+84949482065
A critical unauthenticated HTTP(S) port access vulnerability in CrushFTP "could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing servers (and likely the data stored on them)." The flaw…
The UK Information Commissioner’s Office has fined IT and software services company Advanced Computer Software Group Ltd nearly £3.1 million (US $4 million) over a ransomware attack that "put the…
The US Federal Bureau of Investigation’s (FBI’s) Internet Crime Complaint Center (IC3) has published an alert warning that threat actors have been sending letters to C-suite executives, claiming that ransomware…
Mandiant discovered custom TinyShell backdoors on Juniper Networks’ Junos OS routers, attributed to the China-nexus espionage group UNC3886. The attacks affected routers running EOL hardware and software. More https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers
A new ransomware variant, Elysium, linked to the Ghost ransomware family, has been targeting critical infrastructure, healthcare, and government sectors by exploiting vulnerabilities in outdated applications. Read here https://www.netskope.com/blog/analyzing-elysium-a-variant-of-the-ghost-cring-ransomware-family
A new Android surveillance tool called KoSpy has been discovered, which is linked to the North Korean APT group ScarCruft. KoSpy was distributed through the Google Play Store and Firebase…
Researchers at CTM360 warned of a new PlayPraetor malware campaign targeting Android users through fake Google Play Store sites, tricking them into downloading the banking trojan via malicious APK files.…
Microsoft has discovered a new variant of XCSSET, a sophisticated modular malware that targets macOS. It has enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies. Ref https://www.microsoft.com/en-us/security/blog/2025/03/11/new-xcsset-malware-adds-new-obfuscation-persistence-techniques-to-infect-xcode-projects/
The Ballista botnet is exploiting an unpatched vulnerability (CVE-2023-1389) in TP-Link Archer routers. The malware can launch DoS/DDoS attacks and has affected various U.S., Australia, China, and Mexico sectors. More…
An unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster)…
