Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authentication

Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated by the Russia-linked APT29 actors as part of their intelligence gathering... Read more »

Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE

The North Korea-linked threat actor known as the Lazarus Group has been attributed to a social engineering campaign that distributes three different pieces of cross-platform malware called PondRAT, ThemeForestRAT,... Read more »

Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data

A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent.... Read more »

Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

Cybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed an open-source endpoint monitoring and digital forensic tool called Velociraptor, illustrating ongoing abuse of... Read more »

⚡ Weekly Recap: Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More

Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage, or shift who holds the upper... Read more »

Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775

Citrix has released fixes to address three security flaws in NetScaler ADC and NetScaler Gateway, including one that it said has been actively exploited in the wild. The vulnerabilities... Read more »

Why SIEM Rules Fail and How to Fix Them: Insights from 160 Million Attack Simulations

Security Information and Event Management (SIEM) systems act as the primary tools for detecting suspicious activity in enterprise networks, helping organizations identify and respond to potential attacks in real... Read more »

Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra

Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025. These attacks, observed by Recorded... Read more »

Google to Verify All Android Developers in 4 Countries to Block Malicious Apps

Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute their software outside the Play Store. “Android... Read more »

MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers

Cybersecurity researchers are calling attention to a sophisticated social engineering campaign that’s targeting supply chain-critical manufacturing companies with an in-memory malware dubbed MixShell. The activity has been codenamed ZipLine... Read more »
Subscribe to our Newsletter