The latest email threat landscape report from cybersecurity solutions provider Fortra identifies how stolen personal data is being leveraged to curate very detailed email attacks. Almost all these attacks are social engineering or phishing attacks, often across multiple channels, with the misuse of legitimate tools adding to the obfuscation targeted …
A powerful new attack tool, Atlantis AIO, is making it easier than ever for cybercrooks to access online accounts. Designed to perform credential stuffing attacks automatically, Atlantis AIO enables hackers to test millions of stolen usernames and passwords in rapid succession. In new research, Abnormal Security has described how, by …
The cybersecurity landscape is facing a critical turning point as quantum computing (QC) rapidly advances. Delaying the implementation of post-quantum cryptography (PQC) solutions could have devastating consequences for data privacy. Traditional encryption methods, including RSA and ECC, are on the verge of obsolescence, as quantum breakthroughs will soon enable adversaries …
Rhino Security researchers have identified multiple critical vulnerabilities in Appsmith, an open-source developer platform commonly used for building internal applications. The most severe of these is CVE-2024-55963, which enables unauthenticated attackers to execute arbitrary system commands on servers running default installations of Appsmith versions 1.20 through 1.51. Remote Code Execution …
Five critical security vulnerabilities have been found in the Ingress NGINX Controller for Kubernetes, potentially enabling unauthenticated remote code execution. This exposure puts over 6,500 clusters at immediate risk by making the component accessible via the public internet. The vulnerabilities, CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, are a series of unauthenticated …
In a joint advisory, US federal agencies have issued a cybersecurity warning about a sharp increase in attacks by Medusa ransomware, urging business leaders and IT teams to act immediately to protect their organizations. The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information …
Google’s Threat Analysis Group (TAG) and Mandiant have uncovered a sophisticated espionage campaign linked to China-nexus threat actors, targeting vulnerable Juniper routers used in enterprise and government networks worldwide. This discovery highlights the ongoing risks posed by state-sponsored attacks against aging network infrastructure. The malicious actors honed in on end-of-life …
Last month, employees at the UK-based engineering firm, Arup, were tricked by a deepfake video of the company’s CFO into transferring $25 million to cybercriminals. This isn’t an anomaly. It’s further proof that social engineering has become cybersecurity’s most costly problem. Today, more cybercriminals are launching AI-powered social engineering attacks …
Kansas-based Sunflower Medical Group disclosed to authorities on 7th March that they had suffered a data breach compromising the personal and confidential information of 220,968 individuals. In a statement on their website entitled ‘Notice of a Data Security Incident,’ Sunflower provided details about the attack. They identified how it was on …
The House of Representatives has passed a bill that mandates contractors working with the federal government implement vulnerability disclosure policies (VDPs) in alignment with NIST guidelines. The Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025, introduced by Chairwoman Nancy Mace (R-S.C.) and Ranking Member Shontel Brown (D-Ohio), directs the Office …
Got Questions? Call Us Now!