Innovative Network, Inc

Blog

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between October and December 2025. The activity has been attributed with medium confidence to a Russian hacking group tracked as Void Blizzard (aka Laundry Bear or UAC-0190). The threat actor is…

Read More PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces
Blog

Taiwan Endures Greater Cyber Pressure From China

Chinese cyberattacks on Taiwan’s critical infrastructure — including energy utilities and hospitals — rose 6% in 2025, averaging 2.63 million attacks a day.

Read More Taiwan Endures Greater Cyber Pressure From China
Blog

CrowdStrike to Buy Seraphic Security In Bid to Boost Browser Security

The browser protection and detection technology will be integrated into Falcon platform to protect endpoints, browser sessions, and cloud applications.

Read More CrowdStrike to Buy Seraphic Security In Bid to Boost Browser Security
Blog

CISO Succession Crisis Highlights How Turnover Amplifies Security Risks

When cybersecurity leadership turns over too fast, risk does not reset. It compounds.

Read More CISO Succession Crisis Highlights How Turnover Amplifies Security Risks
Blog

‘Most Severe AI Vulnerability to Date’ Hits ServiceNow

ServiceNow tacked agentic AI onto a largely unguarded legacy chatbot, exposing customers’ data and connected systems.

Read More ‘Most Severe AI Vulnerability to Date’ Hits ServiceNow
Blog

Microsoft Starts 2026 With a Bang: A Freshly Exploited Zero-Day

The vendor’s first Patch Tuesday of the year also contains fixes for 112 CVEs, nearly double the amount from last month.

Read More Microsoft Starts 2026 With a Bang: A Freshly Exploited Zero-Day
Blog

Shadow#Reactor Uses Text Files to Deliver Remcos RAT

Attackers use a sophisticated delivery mechanism of text-only files for RAT deployment, showcasing a clever way to bypass defensive tools and rely on the target’s own utilities.

Read More Shadow#Reactor Uses Text Files to Deliver Remcos RAT
Blog

Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages

Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay. “Enterprise organizations that are clients of these payment providers are the most likely to be impacted,” Silent Push said in a report…

Read More Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages
Blog

Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool

Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that’s capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries, while masquerading as a tool to automate trading on the platform. The extension, named MEXC API Automator (ID: pppdfgkfdemgfknfnhpkibbkabhghhfh), has 29 downloads and is still

Read More Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool
Blog

Attackers Abuse Python, Cloudflare to Deliver AsyncRAT

The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade detection and gain trust.

Read More Attackers Abuse Python, Cloudflare to Deliver AsyncRAT