Smishing on a Massive Scale: ‘Panda Shop’ Chinese Carding Syndicate
Smishing on a Massive Scale: ‘Panda Shop’ Chinese Carding Syndicate Pierluigi Paganini May 06, 2025 Resecurity found a new smishing kit called ‘Panda Shop,’ mimicking…
Month: May 2025
New T1555.003 Technique Let Attackers Steal Passwords From Web Browsers
A sophisticated credential theft technique, identified as T1555.003 in the MITRE ATT&CK framework, has emerged as a significant threat to organizations worldwide. This technique enables…
CISA Issues Alert on Langflow Vulnerability Actively Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert regarding an actively exploited vulnerability in Langflow, a popular open-source framework for building language…
Google Fixes Actively Exploited Android System Flaw in May 2025 Security Update
May 06, 2025Ravie LakshmananVulnerability / Mobile Security Google has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability…
Ransomware Groups Allegedly Breach IT Networks, Stealing Data from UK Retailers
A notorious ransomware group dubbed DragonForce has claimed responsibility for a series of cyber attacks targeting major UK retailers, with Co-op now confirming a significant…
Critical Microsoft Zero-Click Telnet Vulnerability Enables Credential Theft Without User Action
A critical vulnerability has been uncovered in Microsoft’s Telnet Client (telnet.exe), enabling attackers to steal Windows credentials from unsuspecting users, even without interaction in certain…
NCSC issues alert against more ransomware attacks on retailers
In light of recent cyber attacks targeting major British businesses such as Harrods, Marks & Spencer, and Co-Op, the National Cyber Security Centre (NCSC), the…
What it really takes to build a resilient cyber program
In this Help Net Security interview, Dylan Owen, CISO at Nightwing, talks about what it really takes to build an effective defense: choosing the right…
Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence
May 06, 2025Ravie LakshmananCybersecurity / Vulnerability A recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities…
RomCom RAT Attacking UK Organizations Via Customer Feedback Portals
A sophisticated Remote Access Trojan (RAT) dubbed “RomCom” has emerged as a significant threat targeting UK organizations through their customer feedback portals. Cybersecurity experts have…
How cybercriminals exploit psychological triggers in social engineering attacks
Most attacks don’t start with malware; they begin with a message that seems completely normal, whether it comes through email, a phone call, or a…
Hackers Attacking HR Departments with Fake Resumes That Drop More_eggs Malware
A sophisticated cyber campaign targeting corporate human resources departments has been uncovered, with attackers exploiting the routine practice of opening job application attachments to deploy…