Tag: network
-
North Korean hackers abuse LNKs and GitHub repos in ongoing campaign
GitHub as C2: Researchers also highlighted the campaign’s use of GitHub as a C2 layer. Rather than communicating with suspicious-looking or newly registered domains, the malware interacts with GitHub repositories and APIs to receive instructions and exfiltrate data.”The fact that this shortcut file creates a chain that ultimately reaches out to a GitHub repository, and…
-
ResokerRAT Hijacks Telegram API to Command Infected Windows PCs
A newly identified Windows malware dubbed ResokerRAT abuses Telegram’s Bot API as its main command-and-control (C2) channel to remotely monitor and control infected systems without relying on a traditional attacker”‘owned server. By blending in with legitimate encrypted Telegram traffic, it becomes harder for network defenses to distinguish its C2 communication from normal user activity. When ResokerRAT runs,…
-
IT talent looks the other way as wireless security incidents pile up
Enterprise wireless networks are supporting a growing mix of devices and applications, increasing operational demand and security exposure. The 2026 Cisco State of Wireless … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/06/enterprise-wireless-networks-security-exposure/
-
US military contractor open sources tool for validating hidden communications networks
Maude-HCS from RTX (formerly Raytheon) helps model and validate hidden communication systems First seen on theregister.com Jump to article: www.theregister.com/2026/04/02/maude_hcs_rtx_raytheon_hcn/
-
Supply Chain Attacks Surge in March 2026
Tags: access, ai, api, attack, authentication, awareness, cloud, container, control, corporate, credentials, crypto, data-breach, github, group, hacking, identity, infrastructure, Internet, kubernetes, least-privilege, linux, LLM, macOS, malicious, malware, mfa, network, north-korea, open-source, openai, phishing, pypi, software, startup, supply-chain, threat, tool, update, vulnerability, windowsIntroductionThere was a significant increase in software supply chain attacks in March 2026. There were five major software supply-chain attacks that occurred including the Axios NPM package compromise, which has been attributed to a North Korean threat actor. In addition, a hacking group known as TeamPCP was able to compromise Trivy (a vulnerability scanner), KICS…
-
Cisco fixes critical IMC auth bypass present in many products
Tags: access, ai, api, apt, attack, authentication, cisco, computing, credentials, cybersecurity, dns, email, exploit, firewall, firmware, flaw, group, infrastructure, linux, malicious, monitoring, network, password, ransomware, risk, router, vulnerability, zero-day[ Related: More Cisco news and insights ] The Cisco IMC is a baseboard management controller (BMC), a dedicated controller embedded into server motherboards with its own RAM and network interface that gives administrators monitoring and management capabilities as if they were physically connected to the server with a keyboard, monitor, and mouse (KVM). Because BMCs run…
-
7 ways to improve your business resilience with backup and recovery
Tags: attack, automation, backup, business, cloud, compliance, control, cyber, data, dns, HIPAA, identity, malware, metric, network, PCI, ransomware, resilience, risk, service, soc, threat, vulnerability2. Ensure off-site backup copies : Local backups are fast, but they are also vulnerable to the same physical disasters and ransomware attacks that hit your primary servers. If your production environment and your backups are on the same network segment without air-gapping, a single compromise becomes a total extinction event. The Fix: Adopt a 3-2-1 strategy (3 total copies of data, 2 different media…
-
5 Steps to break free from alert fatigue and build resilient security operations
2. Prioritize outcomes over ticket volume : Stop focusing on how many alerts are cleared. This may be a metric for a better understanding of where automation or headcount are necessary but prioritize outcomes. Instead, the right questions are: How quickly did you contain a threat? Did we disrupt business operations or keep recovery swift and effective? A practical, outcome-driven SOC measures: Dwell time: How long before a threat was neutralized? Mean Time to Contain: How quickly…
-
6 critical mistakes that undermine cyber resilience (and how to fix them)
Tags: attack, automation, backup, best-practice, business, compliance, cyber, cybersecurity, data, detection, edr, endpoint, guide, identity, intelligence, malware, metric, network, ransomware, resilience, risk, soc, strategy, threat, tool, update, vulnerabilityGuide to Managing Strong Personalities During a Cybercrisis. Mistake 2: Fragmented asset and risk views: Fragmented asset and risk views make it difficult for teams to understand what is actually in their environment and where the most pressing exposures reside. When devices, configurations, and identity data live in separate tools or are maintained inconsistently, gaps…
-
6 metrics IT leaders can’t afford to ignore for business resilience
Tags: access, attack, automation, awareness, backup, business, cloud, compliance, credentials, cyber, cybersecurity, data, detection, endpoint, identity, incident response, metric, monitoring, network, resilience, risk, soar, soc, theft, threat, tool, update, vulnerability2. Mean time to respond (MTTR): From triage to containment : It’s not enough to spot threats”, you have to contain them fast. MTTR tracks how quickly your team can isolate and neutralize incidents. Integrated SOAR (Security Orchestration, Automation, and Response) workflows now drive a 500% year-over-year increase in orchestrated alert response actions, according to our latest SOC report. The difference? Teams leveraging automation have moved from after-the-fact…
-
Stryker Tells Customers Manufacturing Systems Restored
Device Maker Is Still Investigating March 11 Attack Claimed by Iranian Hacktivists. Medical tech maker Stryker said it has restored its systems and is operational across its global manufacturing network three weeks after a wiper attack by Iranian hacktivist group Handala led to a worldwide outage at the company. The firm is continuing to investigate…
-
