Mailcow Mail Server Flaws Expose Servers to Remote Code Execution
Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code...
FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums
The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a tool known...
Navigating Insider Risks: Are your Employees Enabling External Threats?
Attacks on your network are often meticulously planned operations launched by sophisticated threats. Sometimes your technical fortifications provide a formidable challenge, and the attack...
North Korean Hackers Update BeaverTail Malware to Target MacOS Users
Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic People's Republic of Korea (DPRK) have...
‘Stargazer Goblin’ Creates 3,000 Fake GitHub Accounts for Malware Spread
A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service (DaaS) that propagates a...
How To Get the Most From Your Security Team’s Email Alert Budget
We'll TL;DR the FUDdy introduction: we all know that phishing attacks are on the rise in scale and complexity, that AI is enabling more...
Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware
Google has announced that it's adding a new layer of protection to its Chrome browser through what's called app-bound encryption to prevent information-stealing malware...
New Android Spyware LianSpy Evades Detection Using Yandex Cloud
Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021.Cybersecurity vendor Kaspersky, which discovered...
North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry
The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript package registry with the aim...
CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install (SMI) feature with the...
