Understanding Help Desk Scams and How to Defend Your Organization
In the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling…
Author: Cybernoz
Future-ready cybersecurity: Lessons from the MITRE CVE crisis
The recent funding crisis surrounding MITRE’s Common Vulnerabilities and Exposures (CVE)program was more than just a bureaucratic hiccup — it was a wake-up call for…
Android malware Crocodilus adds fake contacts to spoof trusted callers
The latest version of the ‘Crocodilus’ Android malware has introduced a new mechanism that adds a fake contact to an infected device’s contact list to…
Malicious NPM Packages Attacking Ethereum Wallets Using Obfuscated JavaScript
A sophisticated cryptocurrency theft campaign has emerged on the npm package registry, targeting developers and cryptocurrency users through malicious packages designed to drain Ethereum and…
New Research Uncovers Strengths and Vulnerabilities in Cloud-Based LLM Guardrails
Cybersecurity researchers have shed light on the intricate balance of strengths and vulnerabilities inherent in cloud-based Large Language Model (LLM) guardrails. These safety mechanisms, designed…
Australia Enforces Ransomware Payment Reporting
Australia has enforced new regulation that requires reporting businesses to inform the government if they make ransomware or other cyber extortion payments. Per the legislation,…
Google patches new Chrome zero-day bug exploited in attacks
Google has released an emergency security update to fix the third Chrome zero-day vulnerability exploited in attacks since the start of the year. “Google is aware…
SolarWinds Dameware Remote Control Service Vulnerability Allows Privilege Escalation
A significant vulnerability, CVE-2025-26396, affects the SolarWinds Dameware Mini Remote Control Service could allow attackers to escalate privileges on affected systems. Security researcher Alexander Pudwill,…
Splunk Enterprise XSS Flaw Enables Attackers to Execute Unauthorized JavaScript
Splunk has disclosed a reflected Cross-Site Scripting (XSS) vulnerability in its Enterprise and Cloud Platform products, tracked as CVE-2025-20297 and detailed in advisory SVD-2025-0601. The…
Top FBI cyber official Cynthia Kaiser exits for Halcyon
Cynthia Kaiser, a former top FBI cyber official, is joining the cybersecurity firm Halycon this week as senior vice president of its newly created ransomware…
New ModSecurity WAF Vulnerability Let Attackers Crash the System
A significant denial of service vulnerability has been discovered in ModSecurity, one of the most widely deployed open-source web application firewall (WAF) engines used to…
Malicious NPM Packages Exploit Ethereum Wallets with Obfuscated JavaScript
A recent wave of malicious NPM packages has emerged as a significant threat to cryptocurrency users, specifically targeting Ethereum wallet holders. Cybersecurity researchers have uncovered…