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
Tags: access, ai, attack, breach, cisco, data, data-breach, extortion, group, network, ransom, ransomware, saas, supply-chainExtortion boost: The origins and deeper motives of TeamPCP, which emerged in late 2025, remain unclear. The leaking of stolen data suggests it might be styling itself as a sort of initial access broker which sells data and network access on to the highest bidder.However, the fact that stolen data was handed to a major…
-
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
Tags: access, ai, attack, breach, cisco, data, data-breach, extortion, group, network, ransom, ransomware, saas, supply-chainExtortion boost: The origins and deeper motives of TeamPCP, which emerged in late 2025, remain unclear. The leaking of stolen data suggests it might be styling itself as a sort of initial access broker which sells data and network access on to the highest bidder.However, the fact that stolen data was handed to a major…
-
14,000+ F5 BIG-IP APM Instances Exposed Online as Attackers Exploit RCE Vulnerability
Tags: access, attack, cve, cyber, cybersecurity, data-breach, exploit, flaw, Internet, network, rce, remote-code-execution, vulnerabilityCybersecurity researchers have identified a massive attack surface involving F5 BIG-IP Access Policy Manager (APM) devices. Following a critical severity upgrade to a recently disclosed flaw, over 17,100 instances are currently exposed to the internet, leaving enterprise networks vulnerable to full system takeovers. The Escalation of CVE-2025-53521 The vulnerability, tracked as CVE-2025-53521, was initially classified…
-
Standardize or Suffer: The JCHK Blueprint for MSSPs Defending SMB and SME Clients
Advanced persistent threats don’t discriminate by organization size, they discriminate by defense capability. Nation-state actors and their proxies invest months conducting reconnaissance, moving laterally through networks with surgical patience, and exfiltrating data long before any alert fires. The reality for small and mid-sized businesses and enterprises is particularly brutal: they carry the same exposure.. First…
-
TrueConf zero-day vulnerability exploited to target government networks
Suspected China-nexus attackers have leveraged a zero-day vulnerability (CVE-2026-3502) in the TrueConf client application to distribute malware within government networks in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/02/trueconf-zero-day-vulnerability-cyber-espionage/
-
Google’s Vertex AI Is Over-Privileged. That’s a Problem
Palo Alto Networks researchers show how attackers could exploit AI agents on Google’s Vertex AI to steal data and break into restricted cloud infrastructure. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/googles-vertex-ai-over-privilege-problem
-
ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers
New research from Octagon Networks reveals a critical zero-day ImageMagick vulnerability that allows Remote Code Execution (RCE) via simple image uploads affecting Ubuntu, Amazon Linux, and WordPress. This magic byte shift bypasses even the most secure policies. First seen on hackread.com Jump to article: hackread.com/imagemagick-zero-day-rce-linux-wordpress-servers/
-
Spamhaus CBL is reborn”¦ now interplanetary!
CBL is a project that has contributed greatly in securing the Internet for decades. Now reborn as the “Cosmic Blocklist,” it extends beyond Earth allowing the listing of IP addresses across multiple planetary networks in the solar system – learn more! First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/spamhaus-cbl-is-reborn-now-interplanetary/
-
Axios Front-End Library npm Supply Chain Poisoning Alert
Overview On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker bypassed the normal GitHub Actions CI/CD pipeline of the project, changed the account email address of the axios maintainer to an anonymous ProtonMail address, and manually released a malicious version…The…
-
Google Cloud’s Vertex AI Hit by Vulnerability Enabling Sensitive Data Access
Artificial intelligence agents are transforming enterprise workflows, but they also introduce dangerous new attack vectors. Security researchers from Palo Alto Networks’ Unit 42 recently uncovered a significant vulnerability in Google Cloud Platform’s (GCP) Vertex AI Agent Engine. By exploiting overly broad default permissions, attackers can deploy a malicious >>double agent<< to secretly exfiltrate sensitive data…
-
TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks
A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos.The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), a lack of integrity check when fetching application update code, allowing an attacker to…
-
Latest Xloader Obfuscation Methods and Network Protocol
Tags: api, automation, breach, cloud, communications, credentials, data, detection, email, encryption, framework, google, Internet, malicious, malware, microsoft, network, password, powershell, software, threat, tool, update, windowsIntroduction Xloader is an information stealing malware family that evolved from Formbook and targets web browsers, email clients, and File Transfer Protocol (FTP) applications. Additionally, Xloader may execute arbitrary commands and download second-stage payloads on an infected system. The author of Xloader continues to update the codebase, with the most recent observed version being 8.7. Since…
-
The 10 Coolest IoT Security Companies: The 2026 Internet Of Things 50
From Verkada and Armis to TXOne Networks and iOT365, CRN spotlights 10 IoT security vendors to watch in 2026 for partners and MSSPs. First seen on crn.com Jump to article: www.crn.com/news/security/2026/the-10-coolest-iot-security-companies-the-2026-internet-of-things-50
-
PNG Vulnerabilities Allow Attackers to Trigger Crashes and Leak Sensitive Data
Security researchers have disclosed two high-severity vulnerabilities in libpng, the widely deployed reference library used for processing Portable Network Graphics (PNG) image files. These critical flaws allow remote attackers to trigger process crashes, leak sensitive heap memory, and potentially achieve arbitrary code execution by tricking applications into processing specially crafted, standards-compliant PNG images. Both vulnerabilities require…