CISA Urges Agencies to Patch Critical “Array Networks” Flaw Amid Active Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access...
Google’s New Restore Credentials Tool Simplifies App Login After Android Migration
Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a...
PyPI Python Library “aiocpa” Found Exfiltrating Crypto Keys via Telegram Bot
The administrators of the Python Package Index (PyPI) repository have quarantined the package "aiocpa" following a new update that included malicious code to exfiltrate...
Flying Under the Radar – Security Evasion Techniques
Dive into the evolution of phishing and malware evasion techniques and understand how attackers are using increasingly sophisticated methods to bypass security measures."I really...
Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks
Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code (IaC) and policy-as-code (PaC) tools like HashiCorp's Terraform and Open Policy Agent (OPA) that...
THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18 – Nov 24)
We hear terms like "state-sponsored attacks" and "critical vulnerabilities" all the time, but what's really going on behind those words? This week's cybersecurity news...
Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections
Cybersecurity researchers have uncovered a new malicious campaign that leverages a technique called Bring Your Own Vulnerable Driver (BYOVD) to disarm security protections and...
Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites
Government agencies and non-governmental organizations in the United States have become the target of a nascent China state threat actor known as Storm-2077.The adversary,...
North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn
The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of...
APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell.The attack campaign is said to have...
