Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File

28/05/2025 0 Comments 0 tags

Cybersecurity researchers have discovered a security flaw in Microsoft’s OneDrive File Picker that, if successfully exploited, could allow websites to access a user’s entire cloud storage content, as opposed to

From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign

28/05/2025 0 Comments 0 tags

Stealer malware no longer just steals passwords. In 2025, it steals live sessions—and attackers are moving faster and more efficiently than ever. While many associate account takeovers with personal services,

New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto

28/05/2025 0 Comments 0 tags

Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot. Written in Go, the botnet is designed to conduct brute-force attacks against SSH

Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware

28/05/2025 0 Comments 0 tags

A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System (CMS) to deploy multiple payloads, including a cryptocurrency

251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch

28/05/2025 0 Comments 0 tags

Cybersecurity researchers have disclosed details of a coordinated cloud-based scanning activity that targeted 75 distinct “exposure points” earlier this month. The activity, observed by GreyNoise on May 8, 2025, involved

How ‘Browser-in-the-Middle’ Attacks Steal Sessions in Seconds

28/05/2025 0 Comments 0 tags

Would you expect an end user to log on to a cybercriminal’s computer, open their browser, and type in their usernames and passwords? Hopefully not! But that’s essentially what happens

Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats

28/05/2025 0 Comments 0 tags

Apple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more than $2 billion in 2024 alone. The company said the

Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets

27/05/2025 0 Comments 0 tags

Cybersecurity researchers have disclosed a new malicious campaign that uses a fake website advertising antivirus software from Bitdefender to dupe victims into downloading a remote access trojan called Venom RAT.

New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency

27/05/2025 0 Comments 0 tags

Misconfigured Docker API instances have become the target of a new malware campaign that transforms them into a cryptocurrency mining botnet. The attacks, designed to mine for Dero currency, is

AI Agents and the Non‑Human Identity Crisis: How to Deploy AI More Securely at Scale

27/05/2025 0 Comments 0 tags

Artificial intelligence is driving a massive shift in enterprise productivity, from GitHub Copilot’s code completions to chatbots that mine internal knowledge bases for instant answers. Each new agent must authenticate to