Fortinet Cautions Users: Attackers Staying Hidden in Networks Despite Patches Fortinet has issued a warning that cybercriminals continue to lurk in networks even after organisations have patched known vulnerabilities in Fortinet products. Attackers who exploited older flaws have managed to maintain persistence by using compromised credentials, backdoor accounts, or hidden footholds. Although many organisations patched […]
New TCESB Malware Puts Organisations on High Alert Exploiting ESET Security Scanner Researchers have identified a new strain of malware called TCESB that is being actively deployed by cybercriminals. The malware’s primary functions include data exfiltration and remote code execution, enabling attackers to stealthily obtain sensitive information from targeted systems. TCESB employs updated obfuscation tactics […]
PipeMagic Trojan Exploits Windows CLFS for Stealth Attacks A newly identified PipeMagic trojan exploits the Common Log File System (CLFS) in Windows to launch sophisticated attacks. Security researchers observed the malware injecting itself into system processes using a previously undocumented technique related to Windows’ CLFS driver. This stealthy approach helps bypass many endpoint defences, allowing […]
WordPress Sites Under Threat from Stealthy MU Plugins Cybercriminals are exploiting WordPress MU plugins (commonly known as “must-use” plugins) to maintain persistent access to WordPress sites. By disguising their backdoors or malicious scripts as MU plugins, attackers can evade standard plugin checks and remain undetected. These sneaky plugins load automatically whenever WordPress runs, making it […]
The Top Three MS Office Exploits Hackers Are Using Right Now Recent findings highlight the top three Microsoft Office exploits that cybercriminals are frequently using in real-world attacks. These include flaws in macro-enabled documents, malicious embedded objects, and privilege escalation vulnerabilities—often leveraged via phishing emails or booby-trapped Office files. Attackers exploit users’ trust in familiar […]
10 Critical Network Penetration Test Findings Every Organisation Should Know The article highlights the 10 most common and critical findings from network penetration tests, illustrating how weaknesses in infrastructure, misconfigurations, and unpatched systems can expose organisations to serious threats. It starts by stressing the importance of regular pentesting and quickly dives into each finding: Ensuring […]
Researchers Reveal 46 Critical Security Vulnerabilities in Embedded Systems Researchers have identified 46 critical vulnerabilities affecting a range of embedded systems, including IoT devices and other networked hardware. These flaws pose significant risks, as attackers could potentially exploit them to gain remote access, disrupt operations, or exfiltrate sensitive data. The vulnerabilities affect multiple vendors, some […]
CoffeeLoader Malware Conceals Code with GPU Techniques Researchers have discovered a new CoffeeLoader malware strain that leverages GPU-based obfuscation techniques to hide malicious code on compromised systems. By shifting some functionalities to the graphics card’s memory, CoffeeLoader reduces its footprint in system RAM, making it harder for conventional antivirus and endpoint detection tools to spot. […]
Critical AMI BMC Vulnerability Revealed, Putting Servers at Risk Security researchers have identified a critical vulnerability in American Megatrends Inc. (AMI) baseboard management controller (BMC) software. BMCs provide remote management features for servers, including power cycling and hardware monitoring. The newly discovered flaw could enable attackers with network access to bypass authentication controls, potentially allowing […]
