Divya

Divya

Lazarus Group Weaponizes IIS Servers for Deploying Malicious ASP Web ShellsLazarus Group Weaponizes IIS Servers for Deploying Malicious ASP Web Shells

Lazarus Group Weaponizes IIS Servers for Deploying Malicious ASP Web Shells

The notorious Lazarus group has been identified as leveraging compromised IIS servers to deploy malicious ASP web shells. These sophisticated…

2 months ago
Critical ruby-saml Vulnerabilities Allow Attackers to Bypass AuthenticationCritical ruby-saml Vulnerabilities Allow Attackers to Bypass Authentication

Critical ruby-saml Vulnerabilities Allow Attackers to Bypass Authentication

A critical security vulnerability has been identified in the ruby-saml library, a popular tool used for Single Sign-On (SSO) via…

2 months ago
U.S. Charges LockBit Ransomware Developer in Cybercrime CrackdownU.S. Charges LockBit Ransomware Developer in Cybercrime Crackdown

U.S. Charges LockBit Ransomware Developer in Cybercrime Crackdown

The U.S. Department of Justice has charged Rostislav Panev, a dual Russian and Israeli national, for his role as a…

2 months ago
CISA Releases Security Advisory on 13 Industrial Control System ThreatsCISA Releases Security Advisory on 13 Industrial Control System Threats

CISA Releases Security Advisory on 13 Industrial Control System Threats

CISA issued thirteen Industrial Control Systems (ICS) advisories, highlighting current security issues and vulnerabilities in various systems. These advisories are…

2 months ago
New Microsoft 365 Attack Leverages OAuth Redirection for Credential TheftNew Microsoft 365 Attack Leverages OAuth Redirection for Credential Theft

New Microsoft 365 Attack Leverages OAuth Redirection for Credential Theft

Threat researchers at Proofpoint are currently tracking two sophisticated and highly targeted cyber-attack campaigns that are utilizing OAuth redirection mechanisms…

2 months ago
Decrypting Akira Ransomware on Linux/ESXi Without Paying HackersDecrypting Akira Ransomware on Linux/ESXi Without Paying Hackers

Decrypting Akira Ransomware on Linux/ESXi Without Paying Hackers

A team successfully decrypted an instance of the Akira ransomware on Linux/ESXi systems without succumbing to the hackers' demands. This…

2 months ago
New Cyber Attack Targets PyPI Users to Steal Cloud Tokens and Sensitive DataNew Cyber Attack Targets PyPI Users to Steal Cloud Tokens and Sensitive Data

New Cyber Attack Targets PyPI Users to Steal Cloud Tokens and Sensitive Data

A recent discovery by ReversingLabs researchers has unveiled a malicious cyber attack targeting the Python Package Index (PyPI) users, a…

2 months ago
Apache NiFi Vulnerability Exposes MongoDB Credentials to AttackersApache NiFi Vulnerability Exposes MongoDB Credentials to Attackers

Apache NiFi Vulnerability Exposes MongoDB Credentials to Attackers

A critical security vulnerability has been identified in Apache NiFi, a popular open-source data integration tool. The vulnerability, tracked as…

2 months ago
86,000+ Healthcare Staff Records Exposed Due to AWS S3 Misconfiguration86,000+ Healthcare Staff Records Exposed Due to AWS S3 Misconfiguration

86,000+ Healthcare Staff Records Exposed Due to AWS S3 Misconfiguration

A non-password-protected database belonging to ESHYFT, a New Jersey-based HealthTech company, was recently discovered by cybersecurity researcher Jeremiah Fowler. The…

2 months ago
Microsoft Finally Patches 2-Year-Old Windows Kernel Security FlawMicrosoft Finally Patches 2-Year-Old Windows Kernel Security Flaw

Microsoft Finally Patches 2-Year-Old Windows Kernel Security Flaw

Microsoft has released a critical patch for a 2-year-old Windows kernel security vulnerability. This vulnerability, identified as CVE-2025-24983, allows attackers…

2 months ago