A critical vulnerability in the command-and-control, or C2, infrastructure of the infamous DanaBot malware provided security analysts with an unprecedented opportunity to peer into the hidden operations of one of the world’s most persistent cybercriminal networks.
Dubbed “DanaBleed” by researchers, this flaw existed in...
Silent Push Threat Analysts have uncovered a large-scale and technically sophisticated scam campaign dubbed GhostVendors, involving over 4,000 fraudulent domains impersonating dozens of major retail, apparel, and specialty brands globally.
This fake marketplace scam exploits social media advertising platforms primarily Facebook Marketplace to promote counterfeit...
A new social engineering scam, nicknamed ClickFix, is making waves in the cybersecurity world by exploiting user trust in routine security checks.
Disguised as a Cloudflare CAPTCHA known as the "Turnstile" interface the attack lures unsuspecting victims into executing malware on their own systems through a...
The threat landscape of 2025 is shaped not only by relentless malware but also by the emergence of new organizational models among cybercriminals.
One of the most notable developments is the rise of the DragonForce ransomware cartel a threat actor that has pivoted from...
A new and highly targeted cyberattack campaign has come to light in Poland, with the advanced persistent threat group UNC1151 exploiting a critical vulnerability in the Roundcube webmail platform to steal user credentials and further compromise organizational security.
This latest wave of spear phishing,...
A sophisticated and fast-evolving phishing campaign, linked to the prolific threat group “Scattered Spider” (also known as UNC3944 and Octo Tempest), is actively targeting IT helpdesk personnel at technology vendors and managed service providers (MSPs).
Leveraging highly tailored social engineering, advanced phishing kits, and...