A new threat has emerged in the Python ecosystem, with malicious packages lurking on the popular PyPI repository. Researchers have revealed that these suspicious modules were designed to steal cloud platform credentials, putting both individual developers and organisations at risk. When unsuspecting users install these tainted packages, hidden scripts activate in the background, exfiltrating data […]
Microsoft has alerted users to a rising “ClickFix” phishing campaign that tricks people into believing they need to resolve pressing security issues. Cybercriminals send seemingly urgent emails—posing as Microsoft notifications—that direct recipients to malicious websites or disguised links. Once users click, attackers harvest login credentials or inject malware into target systems. Microsoft stresses the importance […]
According to the reported findings, cyber-criminals are increasingly manipulating Cascading Style Sheets (CSS) to help their malware evade detection. By embedding malicious code within CSS files, attackers can stealthily deliver payloads, circumventing traditional security tools that focus on more common threat vectors like JavaScript or executable files. Security researchers warn that this tactic highlights a […]
A recently disclosed flaw in Apache Tomcat, a popular Java-based web server and servlet engine, has prompted urgent warnings from cybersecurity experts. According to the latest reports, attackers could exploit the vulnerability to run malicious code or escalate privileges within compromised systems, putting countless web services and applications at risk. Apache Tomcat powers a significant […]
North Korean Hackers Exploit PowerShell for Stealth Attacks A recent report highlights that North Korean state-sponsored hackers are exploiting PowerShell-based scripts to infiltrate targeted systems worldwide. According to security researchers, the attackers rely on sophisticated social engineering tactics and cleverly disguised payloads to bypass traditional detection methods. Once inside a network, they move laterally, extract […]
Microsoft’s February 2025 Patch Tuesday addresses a total of 63 security flaws across various products, including two zero-day vulnerabilities under active exploitation. These zero-day bugs reportedly allow attackers to escalate privileges on Windows systems without user interaction. The updates cover an extensive range of Microsoft software, from Windows OS components and Exchange Server to developer […]
Palo Alto Networks has released a new set of security patches addressing several vulnerabilities within its PAN-OS operating system, the backbone of its next-generation firewalls. These flaws range in severity but include at least one critical issue that could allow remote threat actors to gain unauthorised access or execute arbitrary code. According to initial advisories, […]
In this article, security researchers highlight how artificial intelligence (AI) is evolving social engineering tactics to an unprecedented level of sophistication. Using advanced algorithms, cybercriminals can quickly gather personal data, generate highly convincing messages, and personalise attacks to trick individuals and businesses. The article stresses the importance of proactive security measures, educating users about AI-based […]
New ‘WhoAmI’ Attack Targets AWS AMI Naming to Slip Malicious Images Into Cloud Deployments Introduction A recently discovered cybersecurity threat, referred to as the WhoAmI attack, is taking aim at Amazon Web Services (AWS). By manipulating the naming of Amazon Machine Images (AMIs), attackers can introduce harmful images into AWS instances. This tactic allows them […]
