Taegis MDR/XDR now work with Sophos Firewall’s Active Threat Response

An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on…

Once dismissed as Internet miscreants in hoodies, ethical hackers have hit the big time, earning millions from blue-chip firms. And they say it’s their diverse backgrounds that make them top-tier bug hunters.

Cybersecurity researchers have discovered a new campaign that employs malicious JavaScript injections to redirect site visitors on mobile devices to a Chinese adult-content Progressive Web App (PWA) scam. “While the payload itself is nothing new (yet another adult gambling scam), the delivery method stands out,” c/side researcher Himanshu Anand said in a Tuesday analysis. “The…

Hackers are exploiting trusted authentication flows — like Microsoft Teams and IoT logins — to trick users into handing over access tokens, bypassing MFA and slipping undetected into corporate networks.

The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that’s targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. “While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed…

State-linked hackers stayed under the radar by using a variety of commercial cloud services for command-and-control communications.