The CTEM Conversation We All Need
Jun 24, 2025Ravie LakshmananThreat Exposure Management I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And…
Author: Cybernoz
Weaponized DMV-Themed Phishing Attacking U.S. Citizens to Harvest Personal and Financial Data
A sophisticated phishing campaign emerged in May 2025, targeting U.S. citizens through a coordinated impersonation of state Department of Motor Vehicles (DMV) agencies. This large-scale…
Critical Convoy Flaw Allows Remote Code Execution on Servers
Credential Abuse Unmasked Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with…
One year since being freed, Julian Assange still a victim of state secrecy
It is one year since WikiLeaks founder Julian Assange became a free man again. When he addressed the Council of Europe last October, he was…
Africa Faces A Digital Sextortion Crisis As Numbers Surge
A continent-wide takedown of 63,000 Instagram accounts in Nigeria in mid-2024 has spotlighted one of Africa’s fastest growing cyber threats: digital sextortion. The figure, disclosed…
Sophisticated Malware Campaign Targets WordPress and WooCommerce Sites with Obfuscated Skimmers
A sophisticated malware campaign has emerged targeting WordPress and WooCommerce websites with highly obfuscated credit card skimmers and credential theft capabilities, representing a significant escalation…
OPPO Clone Phone Vulnerability Leaks Sensitive Data via Weak WiFi Hotspot
A newly disclosed security vulnerability in OPPO’s widely used Clone Phone app has raised significant concerns over user privacy, as it exposes sensitive data through…
Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network
Jun 24, 2025Ravie LakshmananCloud Security / Cryptojacking Misconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine…
Aviatrix Cloud Controller Authentication Vulnerability Let Attackers Execute Remote Code
Two critical vulnerabilities in Aviatrix Controller, a Software-Defined Networking (SDN) utility that enables cloud connectivity across different vendors and regions. The vulnerabilities allowed attackers to…
North Korean Hackers Use Malicious Zoom Apps to Execute System-Takeover Attacks
Cybersecurity researchers and targeted individuals have reported a highly sophisticated scam orchestrated by suspected North Korean hackers. This attack, disguised as a legitimate Zoom meeting,…
High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218)
A recently patched directory traversal vulnerability (CVE-2025-6218) in WinRAR could be leveraged by remote attackers to execute arbitrary code on affected installations. The vulnerability has…
APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine
Jun 24, 2025Ravie LakshmananMalware / Threat Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the…