain. Microsoft Threat Intelligence has identified a…
The U.S. DoJ charges 12 Chinese nationals for state-linked cyber operations
The U.S. DoJ charges 12 Chinese nationals for state-linked cyber operations Pierluigi Paganini March 06, 2025 The U.S. Department of Justice (DoJ) charges 12 Chinese…
ZITADEL IDOR Vulnerabilities Let Attackers Modify Sensitive Settings
A critical Insecure Direct Object Reference (IDOR) vulnerability chain in ZITADEL’s administration interface (CVE-2025-27507) has exposed organizations to systemic risks of account takeover and configuration…
Hackers Deploy AI Deepfake of YouTube CEO in Credential Theft Scam
YouTube CEO Neal Mohan was impersonated in a deepfake phishing scam. Learn about the attack, how to spot the red flags, and how to protect…
Outsmarting Cyber Threats with Attack Graphs
Cyber threats are growing more sophisticated, and traditional security approaches struggle to keep up. Organizations can no longer rely on periodic assessments or static vulnerability…
LibreOffice Vulnerability Let Attackers Execute Arbitrary Script Using Macro URL
A critical security vulnerability in LibreOffice tracked as CVE-2025-1080, has exposed millions of users to potential remote code execution attacks through manipulated macro URLs. Patched…
Broadcom issues VMware patch alert and Microsoft Silk Typhoon Cyber Threat
Broadcom Urges VMware Customers to Address Zero-Day Vulnerabilities Broadcom, a leading American semiconductor company and now the owner of VMware, has issued a critical alert…
Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access
Mar 06, 2025Ravie LakshmananData Breach / Website Security Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four…
Credential Theft And Remote Access
A new malware campaign named Phantom Goblin, identified and analyzed by Cyble, uses information-stealing malware that uses social engineering techniques to deceive victims and steal…
SecP0 Ransomware Group Threatens Organizations to Leak Vulnerability Details
A new ransomware group, SecP0, has emerged on the cybercrime landscape, adopting a novel and deeply concerning tactic: demanding ransom payments not for encrypted data,…
Google Silently Tracks Android Device Even No Apps Opened by User
Google collects and stores significant amounts of user data on Android devices, even when users haven’t opened any Google apps. The study by Professor D.J.…