Month: January 2025

0 Comments
Threat actors are increasing their focus on exploiting public-facing applications to achieve initial access, according to Cisco Talos’ Incident Response Trends in Q4 2024 report. The exploitation of public-facing applications was the most common method of gaining initial access in Q4 2024, making up 40% of incidents. The researchers said this marked a “notable shift”
0 Comments
Jan 31, 2025Ravie LakshmananVulnerability / Healthcare The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a scale
0 Comments
Google Play has blocked 2.36 million policy-violating apps from being published and banned 158,000 developer accounts associated with harmful activities in 2024. More than 92% of Google’s human reviews for harmful apps are now AI-assisted, the tech giant said in a new report released on Wednesday. This allows faster and more accurate detection, helping prevent malicious apps from reaching
0 Comments
Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations. “Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities,” Google Threat
0 Comments
Jan 29, 2025Ravie LakshmananThreat Intelligence / Malware The North Korean threat actor known as the Lazarus Group has been observed leveraging a “web-based administrative platform” to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. “Each C2 server hosted a web-based administrative platform, built with a
0 Comments
US energy contractor ENGlobal has revealed that sensitive personal data was stolen after it was hit by a cyber-attack in November 2024. In an updated filing to the Securities and Exchange Commission (SEC) dated January 27, 2025, the engineering firm said the threat actor gained access to a portion of its IT system that contained
0 Comments
A new report has revealed a surge in the use of so-called “hidden text salting” techniques to evade email security measures in the latter half of 2024.  This method, also known as “poisoning,” allows cybercriminals to bypass spam filters, confuse email parsers and evade detection engines by embedding invisible elements in the HTML source code
0 Comments
WordPress › Error

There has been a critical error on this website.

Learn more about troubleshooting WordPress.