Go Module Masquerades as SSH Tool
A recent discovery in the Go developer ecosystem has exposed a malicious module posing as a legitimate SSH brute-force utility, highlighting the growing risks of supply chain attacks. This threat emphasizes how attackers are increasingly targeting developer tools and open-source packages to infiltrate enterprise environments. The malicious Go module, designed to mimic common SSH utilities, […]
Gmail Phishing with Prompt Injection
Cybercriminals are exploiting advanced AI-driven techniques to launch sophisticated Gmail phishing attacks using prompt injection. These campaigns manipulate large language models (LLMs) to craft convincing emails that bypass traditional detection methods. Unlike conventional phishing, this approach leverages GenAI to deliver highly personalized and adaptive messages, significantly increasing the success rate of these attacks. How Prompt […]
Shamos Infostealer Surge
A sophisticated cyber campaign is tricking Mac users into installing a new strain of malware called Shamos Infostealer, highlighting the growing risks to Apple’s ecosystem. The attack is being distributed through deceptive pop-ups and websites offering fake system fixes, luring users into downloading malicious disk image files (.DMG). Once executed, the malware infiltrates the system, […]
APT36 Exploits Linux
A recent campaign by the threat group APT36, also known as Transparent Tribe, is targeting Linux systems through malicious desktop entry files. These attackers leverage .desktop files-commonly used for application shortcuts in Linux environments-to install a powerful remote access trojan (RAT) called Poseidon. This sophisticated tactic allows the attackers to bypass basic security checks and […]
Murky Panda Cloud Exploit
In a recent cybersecurity alert, researchers have uncovered a sophisticated supply-chain attack orchestrated by Murky Panda, a nation-state-backed threat group. This campaign targets managed service providers (MSPs) and leverages the inherent trust businesses place in their cloud vendors to infiltrate downstream customers. How the Attack Works Murky Panda employs compromised cloud environments and privileged access […]
NIST AI-Specific Security Control Overlays
The National Institute of Standards and Technology (NIST) has released a concept paper outlining a forward-looking plan for AI-focused control overlays built on the trusted SP 800-53 framework. These overlays are designed to help organizations operationalize cybersecurity measures for AI systems-from generative and predictive models to single- and multi-agent workflows. At the same time, NIST […]
The Rise of Automated Pentesting
As cyber threats become increasingly sophisticated, penetration testing (pentesting) has emerged as a vital component of modern security strategies. Traditionally, pentesting relied on highly skilled human testers simulating real-world attacks to uncover vulnerabilities. While this approach remains essential, automation is redefining the landscape, making the process faster, more scalable, and more efficient. The Rise of […]
Interpol fight against cybercrime
Interpol recently announced a major victory in the fight against cybercrime, arresting 1,209 individuals involved in various cybercriminal activities across 49 countries. This large-scale operation targeted threats such as business email compromise (BEC), phishing, ransomware, cryptocurrency fraud, and identity theft, disrupting over 3,500 illicit bank accounts and seizing millions in illicit funds. The arrests highlight […]
QuirkyLoader: The New Malware Loader
Cybersecurity professionals have uncovered a novel threat named QuirkyLoader-a sophisticated multi-stage malware loader deployed via spam emails that has been active since November 2024. Key Threat Mechanics Spam emails carry an archive containing three elements: a legitimate executable, an encrypted payload disguised as a DLL, and a malicious DLL loader. The benign executable triggers the […]
New Risks for Industrial Control Systems
On August 19, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued four urgent advisories targeting vulnerabilities in Industrial Control Systems (ICS). These alerts reveal high-risk flaws in products from Siemens, Tigo Energy, and EG4 Electronics-underscoring the need for faster, smarter defense in critical infrastructure sectors such as energy and manufacturing. Highlights from the Advisories […]