1-855-263-7328
Security Portal Login
1-855-263-7328
Security Portal Login

Author: InfoSec News

New Malware Exploits

Screenshot 2025 09 12 224836

Security researchers have discovered a malware campaign that leverages Microsoft Azure Functions to host its command and control (C2) infrastructure. By abusing a legitimate cloud service, attackers are able to mask their activity, evade traditional security defenses, and maintain persistence within targeted environments. Azure Functions, which allow developers to run lightweight applications without managing servers, […]

NVIDIA NVDebug Tool

Screenshot 2025 09 11 213101

Security researchers have uncovered a critical flaw in the NVIDIA NVDebug Tool that could allow attackers to escalate privileges on affected systems. The vulnerability gives threat actors elevated access, enabling them to bypass standard security controls and potentially gain full control of devices. The issue stems from improper privilege handling within the debugging tool, which […]

Fake Browser Extensions

Screenshot 2025 09 11 212634

Cybersecurity researchers have discovered a new wave of malicious browser extensions disguised as Madgicx Plus and SocialMetrics targeting Meta Business accounts. These extensions trick users into installing them, then give attackers unauthorized access to advertising accounts, financial data, and sensitive business information. How the Attack Works The fake extensions mimic legitimate marketing and analytics tools, […]

Microsoft Issues Warning

Screenshot 2025 09 10 223004

Microsoft has issued a critical warning about a newly discovered vulnerability in Active Directory Domain Services (AD DS) that allows attackers to escalate privileges within enterprise networks. This flaw poses a severe risk to organizations that rely on Active Directory as the foundation for identity and access management infrastructure. What You Need to Know The […]

Salty2FA Phishing Kit

Screenshot 2025 09 10 222347

A newly discovered phishing kit called Salty2FA is targeting enterprises across the United States and European Union. It is designed to steal both user credentials and two-factor authentication tokens, giving attackers full access even when multi-factor protections are in place. How Salty2FA Works The kit delivers phishing pages that closely mimic enterprise login portals. Victims […]

You Onboarded the Attacker

Screenshot 2025 09 09 222655

What if your next star hire isn’t a trusted employee but an infiltrator? This isn’t phishing – it’s threat actors slipping in during onboarding. Meet Jordan from Colorado. Resume, references and background check all clear. On day one Jordan logs in, joins team meetings, and gets full access to repos, project files, and dev keys. […]

Cyber Espionage Through Impersonation

Screenshot 2025 09 09 133846

Recent reports reveal that Chinese-linked espionage groups have been impersonating a U.S. lawmaker to distribute malware and target prominent trade associations. This campaign focused on policy-influencing groups in Washington, including manufacturing, technology, and telecommunications sectors. The attackers used carefully crafted phishing emails that appeared authentic, but instead delivered malicious payloads capable of stealing sensitive information. […]

API Token Risks in SaaS

Screenshot 2025 09 09 130748

The increasing reliance on SaaS platforms continues to deliver efficiency and scalability for organizations, but it also introduces risks when sensitive access mechanisms such as API tokens are not fully secured. The recent Dynatrace incident serves as a reminder of how even trusted vendors can face vulnerabilities that impact customers across industries. What Happened Dynatrace […]

Malverising meets GPUGate Malware

Screenshot 2025 09 09 123337

A New Wave of Malvertising A recent campaign dubbed GPUGate is raising alarms across industries. Attackers are exploiting Google Ads and malicious GitHub commits to spread a fake GitHub Desktop installer. By hijacking trusted platforms and leveraging sponsored ads, they trick professionals into downloading poisoned software. Hardware-Aware Malware What sets GPUGate apart is its reliance […]

WAF Bypass Uncovered

Screenshot 2025 09 09 120254

Security researchers have uncovered a sophisticated technique to bypass Web Application Firewalls (WAFs) by combining JavaScript injection with HTTP parameter pollution. This bypass method exploits parsing inconsistencies between firewalls and backend frameworks, allowing malicious payloads to evade detection and execute within the target application. Implications for Key Industries Financial services: Compromised communication channels can lead […]