The World Economic Forum (WEF) determined that the widespread blackout across Spain and Portugal this week intensified concerns... The post WEF warns of growing cyber threats to energy...

A 36-year-old Yemeni national, who is believed to be the developer and primary operator of 'Black Kingdom' ransomware, has been indicted by the United States for conducting 1,500 attacks on...

Identifying unauthorized access to sensitive data—especially passwords—remains a critical concern for cybersecurity teams. When such access happens through legitimate tools like Notepad,...

Bitdefender uncovers a massive surge in sophisticated subscription scams disguised as online shops and evolving mystery boxes. Learn…

The United Kingdom's National Cyber Security Centre warned that ongoing cyberattacks impacting multiple UK retail chains should be taken as a "wake-up call." [...]

FIDO Alliance found an uptick in awareness and takeup of passkeys as an alternative method to passwords

Your Amazon Fire Stick, Chromecast, and other streaming devices gather personal data for different purposes. If that concerns you, here's how to regain some control.

UK retailers including Harrods, M&S, and the Co-op are under a surge of cyber-attacks that may be linked by a common supplier or shared technological vulnerability

In this special edition of the Cybersecurity Snapshot, we’re highlighting some of the most valuable guidance offered by the U.S. Cybersecurity and Infrastructure Security Agency in the past 12...

Monitoring remote file transfer utilities like rsync is essential in detecting stealthy lateral movement or data exfiltration across Unix-based environments. But not all rsync usage is equal. In...

As attackers become more creative in bypassing traditional network defenses, analysts need fast, clear insight into the logic behind complex detection rules. That’s where Uncoder AI’s Full Summary...

F6 Threat Intelligence has disclosed that it tracked the activities of the Hive0117 group, which conducted a large-scale... The post DarkWatchman-linked group Hive0117 targets Russian critical...

Cybersecurity vendor BeyondTrust launched this week the new Identity Security Risk Assessment, a free service designed to illuminate... The post BeyondTrust launches free Identity Security Risk...

SSH Communications Security (SSH) and Cinia have signed a reseller agreement that will enable both parties to deliver... The post SSH and Cinia sign reseller agreement to deliver comprehensive...

The Irish Data Protection Commission (DPC) has fined TikTok €530 million (over $601 million) for illegally transferring the personal data of users in the European Economic Area (EEA) to China,...

Adversaries frequently repurpose trusted tools like curl.exe to tunnel traffic through SOCKS proxies and even reach .onion domains. Whether it’s for data exfiltration or command-and-control...

2025-04-22 • SentinelOne • SentinelOne • win.fog Open article on Malpedia

2025-04-29 • France Diplomatie • France Diplomatie Open article on Malpedia

2025-04-29 • CERT-FR • CERT-FR • ps1.steelhook, py.masepie, win.mocky_lnk, win.oceanmap Open article on Malpedia

When attackers repurpose legitimate binaries like curl.exe to tunnel through SOCKS proxies and access .onion domains, it poses a major visibility gap for defenders. These behaviors can signal C2...

2025-05-01 • Github (VenzoV) • VenzoV Open article on Malpedia

2025-04-29 • Trustwave • Trustwave SpiderLabs • js.kongtuke Open article on Malpedia

2025-05-01 • Zscaler • ThreatLabZ research team • win.stealc Open article on Malpedia

​Microsoft has resolved an issue with a machine learning model that mistakenly flagged emails from Gmail accounts as spam in Exchange Online. [...]

Microsoft has announced that all new Microsoft accounts will be "passwordless by default" to secure them against password attacks such as phishing, brute force, and credential stuffing. [...]

The term proof is used for loosely in the blockchain industry. Originally with Bitcoin, proof of work was used as an anti-spam technique. It relies on the probabilistic assumption takes a certain...

In Scroll zkEVM rollups, transactions occur in two main steps: EVM executes all transactions, performs state transitions and then sends the transaction to the provers. zkEVM prover proves the...

A employee at Elon Musk's artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models...

Federal law enforcement officials accuse Artem Stryzhak, who was arrested in Spain last year, of attacking and extorting multiple companies between 2018 and 2021. The post Ukrainian extradited to...

Federal law enforcement officials accuse Artem Stryzhak, who was arrested in Spain last year, of attacking and extorting multiple companies between 2018 and 2021. The post Ukrainian extradited to...