2317 article(s)
RecoverIt is a new tool that lets attackers exploit Windows service recovery features to execute malware undetected, bypassing traditional defenses. This article explains how the technique works, why it's hard to spot, and what security teams need to watch for.
Threat actors are exploiting Ivanti EPMM flaws to install memory-resident backdoors, creating a silent inventory of compromised servers for sale. Discover the stealthy tactics, risks, and urgent steps for defenders.
Russian asylum for Spanish professor Enrique Arias Gil, accused of orchestrating pro-Kremlin cyber operations, ignites diplomatic tensions and highlights the evolving landscape of international cyber conflict.
The DKnife framework, operated by China-linked cyber actors, turns routers into powerful espionage tools—capable of hijacking downloads, stealing credentials, and silently delivering malware across Asia and beyond.
A new wave of cyberattacks is hijacking NGINX servers, redirecting unsuspecting users to phishing and scam sites. Learn how attackers operate, who’s at risk, and how to secure your web infrastructure.
A stealthy cyber campaign is rewriting NGINX server rules to redirect users from legitimate websites to scam pages. Discover how attackers exploit configuration files, the multi-stage infection process, and why server admins must stay vigilant.
A sprawling, stealthy reconnaissance operation leveraged tens of thousands of residential proxies and cloud infrastructure to map Citrix NetScaler Gateways globally—setting the stage for targeted cyberattacks exploiting new Citrix vulnerabilities.
Cybercriminals are exploiting OpenClaw’s skills marketplace to distribute hundreds of malicious AI tools, unleashing advanced malware that targets sensitive data across multiple platforms.
PeckBirdy is a sophisticated JScript-based malware framework abusing everyday Windows tools (LOLBins) to deliver stealthy backdoors across diverse environments. Recent campaigns targeted Asian gambling and government organizations with advanced payloads, exposing new challenges for defenders.
A new campaign by China-linked UAT-8099 is targeting IIS servers in Thailand and Vietnam with BadIIS malware, injecting SEO fraud and redirects while evading detection through advanced persistence strategies.