An Iran-aligned hacking group has been attributed to a new set of cyber attacks targeting Kurdish and Iraqi government officials in early 2024. The activity is tied to a threat group ESET tracks as BladedFeline, which is assessed with medium confidence to be a sub-cluster within OilRig, a known Iranian nation-state cyber actor. It’s said…
The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of cryptocurrency funds and about 145 clearnet and dark web domains associated with an illicit carding marketplace called BidenCash. “The operators of the BidenCash marketplace use the platform to simplify the process of buying and selling stolen credit cards and associated personal information,” the…
ESET published research on the Iranian APT “BladedFeline,” which researchers believe is a subgroup of the cyber-espionage entity APT34.
The United Nations, Carnegie Mellon University, and private organizations are all aiming to train the next generation of cybersecurity experts, boost economies, and disrupt pipelines to armed groups.
Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, could allow unauthenticated actors to carry out malicious actions on susceptible systems. The security defect, tracked as CVE-2025-20286, carries a CVSS score of 9.9 out of 10.0. It has been described as a static…
A little more than three-quarters of these exposed devices are located in Europe, followed by Asia, with 17%.
A group Google is tracking as UNC6040 has been tricking users into installing a malicious version of a Salesforce app to gain access to and steal data from the platform.
By understanding the neurological realities of human attention, organizations can build more sustainable security operations that protect not only their digital assets but also the well-being of those who defend them.
An international group of researchers found that simply rerecording deepfake audio with natural acoustics in the background allows it to bypass detection models at a higher-than-expected rate.
Google has disclosed details of a financially motivated threat cluster that it said “specialises” in voice phishing (aka vishing) campaigns designed to breach organizations’ Salesforce instances for large-scale data theft and subsequent extortion. The tech giant’s threat intelligence team is tracking the activity under the moniker UNC6040, which it said exhibits characteristics that align with