Your blog category
Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft’s ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors. “The campaign exhibits characteristics aligned with Chinese-affiliated threat actors, though attribution remains cautious,” Trellix researchers Nico Paulo
As tensions in the Middle East rise, hacktivist groups are coming out of the woodwork with their own agendas, leading to notable shifts in the hacktivist threat landscape.
What is the Vulnerability?Citrix has published security advisories addressing three critical vulnerabilities, CVE-2025-6543, CVE-2025-5349, and CVE-2025-5777, affecting the NetScaler ADC and NetScaler Gateway under specific pre-conditions.CVE-2025-6543: A memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN,…
ShinyHunters threat group members were arrested in a coordinated law enforcement action for their association with BreachForums
A British national arrested earlier this year in France was charged by the US Department of Justice in connection with a string of major cyberattacks.
Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry (“open-vsx[.]org”) that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk. “This vulnerability provides attackers full control over the entire extensions marketplace, and in turn, full control
In today’s cyber battlefield, resilience starts with readiness, and the cost of falling short increases by the day.
Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could permit an unauthenticated attacker to execute arbitrary commands as the root user. The vulnerabilities, assigned the CVE identifiers CVE-2025-20281 and CVE-2025-20282, carry a CVSS score of 10.0 each. A description of the…
The ClickFix social engineering tactic as an initial access vector using fake CAPTCHA verifications increased by 517% between the second half of 2024 and the first half of this year, according to data from ESET. “The list of threats that ClickFix attacks lead to is growing by the day, including infostealers, ransomware, remote access trojans,…