Royal & BlackSuit Breach Hits 450+
A recent advisory from the U.S. Department of Homeland Security reveals that the cybercriminal operations known as Royal and BlackSuit have compromised more than 450 U.S. companies. These attacks, spanning critical sectors such as healthcare, education, public safety, energy, and government, have yielded over $370 million in ransom payouts – calculated at current cryptocurrency valuations. […]
End of Legacy in M365 Security
As part of Microsoft’s Secure Future Initiative and its “Secure by Default” approach, Microsoft will begin automatically blocking legacy authentication protocols-specifically RPS (for SharePoint and OneDrive browser access) and FPRPC (used for opening Office files)-across all Microsoft 365 tenants. This change rolls out from mid-July 2025 and completes by August 2025, with no additional licensing […]
Smart Contracts Under Siege
Blockchain Meets Malware Command & Control Researchers have uncovered a sophisticated malware campaign leveraging Ethereum smart contracts as decentralized command-and-control (C2) systems. Attackers are using smart contract–based infrastructure—instead of traditional servers-to issue instructions and maintain persistence in malicious npm package campaigns. This approach transforms blockchain features into resilient attack platforms: immutable, globally accessible, and difficult […]
RMM Hijack: A Silent Threat
Exploiting the Tools You Trust Security investigators have identified a growing cyber threat: attackers are misusing Remote Monitoring and Management (RMM) tools, such as Atera and Splashtop, to gain sustained access within corporate networks. By deploying multiple RMM agents simultaneously, attackers ensure persistence even if one gets discovered and removed. These tools-normally reserved for legitimate […]
CISA Flags ICS Vulnerabilities
CISA Warns of Critical ICS Vulnerabilities The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories concerning vulnerabilities and known exploits affecting Industrial Control Systems (ICS). These advisories come as part of the agency’s ongoing efforts to protect the backbone of critical infrastructure from evolving cyber threats. The advisories highlight severe flaws in […]
APT Poses as Tech Recruiter
A New Breed of Social Engineering Threat A recent investigation has exposed a sophisticated cyber-espionage campaign led by the North Korean-linked group Famous Chollima (APT 37). The group is targeting job seekers-especially software developers and crypto professionals-by impersonating recruiters from well-known companies and delivering malicious payloads disguised as technical assessments. Victims receive seemingly legitimate interview invitations […]
15,000+ Fake TikTok
A Sophisticated Hybrid Scam Uncovered Cybersecurity researchers recently uncovered a large-scale phishing and malware campaign targeting TikTok Shop users, known as FraudOnTok (previously ClickTok). The operation involves over 15,000 fake domains impersonating TikTok Shop to spread malware and steal cryptocurrency. These malicious websites are promoted using AI-generated influencer videos, fraudulent ads on Meta platforms, and […]
Perimeter at Risk: Akira
A Rising Threat at the Network Edge On August 4, 2025, cybersecurity researchers confirmed that the Akira ransomware group has launched a coordinated campaign targeting SonicWall SSL VPN appliances. By exploiting either unpatched vulnerabilities or misconfigured security settings, attackers have successfully bypassed authentication controls and deployed ransomware across sectors like healthcare, education, law, logistics, and […]
BitLocker COM Exploit
A Silent Leap Across the Network A new lateral movement technique has emerged-one that doesn’t rely on malware, scripts, or traditional exploitation. Instead, it leverages a legitimate, trusted interface: BitLocker’s Component Object Model (COM), triggered through Windows Management Instrumentation (WMI). This method allows attackers to execute commands remotely under the context of the logged-in user, […]
CurXecute: AI Dev Tool Risk
On August 4, 2025, researchers disclosed a critical flaw in Cursor IDE, a popular AI-driven development environment. The vulnerability-CurXecute (CVE-2025-54135)-enables Remote Code Execution (RCE) without any user interaction. It’s a stark reminder of how fast the attack surface is expanding due to AI integration in software development. What Happened? Cursor’s Model Context Protocol (MCP) was […]