Resurge Malware Exploits Ivanti Flaw, Prompting Urgent Patching A new strain of Resurge malware has been spotted exploiting a recently disclosed vulnerability in Ivanti’s product line, notably affecting Ivanti Endpoint Manager. According to security researchers, attackers can leverage this flaw to gain unauthorised access, potentially enabling remote code execution or privilege escalation. The malware then […]
According to the latest Patch Tuesday announcement, Microsoft has released 57 security fixes covering a broad range of products, including Windows OS, Microsoft Office, and Azure services. Among the patched flaws are several that attackers have already exploited in the wild, emphasising the need for immediate deployment. Security experts advise users and IT teams to […]
Security researchers have sounded the alarm over a newly emerged botnet known as BadBox 2.0, which has reportedly infected over 1 million devices worldwide. The malware spreads by exploiting unpatched routers, IoT gadgets, and poorly secured servers, transforming them into nodes that carry out illegal activities, such as launching distributed denial-of-service (DDoS) attacks or stealing […]
A new threat has emerged in the Python ecosystem, with malicious packages lurking on the popular PyPI repository. Researchers have revealed that these suspicious modules were designed to steal cloud platform credentials, putting both individual developers and organisations at risk. When unsuspecting users install these tainted packages, hidden scripts activate in the background, exfiltrating data […]
Microsoft has alerted users to a rising “ClickFix” phishing campaign that tricks people into believing they need to resolve pressing security issues. Cybercriminals send seemingly urgent emails—posing as Microsoft notifications—that direct recipients to malicious websites or disguised links. Once users click, attackers harvest login credentials or inject malware into target systems. Microsoft stresses the importance […]
According to the reported findings, cyber-criminals are increasingly manipulating Cascading Style Sheets (CSS) to help their malware evade detection. By embedding malicious code within CSS files, attackers can stealthily deliver payloads, circumventing traditional security tools that focus on more common threat vectors like JavaScript or executable files. Security researchers warn that this tactic highlights a […]
A recently disclosed flaw in Apache Tomcat, a popular Java-based web server and servlet engine, has prompted urgent warnings from cybersecurity experts. According to the latest reports, attackers could exploit the vulnerability to run malicious code or escalate privileges within compromised systems, putting countless web services and applications at risk. Apache Tomcat powers a significant […]
North Korean Hackers Exploit PowerShell for Stealth Attacks A recent report highlights that North Korean state-sponsored hackers are exploiting PowerShell-based scripts to infiltrate targeted systems worldwide. According to security researchers, the attackers rely on sophisticated social engineering tactics and cleverly disguised payloads to bypass traditional detection methods. Once inside a network, they move laterally, extract […]
Microsoft’s February 2025 Patch Tuesday addresses a total of 63 security flaws across various products, including two zero-day vulnerabilities under active exploitation. These zero-day bugs reportedly allow attackers to escalate privileges on Windows systems without user interaction. The updates cover an extensive range of Microsoft software, from Windows OS components and Exchange Server to developer […]
