Category: Security

Cybercriminals are getting smarter every day, and FileFix is proof. This isn’t your run-of-the-mill phishing scam. It’s a cleverly engineered attack that uses hidden tricks inside images (steganography) to deliver StealC malware onto unsuspecting systems quietly. The scariest part? Victims don’t even download a suspicious file. Instead, they copy what looks like a harmless file path and paste it…

Read More “Could a copied File-Fix link be hiding malware?” »

In late July 2025, threat hunters uncovered a stealthy Linux backdoor dubbed Plague, implemented as a malicious PAM (Pluggable Authentication Module). The implant enables silent bypass of authentication, persistent SSH access, and leaves minimal forensic traces, making it extremely difficult to detect. Plague has been in circulation since at least mid-2024, with multiple compiled variants…

Read More “Stealthy ‘Plague’ Backdoor Hits Linux Systems” »

In late July 2025, Arctic Wolf identified a surge in ransomware intrusions linked to SonicWall SSL VPNs, with evidence suggesting the exploitation of a likely zero-day vulnerability. Several incidents involved compromised VPN access despite devices being fully patched and protected with TOTP-based MFA. In many cases, accounts were breached shortly after credential rotations, pointing to…

Read More “Akira Targets SonicWall VPNs in Zero-Day Surge” »

On July 29, 2025, Cursor, a widely used AI-powered code editor, released version 1.3 to patch a critical remote code execution (RCE) vulnerability tracked as CVE-2025–54135 (CVSS 8.6). Discovered by Aim Security, the flaw dubbed “CurXecute”, allowed attackers to exploit Cursor’s integration with external Model Control Protocol (MCP) servers to execute arbitrary code. The issue…

Read More “Akira Targets SonicWall VPNs in Zero-Day Surge” »

Patchwork uses fake invites with LNK files to breach missile contractors for intel28 July 2025 The Indian-linked threat actor Patchwork (also known as APT-C-09, Dropping Elephant, Operation Hangover) has launched a spear-phishing campaign against Turkish defense contractors, aiming to collect sensitive intelligence on unmanned vehicle systems and missile programs. Geopolitical Context The timing aligns with…

Read More “India-Linked Group Targets Turkish Defense” »

Fake calls reset passwords for ransomware on ESXi, hitting U.S. aviation and infra. The cybercrime group Scattered Spider also known as UNC3944, 0ktapus, Muddled Libra, and Octo Tempest is conducting targeted attacks on VMware ESXi hypervisors across North America’s retail, airline, and transportation sectors. According to Google’s Mandiant, the group’s tactics rely heavily on social engineering, particularly…

Read More “Scattered Spider Hijacks VMware Systems” »

What Salesforce’s Patch Nightmare Teaches About Tableau Server Risks On June 26, 2025, Salesforce disclosed eight critical vulnerabilities in Tableau Server the widely deployed BI and analytics platform. These flaws, affecting versions prior to 2025.1.3, 2024.2.12, and 2023.3.19, open the door to remote code execution, unauthorized database access, SSRF, and path traversal attacks. What Changed?…

Read More “Could Your Business Intelligence Platform Be the Next Attack Vector?” »

The Microsoft Breach That Reminds Us: No One’s Off Limits When you think “cyberattack,” you might picture sketchy links, ransomware pop-ups, or shady USB drives. But what if we told you a silent, state-sponsored operation just slipped through one of the most trusted platforms in the world Microsoft’s email infrastructure? That’s exactly what happened in a…

Read More “If Microsoft Can Be Breached, What About You?” »

In a chilling display of modern cyber tactics, a new phishing campaign has emerged that delivers the DeerStealer malware using a deceptively harmless .LNK shortcut file. This attack leverages Microsoft’s own tools against users in a technique known as Living Off the Land (LOLBin)—and it’s a wake-up call for all organizations relying solely on conventional security layers. What Makes This Threat So…

Read More “Could a Simple Shortcut File Be Hiding a Sophisticated Malware Attack?” »