11.5 Tbps DDoS Attack
The digital world has witnessed a staggering milestone – a distributed denial-of-service (DDoS) attack peaking at 11.5 Tbps, making it the largest attack of its kind to date. This unprecedented scale highlights how cybercriminals are leveraging botnets, misconfigured devices, and advanced tactics to overwhelm global infrastructure. Such attacks are no longer limited to isolated industries. […]
Qualcomm Chip Vulnerabilities Exposed
Qualcomm, the world’s leading mobile chipmaker, recently disclosed multiple high-severity vulnerabilities in its Snapdragon chipsets. These flaws impact billions of Android smartphones, IoT devices, and connected infrastructure, creating a potential entry point for attackers to steal sensitive data, compromise communications, or take control of affected devices. The vulnerabilities, tracked under critical CVEs, highlight a growing […]
ScarCruft Deploys ROKRAT Malware
A recent campaign has revealed that the advanced persistent threat (APT) group ScarCruft, believed to operate out of North Korea, is deploying the ROKRAT malware through malicious LNK files. This new wave of attacks highlights the continued evolution of state-sponsored cyber espionage targeting organizations across sectors, particularly those handling sensitive information and cross-border operations. How […]
Fraudulent Scholarship Apps
A sophisticated Android malware campaign, labeled SikkahBot, has been impacting students in Bangladesh by masquerading as legitimate scholarship applications under the Bangladesh Education Board’s name. Attackers distribute these malicious APKs via smishing-sending SMS links that redirect to sites like appsloads.top and downloadapp.website. Once installed, the malware secretly harvests personal and financial data. Victims are prompted […]
300,000 Plex Media Servers Exposed
A critical warning has surfaced for organizations and individuals alike: more than 300,000 internet-facing Plex Media Server instances remain vulnerable to CVE-2025-34158, a severe remote code execution flaw affecting versions 1.41.7.x to 1.42.0.x. Plex released a fix in version 1.42.1, but according to Censys research, hundreds of thousands of servers remain unpatched and exposed online. […]
Salt Typhoon Espionage Campaign
A powerful international alert has revealed that Salt Typhoon, a sophisticated espionage group linked to Chinese state interests, has infiltrated critical infrastructure across the globe-targeting telecommunications, government, transportation, lodging, and military sectors. The advisory, co-issued by the FBI, CISA, NSA, the UK’s NCSC, and numerous other partners, exposes how this threat actor exploits backbone routers […]
WhatsApp Emergency Patch
WhatsApp recently deployed an emergency update to address a critical security flaw affecting iOS and macOS versions of its app. The vulnerability, known as CVE-2025-55177, stems from improper authorization in linked device synchronization messages, potentially allowing malicious content from arbitrary URLs to execute silently on a user’s device. This flaw was potentially exploited in combination […]
Government Takedown of VerifTools
The U.S. Attorney’s Office for the District of New Mexico has successfully seized two domains and a blog linked to VerifTools, a notorious online marketplace distributing counterfeit driver’s licenses, passports, and other identity documents. This action comes after a court-authorized operation revealing that VerifTools sold forged identity documents for as little as nine dollars via […]
Adversary-in-the-Middle (AiTM) Attacks
In the evolving cyber threat landscape, Adversary-in-the-Middle (AiTM) attacks have emerged as a sophisticated form of credential theft. Unlike traditional phishing campaigns, AiTM goes beyond simple deception by inserting a malicious proxy between the victim and a legitimate service. This enables attackers to steal not only usernames and passwords but also multifactor authentication (MFA) tokens, […]
Fake-ID Marketplace Shutdown
Law enforcement agencies, including the FBI and Dutch National Police, have dismantled VerifTools-a widespread marketplace selling counterfeit identity documents. The shutdown involved seizing both physical and virtual servers in Amsterdam and disabling multiple domains, now redirecting users to an FBI seizure notice. VerifTools made it alarmingly simple to produce fake IDs: users uploaded a photo, […]