Hunting for M365 Password Spraying
On January 19, 2024 Microsoft released a statement regarding the threat actor group named “Midnight Blizzard”—this state-sponsored actor was observed by Microsoft as performing password…
Author: Cybernoz
Axios npm hack used fake Teams error fix to hijack maintainer account
The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering…
Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware
The cybersecurity community is on high alert following a massive source code leak from Anthropic. On March 31, 2026, the company accidentally exposed the complete…
Kimsuky Uses Malicious LNK Files to Drop Python Backdoor
Kimsuky is using multi-stage malicious LNK files to deploy a Python-based backdoor, adding new intermediate scripts while keeping the final payload logic largely unchanged. The…
New infosec products of the month: March 2026
Here’s a look at the most interesting products from the past month, featuring releases from Beazley, Bonfy.AI, Mend.io, Mimecast, NinjaOne, Novee, Intel 471, Singulr AI,…
WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action
Ravie LakshmananApr 02, 2026Surveillance / Mobile Security Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version…
T-Mobile Sets the Record Straight on Latest Data Breach Filing
T-Mobile USA has provided clarification on a recent data breach notification, stating that it was triggered by an insider incident with a very limited impact.…
Qilin ransomware group claims the hack of German political party Die Linke
Qilin ransomware group claims the hack of German political party Die Linke Pierluigi Paganini April 04, 2026 Qilin ransomware claims it stole data from Germany’s…
Cisco fixes critical IMC auth bypass present in many products
Cisco has released patches for a critical vulnerability in its out-of-band management solution, present in many of its servers and appliances. The flaw allows unauthenticated…
What Triggers the Need for Security Awareness Training?
Trigger events are the leading cause for implementing a security awareness training program. After all, most organizations don’t just volunteer to spend money until they…
Device code phishing attacks surge 37x as new kits spread online
Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. In this…
Critical Fortinet FortiClient EMS 0-Day Vulnerability Actively Exploited in the Wild
Fortinet has issued an emergency hotfix after security researchers disclosed a critical zero-day vulnerability in FortiClient EMS that is already being actively exploited by threat…