Security researchers have sounded the alarm over a newly emerged botnet known as BadBox 2.0, which has reportedly infected over 1 million devices worldwide. The malware spreads by exploiting unpatched routers, IoT gadgets, and poorly secured servers, transforming them into nodes that carry out illegal activities, such as launching distributed denial-of-service (DDoS) attacks or stealing […]
A new threat has emerged in the Python ecosystem, with malicious packages lurking on the popular PyPI repository. Researchers have revealed that these suspicious modules were designed to steal cloud platform credentials, putting both individual developers and organisations at risk. When unsuspecting users install these tainted packages, hidden scripts activate in the background, exfiltrating data […]
Microsoft has alerted users to a rising “ClickFix” phishing campaign that tricks people into believing they need to resolve pressing security issues. Cybercriminals send seemingly urgent emails—posing as Microsoft notifications—that direct recipients to malicious websites or disguised links. Once users click, attackers harvest login credentials or inject malware into target systems. Microsoft stresses the importance […]
According to the reported findings, cyber-criminals are increasingly manipulating Cascading Style Sheets (CSS) to help their malware evade detection. By embedding malicious code within CSS files, attackers can stealthily deliver payloads, circumventing traditional security tools that focus on more common threat vectors like JavaScript or executable files. Security researchers warn that this tactic highlights a […]
A recently disclosed flaw in Apache Tomcat, a popular Java-based web server and servlet engine, has prompted urgent warnings from cybersecurity experts. According to the latest reports, attackers could exploit the vulnerability to run malicious code or escalate privileges within compromised systems, putting countless web services and applications at risk. Apache Tomcat powers a significant […]
North Korean Hackers Exploit PowerShell for Stealth Attacks A recent report highlights that North Korean state-sponsored hackers are exploiting PowerShell-based scripts to infiltrate targeted systems worldwide. According to security researchers, the attackers rely on sophisticated social engineering tactics and cleverly disguised payloads to bypass traditional detection methods. Once inside a network, they move laterally, extract […]
Microsoft’s February 2025 Patch Tuesday addresses a total of 63 security flaws across various products, including two zero-day vulnerabilities under active exploitation. These zero-day bugs reportedly allow attackers to escalate privileges on Windows systems without user interaction. The updates cover an extensive range of Microsoft software, from Windows OS components and Exchange Server to developer […]
Palo Alto Networks has released a new set of security patches addressing several vulnerabilities within its PAN-OS operating system, the backbone of its next-generation firewalls. These flaws range in severity but include at least one critical issue that could allow remote threat actors to gain unauthorised access or execute arbitrary code. According to initial advisories, […]
In this article, security researchers highlight how artificial intelligence (AI) is evolving social engineering tactics to an unprecedented level of sophistication. Using advanced algorithms, cybercriminals can quickly gather personal data, generate highly convincing messages, and personalise attacks to trick individuals and businesses. The article stresses the importance of proactive security measures, educating users about AI-based […]
