Penetration Testing In The Boardroom
Penetration testing is one of the very few ways to evaluate how attackers would compromise your environment without actually experiencing an incident. To position pentesting as…
Month: December 2025
Indian Income Tax-Themed Attacking Businesses with a Multi-Stage Infection Chain
Cybercriminals have increasingly weaponized the Income Tax Return (ITR) filing season to orchestrate sophisticated phishing campaigns targeting Indian businesses. By exploiting public anxiety surrounding tax…
Indian Income Tax–Lure Campaign Deploying Multi-Stage Malware Against Businesses
Tax-themed phishing campaigns have intensified in recent months, capitalizing on the heightened awareness surrounding India’s Income Tax Return (ITR) filing season. Public discussions about refund…
Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits
Malware peddlers are targeting infosec enthusiasts, budding security professionals, and aspiring hackers with the Webrat malware, masquerading the threat as proof-of-concept (PoC) exploits for known…
Hacktivists claim near-total Spotify music scrape
Hacktivist group Anna’s Archive claims to have scraped almost all of Spotify’s catalog and is now seeding it via BitTorrent, effectively turning a streaming platform…
A walkthrough of the Google Workspace Password Manager
Passwd is designed specifically for organizations operating within Google Workspace. Rather than competing as a general consumer password manager, its purpose is narrow, and business-focused:…
How to determine if agentic AI browsers are safe enough for your enterprise
Agentic AI browsers like OpenAI’s Atlas have debuted to major fanfare, and the enthusiasm is warranted. These tools automate web browsing to close the gap…
Cyberattack knocks offline France’s postal, banking services
La Poste, the French national postal service, confirmed on Monday that all its information systems were knocked offline by “a major network incident,” disrupting digital…
Critical n8n Automation Platform Vulnerability Enables RCE Attacks
A critical remote code execution vulnerability has been discovered in n8n, the open-source workflow automation platform, exposing over 103,000 potentially vulnerable instances worldwide. Tracked as…
INTERPOL Arrests 574 in Africa; Ukrainian Ransomware Affiliate Pleads Guilty
A law enforcement operation coordinated by INTERPOL has led to the recovery of $3 million and the arrest of 574 suspects by authorities from 19…
New MacSync Stealer Malware Attacking macOS Users Using Digitally Signed Apps
A new version of MacSync Stealer malware is targeting macOS users through digitally signed and notarized applications, marking a major shift in how this threat…
Why Third-Party Access Remains the Weak Link in Supply Chain Security
Why Third-Party Access Remains the Weak Link in Supply Chain Security Pierluigi Paganini December 23, 2025 Attackers exploited a supply chain weakness, abusing trusted components…