Attackers stick with effective intrusion points, valid credentials and exploits
IBM X-Force observed an identical breakdown of the top methods cybercriminals used to intrude networks for two years running, the company said in its annual…
Month: April 2025
Cookie-Bite attack PoC uses Chrome extension to steal session tokens
A proof-of-concept attack called “Cookie-Bite” uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain…
Strategic Cybersecurity Budgeting – CISO Best Practices
In today’s rapidly evolving threat landscape, Chief Information Security Officers (CISOs) face the challenge of securing their organizations with finite resources against virtually unlimited threats.…
AI-powered Vishing – Cyber Defense Magazine
First, there was phishing. The goal: To trick targets into revealing information or completing unauthorized actions. Around since the 1990s, this attack vector remains the top…
Hackers Exploit Legitimate Microsoft Utility to Deliver Malicious DLL Payload
Hackers are now exploiting a legitimate Microsoft utility, mavinject.exe, to inject malicious DLLs into unsuspecting systems. This utility, intended for injecting DLLs in Application Virtualization…
GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages
Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud…
Email: Top vs. Bottom Posting
I’ve always been taught it’s polite to trim emails and type the reply below the text I’m responding to: Because it messes up the order…
Malicious npm and PyPI Pose as Developer Tools to Steal Login Credentials
In a concerning development for the open-source community, several malicious packages on npm and PyPI repositories have been discovered posing as legitimate developer tools while…
Why The Seceon Platform Is A Must-Have To Tackle Today’s Threat Landscape
Delivering Security Without Complexity in an Era of Sophisticated Cyber Threats Let’s face it—today’s cybersecurity landscape is a battlefield. Ransomware gangs target critical infrastructure, insider…
Criminal IP to Showcase Advanced Threat Intelligence at RSAC 2025 – GBHackers Security
Joining Criminal IP at Booth S-634 | South Expo, Moscone Center | April 28 – May 1, 2025 Criminal IP, the global cybersecurity platform specializing…
All Gmail users at risk from clever replay attack
Cybercriminals are abusing Google’s infrastructure, creating emails that appear to come from Google in order to persuade people into handing over their Google account credentials.…
Beyond baselines – getting real about security and resilience
In 2024, the National Cyber Security Centre (NCSC) celebrated a decade of its baseline cyber security certification, Cyber Essentials (CE). While the NCSC has touted…