Fake calls reset passwords for ransomware on ESXi, hitting U.S. aviation and infra. The cybercrime group Scattered Spider also known as UNC3944, 0ktapus, Muddled Libra, and Octo Tempest is conducting targeted attacks on VMware ESXi hypervisors across North America’s retail, airline, and transportation sectors. According to Google’s Mandiant, the group’s tactics rely heavily on social engineering, particularly…

Read More “Scattered Spider Hijacks VMware Systems” »

United Natural Foods hit hard, causing delays and $400M losses in critical food distributionJuly 2025 United Natural Foods Inc. (UNFI) a major food distributor and Whole Foods Market’s primary supplier confirmed that a June 2025 cyberattack forced it to shut down core systems, resulting in lost sales of up to $400 million and an estimated…

Read More “Ransomware Disrupts U.S. Food Supply Chain” »

Active attacks on CVE-2025–53770 hit U.S. agencies and firms, installing Tool Shell backdoor for data theftJuly 2025 Microsoft has released an emergency security update to fix an actively exploited vulnerability in SharePoint Server, tracked as CVE-2025–53770. The flaw is reportedly being used in real-world attacks to compromise U.S. federal agencies, universities, and energy firms. Vulnerability…

Read More “Malicious Hackers Exploit SharePoint Zero-Day” »

What Salesforce’s Patch Nightmare Teaches About Tableau Server Risks On June 26, 2025, Salesforce disclosed eight critical vulnerabilities in Tableau Server the widely deployed BI and analytics platform. These flaws, affecting versions prior to 2025.1.3, 2024.2.12, and 2023.3.19, open the door to remote code execution, unauthorized database access, SSRF, and path traversal attacks. What Changed?…

Read More “Could Your Business Intelligence Platform Be the Next Attack Vector?” »

The Microsoft Breach That Reminds Us: No One’s Off Limits When you think “cyberattack,” you might picture sketchy links, ransomware pop-ups, or shady USB drives. But what if we told you a silent, state-sponsored operation just slipped through one of the most trusted platforms in the world Microsoft’s email infrastructure? That’s exactly what happened in a…

Read More “If Microsoft Can Be Breached, What About You?” »

In a chilling display of modern cyber tactics, a new phishing campaign has emerged that delivers the DeerStealer malware using a deceptively harmless .LNK shortcut file. This attack leverages Microsoft’s own tools against users in a technique known as Living Off the Land (LOLBin)—and it’s a wake-up call for all organizations relying solely on conventional security layers. What Makes This Threat So…

Read More “Could a Simple Shortcut File Be Hiding a Sophisticated Malware Attack?” »

Cyber Security Operations Centers (CSOCs) are no longer optional for digitally enabled enterprises. In an environment marked by sophisticated cyber threats, expanding regulatory mandates, and increasing stakeholder expectations, a well-architected CSOC forms the backbone of organizational cyber defense. 1. Understanding the Role of a CSOC A Cyber Security Operations Center is a centralized facility that…

Read More “Finstein’s 24×7 CSOC: Powering Cyber Resilience & Compliance in India” »

In March 2025, Nippon Steel Solutions, a major player in industrial IT services, was hit by a sophisticated cyberattack that exploited a zero-day vulnerability deep within its internal network. While public-facing systems remained untouched, attackers infiltrated internal servers and exfiltrated sensitive data from customers, partners, and employees. This wasn’t just another breach. What Went Wrong? The attackers…

Read More “Is a Zero-Day Breach Lurking in Your Network? Nippon Steel Solutions Attack” »