Exploit Campaigns Target Mobile Users Cybersecurity researchers have recently uncovered several exploit campaigns aimed at compromising the security of mobile users. These campaigns specifically targeted vulnerabilities found in popular web browsers like Apple Safari and Google Chrome. By taking advantage of now-patched flaws in these browsers, cyber attackers were able to infect mobile devices with…

Non-Profit Targeted by Vietnamese Hacking Group In a recent cyber attack incident, a non-profit organization supporting Vietnamese human rights has fallen victim to a sophisticated, multi-year campaign aimed at delivering various types of malware to compromised hosts. This malicious effort has been linked to a threat cluster called APT32, also known by different aliases such…

Understanding Adversary-in-the-Middle (AitM) Phishing Attacks The realm of IT security is evolving rapidly, and attackers are constantly innovating new ways to exploit vulnerabilities. One of the latest trends that IT professionals need to watch out for is the rise of Adversary-in-the-Middle (AitM) phishing attacks. These attacks go beyond traditional phishing techniques by enabling cybercriminals to…

Iranian Hacking Group, Pioneer Kitten, Strikes Again In the realm of cybersecurity, the cat is definitely out of the bag when it comes to the latest exploits of the Iranian hacking group called Pioneer Kitten. This feline-themed group has been on a spree, breaching multiple organizations across the United States and causing quite a stir….

AVTECH IP Cameras Vulnerable to Zero-Day Attack A critical vulnerability, CVE-2024-7029, with a CVSS score of 8.7 has resurfaced in AVTECH IP cameras, much to the delight of malicious actors looking to exploit this flaw as a zero-day. This flaw, identified as a command injection vulnerability within the brightness function of AVTECH closed-circuit television (CCTV)…

Fortra Resolves Critical Security Vulnerability in FileCatalyst Workflow Fortra, a leading IT security firm, has recently mitigated a severe security vulnerability affecting FileCatalyst Workflow. This flaw could potentially be exploited by a malicious remote attacker to obtain administrative privileges within the system. The identified vulnerability has been designated as CVE-2024-6633 and has received a high…

South Korea-Aligned Cyber Espionage Group Exploits Zero-Day Vulnerability in Kingsoft WPS Office In a recent incident, a cyber espionage group aligned with South Korea has been found exploiting a critical remote code execution vulnerability in Kingsoft WPS Office. This flaw, once zero-day and now patched, allowed the attackers to deploy a customized backdoor known as…

The BlackByte ransomware group exploits VMware ESXi security flaw The BlackByte ransomware group is like a persistent mosquito buzzing around the digital space, finding its way into vulnerable systems. They have been seen taking advantage of a security flaw that recently plagued VMware ESXi hypervisors, exploiting it to wreak havoc on unsuspecting victims. Disarming security…

The Rise of QR Code Phishing In the vast expanse of cyber threats, a new tactic has been brewing: QR code phishing, affectionately known as ‘quishing’ by cybersecurity insiders. The latest craze involves miscreants leveraging Microsoft Sway infrastructure to host fake pages, thereby exploiting legitimate cloud services for less-than-honorable endeavors. Legitimacy in the Shadows Netskope…