Palindrome Technologies Approved as Cybersecurity Label Administrator for FCC’s IoT Program

Blog

By January 8, 2025

Post Content

Blog

Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs

The China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk. “The worm only executes on devices with Thailand-based IP addresses and drops the Yokai backdoor,” IBM X-Force researchers Golo Mühr and Joshua Chung said in an analysis…

Read More Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs
Blog

Commvault Command Center Path Traversal Vulnerability (CVE-2025-34028)

What is the Vulnerability?A critical path traversal vulnerability has been identified in Commvault’s Command Center Innovation Release. The vulnerability, tracked as CVE-2025-34028, has been assigned a CVSS score of 9.0. This flaw allows unauthenticated remote attackers to upload specially crafted ZIP files. When these files are expanded by the server, they can lead to arbitrary…

Read More Commvault Command Center Path Traversal Vulnerability (CVE-2025-34028)
Blog

‘Broadside’ Mirai Variant Targets Maritime Logistics Sector

‘Broadside’ is targeting a critical flaw in DVR systems to conduct command injection attacks, which can hijack devices to achieve persistence and move laterally.

Read More ‘Broadside’ Mirai Variant Targets Maritime Logistics Sector
Blog

Dell’s Hard-Coded Flaw: A Nation-State Goldmine

A China-related attacker has exploited the vendor flaw since mid-2024, allowing it to move laterally, maintain persistent access, and deploy malware.

Read More Dell’s Hard-Coded Flaw: A Nation-State Goldmine
Blog

Moving Beyond Awareness: How Threat Hunting Builds Readiness

Every October brings a familiar rhythm – pumpkin-spice everything in stores and cafés, alongside a wave of reminders, webinars, and checklists in my inbox. Halloween may be just around the corner, yet for those of us in cybersecurity, Security Awareness Month is the true seasonal milestone. Make no mistake, as a security professional, I love…

Read More Moving Beyond Awareness: How Threat Hunting Builds Readiness
Blog

Attackers Impersonate Ruby Packages to Steal Sensitive Telegram Data

Malicious RubyGems pose as a legitimate plug-in for the popular Fastlane rapid development platform in a geopolitically motivated attack with global supply chain reach.

Read More Attackers Impersonate Ruby Packages to Steal Sensitive Telegram Data

Related