attacks
-
Blog
EncryptHub linked to MMC zero-day attacks on Windows systems
A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month. Uncovered by Trend Micro staff researcher Aliakbar Zahravi, this security feature bypass (dubbed ‘MSC EvilTwin’ and now tracked as CVE-2025-26633) resides in how MSC files are handled on vulnerable devices. Attackers can leverage the vulnerability to evade Windows…
Read More » -
Blog
Critical Cisco Smart Licensing Utility flaws now exploited in attacks
Attackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. The CSLU Windows application allows admins to manage licenses and linked products on-premises without connecting them to Cisco’s cloud-based Smart Software Manager solution. Cisco patched this security flaw (tracked as CVE-2024-20439) in September, describing it as “an undocumented static user…
Read More » -
Blog
CISA tags NAKIVO backup flaw as actively exploited in attacks
CISA has warned U.S. federal agencies to secure their networks against attacks exploiting a high-severity vulnerability in NAKIVO’s Backup & Replication software. Tracked as CVE-2024-48248, this absolute path traversal flaw can be exploited by unauthenticated attackers to read arbitrary files on vulnerable devices. The US-based backup and ransomware recovery software vendor silently patched the security flaw with the release of…
Read More » -
Blog
New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure”
Image: rthanuthattaphong/Envato Elements Experts warn that desperate ransomware attackers are shifting focus from businesses to individuals, applying “psychological pressure” with personal threats that bring digital extortion into the physical world. In one stunning recent example, Guy Segal and Moty Cristal from ransomware negotiator and incident response firm Sygnia said a threat actor personally called an executive’s mobile phone and referenced…
Read More » -
Blog
Ukrainian military targeted in new Signal spear-phishing attacks
Ukraine’s Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and members of the country’s army forces. The bulletin mentions that the attacks started this month, with Signal messages containing archives posing as meeting reports. With some of these messages sent from existing contacts targets…
Read More » -
Blog
On average, government offices suffer a month of downtime after ransomware attacks
While many have been enjoying the twists and turns of Netflix’s Zero Day from the comfort of their sofas, for hundreds of government entities around the world, crippling cyber attacks have been a cold, hard reality. From 2018 to 2024, we tracked 1,133 confirmed ransomware attacks on government entities. On average, these attacks caused nearly a month’s worth of downtime…
Read More » -
Blog
Critical RCE flaw in Apache Tomcat actively exploited in attacks
A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. Hackers are reportedly leveraging proof-of-concept (PoC) exploits that were published on GitHub just 30 hours after the flaw was disclosed last week. The malicious activity was confirmed by Wallarm security…
Read More » -
Blog
Ransomware gang creates tool to automate VPN brute-force attacks
The Black Basta ransomware operation created an automated brute-forcing framework dubbed ‘BRUTED’ to breach edge networking devices like firewalls and VPNs. The framework has enabled BlackBasta to streamline initial network access and scale ransomware attacks on vulnerable internet-exposed endpoints. The discovery of BRUTED comes from EclecticIQ researcher Arda Büyükkaya following an in-depth examination of the ransomware gang’s leaked internal chat…
Read More » -
Blog
February was the worst month on record for ransomware attacks – and one threat group had a field day
February 2025 was the worst month on record for the number of ransomware attacks, according to new research from Bitdefender. Analysis from the security company shows the number of ransomware attacks reached 962 last month, marking a significant increase on the year prior in which 425 attacks were recorded. Of those, 335 were claimed by the Ransomware as a Service…
Read More » -
Blog
94% of Wi-Fi networks are vulnerable to deauthentication attacks
Research shows the vast majority of Wi-Fi networks are vulnerable to a popular type of denial-of-service (DoS) attack that is frequently deployed in larger cyber intrusion efforts. A new report from Nozomi Networks that analysed telemetry from hundreds of OT and IoT environments found 94% of Wi-Fi networks lacked the proper protections against deauthentication attacks. Deauthentication attacks are a form…
Read More »