Kimsuky Hackers’ Playbook Uncovered in Exposed ‘Kim’ Data Dump
A rare breach attributed to a North Korean–affiliated actor named “Kim” by the leakers has unveiled unprecedented insight into Kimsuky (APT43) operations. Dubbed the “Kim”…
Author: Cybernoz
Breaking Into Cybersecurity Without A Technical Degree
Cybercrime damages are projected to reach $10.5 trillion USD globally by 2025, according to Cybersecurity Ventures, and organizations need more cybersecurity professionals. Traditional entry barriers, such…
Researchers Bypassed Web Application Firewall With JS Injection with Parameter Pollution
Cybersecurity researchers have demonstrated a sophisticated technique for bypassing Web Application Firewalls (WAFs) using JavaScript injection combined with HTTP parameter pollution, exposing critical vulnerabilities in…
Hackers Exploit Amazon SES to Blast Over 50,000 Malicious Emails Daily
A sophisticated cyberattack campaign where threat actors exploited compromised AWS credentials to hijack Amazon’s Simple Email Service (SES), launching large-scale phishing operations capable of sending…
iExec Becomes First Privacy Tools Provider for Arbitrum Ecosystem Builders
Paris, France, 2025 – iExec has announced the deployment of its privacy framework on Arbitrum, enabling the creation of powerful applications enhanced with confidential computing…
PoC Exploit Released for ImageMagick RCE Vulnerability
A proof-of-concept (PoC) exploit has been released for a critical remote code execution (RCE) vulnerability in ImageMagick 7’s MagickCore subsystem, specifically affecting the blob I/O (BlobStream) implementation.…
Web Application Firewall Bypassed via JS Injection with Parameter Pollution
In a recent autonomous penetration test, a novel cross-site scripting (XSS) bypass that sidesteps even highly restrictive Web Application Firewalls (WAFs). Security researchers uncovered a…
Salesloft Drift data breach: Investigation reveals how attackers got in
The attack that resulted in the Salesloft Drift data breach started with the compromise of the company’s GitHub account, Salesloft confirmed this weekend. Supply chain…
Gibraltar government backs plans to build 250MW datacentre on island to tap into AI boom
Plans are afoot to build a 250MW datacentre on the British overseas territory of Gibraltar by 2033 that its developers claim will run on power sourced…
Why Traditional Approaches Are Failing in the AI Era — API Security
Throughout the past few years, APIs have become the backbone of digital infrastructure. They enable software-to-software communication, improve integration and interoperability, support modular architecture, and…
Atomic Stealer Disguised as Cracked Software Attacking macOS Users
A sophisticated malware campaign targeting macOS users has emerged, exploiting the widespread desire for free software to deliver the notorious Atomic macOS Stealer (AMOS). This…
PgAdmin Vulnerability Allows Attackers to Gain Unauthorized Account Access
A newly disclosed security flaw in pgAdmin4, the widely used open-source tool for managing PostgreSQL databases, has raised serious concerns among developers and database administrators across…