Silent Intrusion: TA-ShadowCricket Spy
A sophisticated China-linked threat actor known as TA-ShadowCricket has been conducting stealthy cyber espionage operations against government and enterprise networks across the Asia-Pacific region for over a decade. The group, formerly identified as Shadow Force and initially categorized as Larva-24013 by AhnLab’s threat taxonomy, has quietly infiltrated critical infrastructure since 2012, demonstrating remarkable persistence and […]
SK Telecom Breach: Digital Trust Alert
In a world where digital infrastructure supports everything from national security to personal communication, trust in data stewardship is paramount. Yet, that trust is increasingly under pressure, as highlighted by the recent SK Telecom data breach that compromised the personal information of millions of South Korean citizens. With hundreds now demanding compensation, this incident serves […]
RedisRaider: Cryptojack Worm
In the ever-evolving theater of cyber warfare, a new silent predator has emerged from the depths of the internet RedisRaider. Discovered by Datadog Security Labs, this sophisticated malware campaign exploits poorly secured Redis servers and covertly mines Monero cryptocurrency. But it doesn’t stop there. RedisRaider spreads like a ghost through networks, cloaked in layers of […]
PyPI Malware Steals Social Logins
There’s a silent infiltration taking place in the realm of open-source software, and it’s happening through a channel that many developers trust without question: the Python Package Index (PyPI). Behind what looks like harmless libraries, a new class of cybercriminals is distributing tools specifically crafted to exploit social media platforms like TikTok and Instagram. Between […]
Cloud Leak: Billions at Risk
In an era where digital transformation drives every industry, cloud storage has become the backbone of data infrastructure. However, alongside its convenience comes a growing cybersecurity risk misconfigured cloud storage buckets. Recent findings reveal the scale of this issue and the devastating impact it could have across industries. Cyble, a threat intelligence firm, recently uncovered […]
Russia Hacks Webmail for Spying
A major wave of cyber espionage campaigns has once again brought the spotlight onto outdated and vulnerable webmail servers across the globe. Dubbed Operation RoundPress, the campaign is believed to be the work of APT28, a Russian state-sponsored threat actor known by many names such as Fancy Bear, Sednit, TA422, and Forest Blizzard. According to cybersecurity firm […]
Legacy Auth, Modern Risk: Entra ID
A recent cybersecurity campaign has cast a spotlight on an old problem in a new era- legacy authentication. Between March and April 2025, attackers exploited a flaw in Microsoft Entra ID’s legacy login mechanism, allowing them to bypass Multi-Factor Authentication (MFA) and gain unauthorized access to critical administrator accounts across the finance, healthcare, manufacturing, and […]
PDF-RAT: Cross-Platform Attack
Cybercriminals are evolving, and so are their methods. A new multilayered email attack campaign is exploiting the trust users place in invoice communications to distribute Remote Access Trojans (RATs) that work across multiple platforms. With legitimate-looking PDF invoices as bait, attackers are targeting organizations through a sophisticated infection chain designed to evade detection and establish […]
SAP Attacks: Chaya_004 Threat Intel
A new wave of cyberattacks has emerged targeting a critical vulnerability in SAP NetWeaver, marking another concerning development in the landscape of enterprise application security. This latest campaign, attributed to a China-linked threat actor tracked as Chaya_004, takes advantage of CVE-2025-31324, a remote code execution vulnerability with a maximum CVSS score of 10.0. The exploit allows […]
Moonlander: EoL & IoT Botnet Risk
In a major international operation named Operation Moonlander, Dutch and U.S. law enforcement authorities have dismantled a massive proxy botnet powered by thousands of compromised Internet of Things (IoT) and end-of-life (EoL) devices. These hijacked devices were exploited to provide anonymity to cybercriminals through paid proxy services, enabling a wide range of illicit online activity. The […]