100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads

20/05/2025 0 Comments 0 tags

An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities but incorporate covert functionality to exfiltrate data,

AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation

20/05/2025 0 Comments 0 tags

Cybersecurity researchers have discovered risky default identity and access management (IAM) roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services,

South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware

20/05/2025 0 Comments 0 tags

High-level government institutions in Sri Lanka, Bangladesh, and Pakistan have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder. “The attackers used spear

The Crowded Battle: Key Insights from the 2025 State of Pentesting Report

20/05/2025 0 Comments 0 tags

In the newly released 2025 State of Pentesting Report, Pentera surveyed 500 CISOs from global enterprises (200 from within the USA) to understand the strategies, tactics, and tools they use

Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization

20/05/2025 0 Comments 0 tags

Threat hunters have exposed the tactics of a China-aligned threat actor called UnsolicitedBooker that targeted an unnamed international organization in Saudi Arabia with a previously undocumented backdoor dubbed MarsSnake. ESET,

Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse

20/05/2025 0 Comments 0 tags

Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that’s targeting publicly accessible Redis servers. The malicious activity has been codenamed RedisRaider by Datadog Security Labs. “RedisRaider aggressively

Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts

20/05/2025 0 Comments 0 tags

Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs. All

RVTools Official Site Hacked to Deliver Bumblebee Malware via Trojanized Installer

19/05/2025 0 Comments 0 tags

The official site for RVTools has been hacked to serve a compromised installer for the popular VMware environment reporting utility. “Robware.net and RVTools.com are currently offline. We are working expeditiously

Ransomware Gangs Use Skitnet Malware for Stealthy Data Theft and Remote Access

19/05/2025 0 Comments 0 tags

Several ransomware actors are using a malware called Skitnet as part of their post-exploitation efforts to steal sensitive data and establish remote control over compromised hosts. “Skitnet has been sold

⚡ Weekly Recap: Zero-Day Exploits, Insider Threats, APT Targeting, Botnets and More

19/05/2025 0 Comments 0 tags

Cybersecurity leaders aren’t just dealing with attacks—they’re also protecting trust, keeping systems running, and maintaining their organization’s reputation. This week’s developments highlight a bigger issue: as we rely more on