At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole.
The activity targeted South Korea's software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected inView the full article
Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring.
This causes a "major blind spot in Linux runtime security tools," ARMO said.
"This mechanism allows a user application to perform various actions without using system calls," the company said inView the full article
The Evolving Healthcare Cybersecurity Landscape
Healthcare organizations face unprecedented cybersecurity challenges in 2025. With operational technology (OT) environments increasingly targeted and the convergence of IT and medical systems creating an expanded attack surface, traditional security approaches are proving inadequate. According to recent statistics, the healthcare sectorView the full article
As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024.
"We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure," VulnCheck said in a report shared with The Hacker News.
This translates to 45 security flaws that have been weaponizedView the full article
The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities.
"This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to deploy customized scams in minutes," Netcraft said in a fresh report shared with The Hacker News.View the full article
A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations.
The vulnerability, tracked as CVE-2025-34028, carries a CVSS score of 9.0 out of a maximum of 10.0.
"A critical security vulnerability has been identified in the Command Center installation, allowing remote attackers to execute arbitrary code withoutView the full article
WhatsApp has introduced an extra layer of privacy called Advanced Chat Privacy that allows users to block participants from sharing the contents of a conversation in traditional chats and groups.
"This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy," WhatsApp said in a statement.
The optional featureView the full article
Multiple threat activity clusters with ties to North Korea (aka Democratic People's Republic of Korea or DPRK) have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space.
"The focus on Web3 and cryptocurrency appears to be primarily financially motivated due to the heavy sanctions that have been placed on North Korea," Google-owned Mandiant said inView the full article
The Iran-nexus threat actor known as UNC2428 has been observed delivering a ********* known as MURKYTOUR as part of a job-themed social engineering campaign aimed at Israel in October 2024.
Google-owned Mandiant described UNC2428 as a threat actor aligned with Iran that engages in cyber espionage-related operations. The intrusion set is said to have distributed the malware through a "complexView the full article
Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the guise of the Alpine Quest mapping software.
"The attackers hide this ******* inside modified Alpine Quest mapping software and distribute it in various ways, including through one of the Russian Android app catalogs," Doctor Web said in anView the full article
Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a ******* threat than ever before.
Attackers are increasingly leveraging identity-based techniques over software exploits, with phishing and stolen credentials (a byproduct of phishing) now the primaryView the full article
Multiple suspected Russia-linked threat actors are "aggressively" targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft 365 accounts since early March 2025.
The highly targeted social engineering operations, per Volexity, are a shift from previously documented attacks that leveraged a technique known as device codeView the full article
Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on.
"The polymorphic extensions create a pixel perfect replica of the target's icon, HTML popup, workflows and even temporarily disables the legitimate extension, making it extremely convincing for victims to believe that they are providing credentials toView the full article
The Middle East and North Africa have become the target of a new campaign that delivers a modified version of a known malware called AsyncRAT since September 2024.
"The campaign, which leverages social media to distribute malware, is tied to the region's current geopolitical climate," Positive Technologies researchers Klimentiy Galkin and Stanislav Pyzhov said in an analysis published last week.View the full article
The Need For Unified Security
Google Workspace is where teams collaborate, share ideas, and get work done. But while it makes work easier, it also creates new security challenges. Cybercriminals are constantly evolving, finding ways to exploit misconfigurations, steal sensitive data, and ******* user accounts. Many organizations try to secure their environment by piecing together differentView the full article
Cyber threats today don't just evolve—they mutate rapidly, testing the resilience of everything from global financial systems to critical infrastructure. As cybersecurity confronts new battlegrounds—ranging from nation-state espionage and ransomware to manipulated AI chatbots—the landscape becomes increasingly complex, prompting vital questions: How secure are our cloud environments? Can ourView the full article
A new mass malware campaign is infecting users with a cryptocurrency miner named SilentCryptoMiner by masquerading it as a tool designed to circumvent internet blocks and restrictions around online services.
Russian cybersecurity company Kaspersky said the activity is part of a larger trend where cybercriminals are increasingly leveraging Windows Packet Divert (WPD) tools to distribute malwareView the full article
Threat hunters have shed light on a "sophisticated and evolving malware toolkit" called Ragnar Loader that's used by various cybercrime and ransomware groups like Ragnar Locker (aka Monstrous Mantis), FIN7, FIN8, and Ruthless Mantis (ex-REvil).
"Ragnar Loader plays a key role in keeping access to compromised systems, helping attackers stay in networks for long-term operations," SwissView the full article
Microsoft has disclosed details of a large-scale malvertising campaign that's estimated to have impacted over one million devices globally as part of what it said is an opportunistic attack designed to steal sensitive information.
The tech giant, which detected the activity in early December 2024, is tracking it under the broader umbrella Storm-0408, a moniker used for a set of threat actorsView the full article
Are you tired of dealing with outdated security tools that never seem to give you the full picture? You’re not alone.
Many organizations struggle with piecing together scattered information, leaving your apps vulnerable to modern threats. That’s why we’re excited to introduce a smarter, unified approach: Application Security Posture Management (ASPM).
ASPM brings together the best of bothView the full article
For verified travel tips and real support, visit: [Hidden Content]
Access on-demand webinar here
Avoid a $100,000/month Compliance Disaster
March 31, 2025: The Clock is Ticking. What if a single overlooked script could cost your business $100,000 per month in non-compliance fines? PCI DSS v4 is coming, and businesses handling payment card data must be prepared.
Beyond fines, non-compliance exposes businesses to web skimming, third-party script attacks, andView the full article
Cybersecurity researchers have discovered a malicious Python package on the Python Package Index (PyPI) repository that's equipped to steal a victim's Ethereum private keys by impersonating popular libraries.
The package in question is set-utils, which has received 1,077 downloads to date. It's no longer available for download from the official registry.
"Disguised as a simple utility for PythonView the full article
A coalition of international law enforcement agencies has seized the website associated with the cryptocurrency exchange Garantex ("garantex[.]org"), nearly three years after the service was sanctioned by the U.S. Treasury Department in April 2022.
"The domain for Garantex has been seized by the United States Secret Service pursuant to a seizure warrant obtained by the United States Attorney'sView the full article
Safe{Wallet} has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a "highly sophisticated, state-sponsored attack," stating the North Korean threat actors behind the hack took steps to erase traces of the malicious activity in an effort to hamper investigation efforts.
The multi-signature (multisig) platform, which has roped in Google Cloud Mandiant toView the full article
Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025.
"The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines," Cisco Talos researcher Chetan Raghuprasad said in a technicalView the full article
Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.
