Key Insights from Huntress’ SMB Threat Report
Small and medium-sized businesses (SMBs) often find themselves in the crosshairs of today’s cybercriminals. While the spotlight often shines on high-profile breaches affecting corporate giants,…
Author: Cybernoz
American utility firm Itron discloses breach of internal IT network
Utility technology company Itron, Inc. has disclosed that an unauthorized third party accessed some of its internal systems during a cyberattack. The company states that…
Hackers Exploiting Cisco Firepower Devices’ Using n-day Vulnerabilities to Gain Unauthorized Access
State-sponsored threat actors are actively targeting Cisco Firepower devices by chaining known vulnerabilities to deploy a highly customized backdoor. Cisco Talos recently discovered that the…
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
Ravie LakshmananApr 22, 2026Cyber Espionage / Malware Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that’s distributed via a theme…
GopherWhisper: new China-linked APT targets Mongolia with Go-based malware
GopherWhisper: new China-linked APT targets Mongolia with Go-based malware Pierluigi Paganini April 26, 2026 ESET found a new China-linked APT, tracked as GopherWhisper, targeting Mongolia…
Can’t Touch This: Data Exfiltration via Finger
During the various phases of an attack, it’s not uncommon for threat actors to use “living off the land” binaries (LOLBins) or scripts and libraries…
Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks
Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw, according to nonprofit security organization Shadowserver.…
Litecoin Zero-Day Vulnerability Exploited in DoS Attack, Disrupts Major Mining Pools
A critical zero-day vulnerability in the Litecoin network was actively exploited to launch a denial-of-service (DoS) attack, temporarily disrupting operations across major mining pools before…
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
Ravie LakshmananApr 22, 2026Vulnerability / Cryptography Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to…
Trigona ransomware adopts custom tool to steal data and evade detection
Trigona ransomware adopts custom tool to steal data and evade detection Pierluigi Paganini April 26, 2026 Trigona ransomware now uses a custom command-line tool to…
MFT Exploitation and Adversary Operations
Threat actors of varying types continue to target managed file transfer (MFT) applications for exploitation. The latest concerning MFT vulnerability was identified by Converge Technology…
DORA and operational resilience: Credential management as a financial risk control
Author: Eirik Salmi, System Analyst at Passwork When a threat actor walks into your network using a legitimate username and password, which control stops them?…