PEAKLIGHT Dropper: Hackers Target Windows With Downloads
Cybersecurity researchers have recently discovered an unprecedented dropper. Being dubbed the PEAKLIGHT dropper, it’s used to launch malware capable of infecting Windows systems. Reports claim that such infections lead to the prevalence of information stealers and loaders on Windows devices. In this article, we’ll cover what the dropper is and ... Read More
Google Pixel Security: Android App Makes Phones Vulnerable
In jointly published analysis by Palantir Technologies and Trail of Bits pertaining to Google Pixel security, it has been revealed that Pixel phones shipped worldwide since 2017 host a dormant app. The app, if exploited, can become a staging ground for attacks and can be used for delivering various kinds ... Read More
SolarWinds Patches: Severe Web Help Desk Vulnerability Fixed
In light of recent cybersecurity events, a critical SolarWinds Web Help Desk vulnerability has been revealed. Although SolarWinds patches pertaining to the vulnerability have been released, if it were to be exploited, it could lead to the execution of arbitrary code on certain instances. In this article, we’ll dive into ... Read More
Microsoft Security Update: 90 Critical Vulnerabilities Fixed
As a part of the Microsoft security update, the tech giant had released several fixes to address 90 critical security flaws. Reports claim that 10 of them have zero day vulnerabilities and 6 out of these 10 have fallen prey to threat actor attempts for exploitation. In this article, we’ll ... Read More
Gafgyt Botnet: Weak SSH Passwords Targeted For GPU Mining
A new variant of the Gafgy botnet has recently been discovered by cybersecurity researchers. As per media reports, the botnet appears to be machines with weak SSH passwords for mining crypto. In this article, we’ll dive into the details of the Gafgyt botnet and learn more about the attacks. Let’s ... Read More
Spear-Phishing Campaigns Target Russian, Belarusian Groups
As per recent reports, various Russian and Belarusian organizations have been targets of spear-phishing campaigns. These organizations belong to the non-profit, media, and international government sectors. Threat actors who orchestrated these spear-phishing campaigns appear to have interests that align with the Russian government. In this article, we’ll dive into these ... Read More
BlackSuit Ransomware Threat Actors Demand Up To $500 Million
According to an updated advisory from the United States (US) Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation (FBI), the BlackSuit ransomware strain is known to have had demands totaling up to $500 million in payments. In this article, we’ll dive into the details of the ransomware ... Read More
Phishing Attacks: Google Drawings And WhatsApp Scam Alert
Cybersecurity researchers at Menlo Security have recently uncovered phishing attacks leveraging Google Drawings and shortened links generated through WhatsApp. The aim of such an attack methodology is to evade detection and trick users into accessing malicious links that acquire sensitive information. In this article, we’ll cover these Google Drawings phishing ... Read More
Alert: Roundcube Flaws Put User Emails And Passwords At Risk
Cybersecurity researchers at Sonar have recently uncovered Roundcube flaws pertaining to Webmail software. Threat actors can exploit these Webmail software security flaws to execute malicious JavaScript code and steal emails and passwords. In this article, we dive into details of the potential exploits and uncover the vulnerabilities involved. Let’s begin! ... Read More
GoGra Backdoor: Unnamed South Asian Media Outlet Targeted
As per recent reports, an unnamed media organization in South Asia had fallen prey to the GoGra backdoor in November 2023. The threat actor behind the South Asia media organization’s cyber attack is believed to be a part of Harvester, a nation-state hacking group. In this article, we’ll dive into ... Read More