News • Insights • Analysis
Cybercriminals frequently use fake search engine listings to take advantage of our trust in popular brands, and then scam us. It often starts, as with so many attacks, with a sponsored search result on Google. In the latest example of Read More …
Experts have revealed several critical vulnerabilities in GitHub Actions workflows which could pose serious risks to some major open source projects. A recent investigation by Sysdig’s Threat Research Team (TRT) has exposed how misconfigurations, particularly involving the pull_request_target trigger, could Read More …
The SonicWall Capture Labs threat research team became aware of a pre-authentication vulnerability in Erlang/OTP (Open Telegram Platform) SSH server implementation, assessed its impact, and developed mitigation measures. Erlang/OTP is a known toolkit used to build scalable, fault-tolerant systems such Read More …
Swedish automotive manufacturer Scania has confirmed suffering a cyberattack which saw it lose sensitive customer data. Security researchers Hackmanac found a new thread on a dark web forum, in which a database allegedly stolen from ‘insurance.scania.com’ was being offered for Read More …
Iran’s largest crypto exchange, Nobitex, said Wednesday that it was hacked and funds have been drained from its hot wallet. In a statement on its website translated by TechCrunch, Nobitex said it detected unauthorized access to its infrastructure and hot Read More …
This blog details research and analysis of an active campaign that exploits a critical unauthenticated remote code execution (RCE) vulnerability, CVE-2025-3248, that has been identified in Langflow versions prior to 1.3.0. Langflow is a Python-powered visual framework for building AI Read More …
As Israel and Iran exchange airstrikes, cybersecurity experts are warning that a quieter, but still destructive, digital conflict is unfolding behind the scenes. And U.S. companies could soon find themselves in the blast radius. Iran and Israel are home to Read More …
Rapid7’s Incident Response (IR) team was engaged to investigate an incident involving an attempted Cobalt Strike execution. The investigation uncovered twists and turns with pre-ransomware activities, tunneling tools, and attackers taking a page out of the defender’s playbook. The attacker Read More …
This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer. Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT Read More …
Car sharing marketplace Zoomcar has suffered a cyberattack in which it lost sensitive information on millions of customers. In a new 8-K form filed with the US Securities and Exchange Commission (SEC), the company said it was made aware of the Read More …
