What are infostealers and how do I stay safe?
Here’s what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data…
Author: Cybernoz
CTM360 Tracks Global Surge in SMS-Based Reward and Toll Scams
CTM360 has observed a notable surge in two SMS-based phishing campaigns: PointyPhish (reward scams) and TollShark (toll payment scams). PointyPhish is linked to over 3,000…
Why Threat Modeling Should Be Part of Every Security Program
In today’s hyperconnected business environment, security teams face unprecedented challenges protecting organizational assets against increasingly sophisticated threats. Threat modeling stands out as a structured methodology…
Managing Burnout in the SOC
The Security Operations Center (SOC) is the nerve center of modern cybersecurity, responsible for detecting, analyzing, and responding to threats 24/7. However, the relentless pace,…
Unlocking the Power of MetaTrader
MetaTrader is a key tool for traders, offering a comprehensive platform that supports various financial instruments. Understanding its capabilities is important for effective trading. This…
Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling,…
Free Market Fanboys | Daniel Miessler
I was reading the blogroll over at Overcoming Bias and, naturally, encountered quite a number of economics-focused blogs. What struck me was how overtly anti-Obama…
![[tl;dr sec] #275 - Damn Vulnerable MCP, Figma's Modern Endpoint Strategy, BloodHound for AWS IAM](https://image.cybernoz.com/wp-content/uploads/2025/04/tldr-sec-275-Damn-Vulnerable-MCP-Figmas-Modern-Endpoint.png)
[tl;dr sec] #275 – Damn Vulnerable MCP, Figma’s Modern Endpoint Strategy, BloodHound for AWS IAM
Deliberately vulnerable MCP to practice your hacking chops, how Figma’s balances usability & security, a new tool to put a leash on naughty AWS permissions…
Ahold Delhaize confirms data theft after INC ransomware claims attack
Food retail giant Ahold Delhaize confirms that data was stolen from its U.S. business systems during a November 2024 cyberattack. “Based on our investigation to date,…
Hackers Weaponize MMC Script to Deploy MysterySnail RAT Malware
A sophisticated cyberespionage campaign leveraging malicious Microsoft Management Console (MMC) scripts to deploy the stealthy MysterySnail remote access trojan (RAT). First identified in 2021 during…
BREAKING: CISA Steps In to Keep CVE Services Alive
By Gary Miliefsky, Publisher, Cyber Defense Magazine Good news comes to us like a Windows patch Tuesday: Common Vulnerabilities and Exposures Program will continue operating…
New Jersey Sues Discord for Allegedly Failing to Protect Children
Discord is facing a new lawsuit from the state of New Jersey, which claims that the chat app is engaged in “deceptive and unconscionable business…