Active Directory (AD) remains the foundation of authentication and authorization in Windows environments. Threat actors targeting the NTDS.dit database can harvest every domain credential, unlock lateral…
Malware operators aligned with North Korea have forged a sophisticated partnership with covert IT workers to target corporate organizations worldwide. This collaboration, detailed in a…
A widespread campaign aimed at breaching organizations via zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) has been revealed by the US, UK, Canadian and…
Some of the industrial cameras made by Cognex are affected by potentially serious vulnerabilities, but they will not receive a patch. The cybersecurity agency CISA…
CISA has issued an Emergency Directive mandating immediate action to mitigate two critical zero-day vulnerabilities, CVE-2025-20333 and CVE-2025-20362, actively exploited against Cisco Adaptive Security Appliances (ASA) and select Firepower…
CloudSEK has uncovered a sophisticated Loader-as-a-Service botnet campaign spanning the last six months, leveraging exposed command-and-control logs to orchestrate attacks against SOHO routers, embedded Linux…
A large cache of medical and personal information belonging to patients of Archer Health Inc. was left publicly accessible after a database was found online…
Sep 26, 2025Ravie LakshmananMalware / Browser Security Cybersecurity researchers have discovered an updated version of a known Apple macOS malware called XCSSET that has been…
An updated variant of the sophisticated XCSSET macOS malware is monitoring the system clipboard to hijack cryptocurrency transactions, Microsoft warns. First observed in the wild…
Nessus Pros Authenticated scanning of internal assets (workstations, network devices). Widely accepted for compliance and audit reporting (e.g., PCI DSS). Cons Core strength is infrastructure,…
In late 2024, a new wave of cyber espionage emerged targeting global telecommunications infrastructure. Operating under the moniker Salt Typhoon, this Chinese state-sponsored group has…
A loosely connected cybercrime supergroup is exploiting social engineering to compromise Fortune 100 organizations and government agencies. LAPSUS$, Scattered Spider, and ShinyHunters—three of the most…
