Finding Minhook in a sideloading attack – and Sweden too
Multifaceted changes in TTPs illustrate what researchers see when they start digging
-
-
Vulnerability Exploitation Is Shifting in 2024-25
The number of vulnerabilities exploited by attacks may not be growing these days, but they are increasingly affecting enterprise technologies.
-
Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool
In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that’s capable of conducting surveillance. The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to…
-
CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two high-severity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below – CVE-2025-1976 (CVSS score: 8.6) – A code injection…
-
SAP NetWeaver Visual Composer Flaw Under Active Exploitation
CVE-2025-31324 is a maximum severity bug that attackers exploited weeks before SAP released a patch for it.
-
AI, Automation, and Dark Web Fuel Evolving Threat Landscape
Attackers are leveraging the benefits of new technology and the availability of commodity tools, credentials, and other resources to develop sophisticated attacks more quickly than ever, putting defenders on their heels.
-
Forget the Stack; Focus on Control
Security teams are under more pressure than ever — and cybersecurity debt is adding fuel to the fire. While it can’t be eliminated overnight, it can be managed.
-
DoJ Data Security Program Highlights Data Sharing Challenges
The Department of Justice announced compliance rules for the Data Security Program that will require organizations to reexamine how they do business and with whom.
-
DoJ Data Security Program Highlights Data Sharing Challenges
The Department of Justice announced compliance rules for the Data Security Program that will require organizations to reexamine how they do business and with whom.
-
⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More
What happens when cybercriminals no longer need deep skills to breach your defenses? Today’s attackers are armed with powerful tools that do the heavy lifting — from AI-powered phishing kits to large botnets ready to strike. And they’re not just after big corporations. Anyone can be a target when fake identities, hijacked infrastructure, and insider…