‘Elusive Comet’ Attackers Use Zoom to Swindle Victims
The threat actor uses sophisticated social engineering techniques to infect a victim’s device, either with an infostealer or remote access Trojan (RAT).
-
-
Nation-State Threats Put SMBs in Their Sights
Cyberthreat groups increasingly see small and medium-sized businesses, especially those with links to larger businesses, as the weak link in the supply chain for software and IT services.
-
Can Cybersecurity Weather the Current Economic Chaos?
Cybersecurity firms tend to be more software- and service-oriented than their peers, and threats tend to increase during a downturn, leaving analysts hopeful that the industry will buck a recession.
-
Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan
Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC). “In some systems, initial access was gained through
-
ASUS Urges Users to Patch AiCloud Router Vuln Immediately
The vulnerability is only found in the vendor’s router series and can be triggered by an attacker using a crafted request — all of which helps make it a highly critical vulnerability with a 9.2 CVSS score.
-
Nation-State Threats Put SMBs in Their Sights
Cyberthreat groups increasingly see small and medium businesses, especially those with links to larger businesses, as the weak link in the supply chain for software and IT services.
-
SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks
A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence…
-
The Global AI Race: Balancing Innovation and Security
The AI security race is on — and it will be won where defenders come together with developers and researchers to do things right.
-
5 Reasons Device Management Isn’t Device Trust
The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture. The solution is more complex. For this article, we’ll focus on the device threat…
-
⚡ THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More
Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small…