Operation Endgame
An unprecedented international strike under Operation Endgame has delivered one of the most significant blows yet to cyber-crime infrastructure. Coordinated by Europol, Eurojust and partner agencies, the operation disrupted the backend of major malware platforms such as Rhadamanthys (an infostealer), VenomRAT (a remote-access trojan) and Elysium (a large-scale botnet). Key Facts The latest phase resulted […]
English-Speaking Cybercriminal Ecosystem
A comprehensive analysis reveals how the underground English-language cybercriminal network, known colloquially as The COM, has transformed from scattered forums trading social-media handles into a fully-fledged industrialised illicit economy. Evolution of The COM The origins of The COM trace back to forums like Dark0de, RaidForums and OGUsers, where early-adopters traded usernames, SIM-swap tools and account […]
Critical Amazon WorkSpaces for Linux Vulnerability
A new vulnerability identified in Amazon WorkSpaces Client for Linux (versions 2023.0 through 2024.8) has raised serious concerns across enterprises relying on cloud-based virtual desktop environments. Tracked as CVE-2025-12779, this flaw could allow unauthorized local users to extract authentication tokens, effectively granting them access to other users’ virtual desktops – a direct compromise of sensitive […]
Cavalry Werewolf Targets Government Institutions
A highly capable threat actor known as Cavalry Werewolf has launched a complex cyber-espionage campaign against Russian government agencies and industrial organisations. What the Campaign Involves The group uses spear-phishing emails disguised as official communications from the Kyrgyz government, often via compromised or spoofed government-email accounts. Initial access is achieved through password-protected archive attachments hosting […]
NGate Malware Enables ATM Cash Withdrawals
Security researchers from CERT Polska have identified a sophisticated Android-based malware campaign – NGate – that allows criminals to withdraw cash from ATMs using victims’ payment cards without physically taking the card. This attack demonstrates how mobile devices and near-field communication (NFC) capabilities are being weaponised to facilitate highly targeted financial fraud across banking systems. […]
Insider Threats Soar
An unsettling incident has emerged: three U.S. professionals previously working in cybersecurity roles are now indicted for orchestrating a ransomware campaign in partnership with the ALPHV BlackCat ransomware group. What we know The defendants include Ryan Clifford Goldberg (former incident-response manager at Sygnia) and Kevin Tyler Martin (former ransomware negotiator at DigitalMint). Both are charged […]
Misconfigured Jupyter Notebook Deployments
Recent security research has revealed a serious risk in many installations of Jupyter Notebook environments: misconfiguration-not a software bug-can allow attackers to gain root-level privileges on the host system. The vulnerability stems from notebook servers running as root with the terminal API enabled and without authentication, exposing a direct path from notebook access to full […]
AMD Zen 5 RDSEED Vulnerability
A newly disclosed vulnerability in AMD’s latest Zen 5 architecture has raised serious concerns about the reliability of hardware-based random number generation – a cornerstone of modern cryptography and secure computing. The Vulnerability: CVE-2025-62626 (AMD-SB-7055) Researchers have identified a flaw in the RDSEED instruction, a critical component responsible for generating cryptographically secure random numbers in […]
Rhysida Uses Fake PuTTY and Teams Ads
A large-scale malvertising campaign is weaponizing sponsored search results to push a stealthy loader called OysterLoader, also tracked as Broomstick and CleanUpLoader. Attackers place convincing ads on Bing that appear in search results and even inside the Windows 11 Start menu, pointing victims to fake download pages that impersonate legitimate tools such as PuTTY, Microsoft […]
WSUS Flaw Demands Your Immediate Attention
A critical remote code-execution vulnerability (CVE‑2025‑59287) in WSUS has moved from theory to reality: attackers are actively exploiting it in the wild. The flaw allows unauthenticated adversaries to run code with SYSTEM-level privileges on affected servers-opening the door to full network compromise, poisoned updates and lateral attacks. Attack-Chain Summary Researchers observed exploitation starting as early […]