In a recent cybersecurity development, researchers have uncovered a privilege escalation vulnerability in Google Cloud Platform’s (GCP) Cloud Run service, which has since been resolved. This flaw could have permitted malicious individuals to gain unauthorized access to container images and…
Recent research has highlighted concerning vulnerabilities within GitHub Codespaces, specifically the potential for threat actors to exploit its legitimate features to distribute malware. GitHub Codespaces, a cloud-based development environment, allows users to write, debug, and commit code changes from a…
A recent data breach involving Hello Gym has unveiled over 1.6 million audio recordings of its gym members, raising serious concerns about potential risks such as spear-phishing, deepfake impersonation, and identity theft. In an alarming cybersecurity incident, Hello Gym, a…
Bitdefender has detected a new fileless malware dubbed EggStreme, employed by a China-based advanced persistent threat (APT) group, targeting the Philippine military and various organizations across the Asia-Pacific region. Researchers from Bitdefender discovered the EggStreme malware framework during an investigation…
The group known as Silk Typhoon—previously referred to as Hafnium—has shifted its focus from exploiting vulnerabilities in Microsoft Exchange servers to targeting the information technology (IT) supply chain. This change in strategy aims to gain initial access to corporate networks,…
Ransomware Attack Strikes Highlands Oncology, Compromising Over 113,000 Patient Records Highlands Oncology, a healthcare provider based in the United States, has recently fallen victim to a significant ransomware attack that has compromised the personal information of more than 113,000 patients.…
Recent findings from cybersecurity experts reveal a vulnerability in Google’s Quick Share data transfer tool for Windows, which can be manipulated to cause denial-of-service (DoS) issues or transmit files to users’ devices without their consent. This flaw underscores serious security…
A new cyber campaign known as Earth Bogle has emerged, showcasing the use of geopolitical themes to distribute the NjRAT remote access trojan across the Middle East and North Africa. This initiative underscores the evolving strategies employed by threat actors…
Relevant topics include Third Party Risk Management, Cryptocurrency Fraud, and Fraud Management & Cybercrime. Developer Compromised by Phishing Attack Involving a Malicious Email Authored by Akshaya Asokan (asokan_akshaya), David Perera (@daveperera) • September 9, 2025 Image: Shutterstock An attacker compromised…
The recent report emphasizes the significant yet often overlooked role of resellers and brokers in the spyware supply chain, describing this group as “a notably under-researched set of actors.” These intermediaries are said to obscure the relationships among vendors, suppliers,…
