Mercedes-Benz Head Unit security research report

This report covers the research of the Mercedes-Benz Head Unit, which was made by Kaspersky team. Mercedes-Benz’s latest Head Unit (infotainment system) is called Mercedes-Benz User Experience (MBUX). The researchers performed analysis of the first generation MBUX. MBUX was previously Read More …

Threat Brief: CVE-2025-0282 and CVE-2025-0283

On Jan. 8, 2025, Ivanti released a security advisory for two vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in its Connect Secure, Policy Secure and ZTA gateway products. This threat brief provides attack details that we observed in a recent incident response engagement Read More …

Clop ransomware gang names dozens of victims hit by Cleo mass-hack, but several firms dispute breaches

The prolific Clop ransomware gang has named dozens of corporate victims it claims to have hacked in recent weeks after exploiting a vulnerability ​​in several popular enterprise file transfer products developed by U.S. software company Cleo. In a post on Read More …

New Star Blizzard spear-phishing campaign targets WhatsApp accounts

Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending Read More …

How to Mitigate the Risk of Rogue Employees

Rogue employees present significant financial and cybersecurity risks to organizations. Rapid7 threat researchers and penetration testers are actively observing how malicious actors exploit hiring pipelines to infiltrate businesses. This blog highlights real-world tactics, including: Insider Reconnaissance: Rogue applicants leveraging interviews to Read More …

PlugX malware deleted from thousands of systems by FBI

The FBI says it has removed PlugX malware from thousands of infected computers worldwide. The move came after suspicion that cybercriminals groups under control of the People’s Republic of China (PRC) used a version of PlugX malware to control, and Read More …

UK: Personal data stolen in cyber-attack on council

Gateshead Council said it is not known how many residents have been affected by the attack, which happened in the early hours of 8 January. Officials at the authority have advised people to watch out for phishing emails or fraudulent Read More …

Multi-Vector DDoS Attacks: What They Are and How to Stay Protected

Multi-vector DDoS attacks have emerged as one of the biggest challenges in cybersecurity today. The number of such incidents has been growing significantly year over year. In this article, we’ll break down what multi-vector attacks are, how they work, and Read More …

Hackers are exploiting a new Fortinet firewall bug to breach company networks

Security researchers say malicious hackers have been exploiting a newly discovered vulnerability in Fortinet firewalls to break into corporate and enterprise networks. In an advisory published Tuesday, security product maker Fortinet confirmed that a critical-rated vulnerability in its FortiGate firewalls, Read More …