As investigations into the SolarWinds supply-chain breach progress, cybersecurity experts have unveiled a third malware variant, identified as “Sunspot.” This new threat targets the build environment, facilitating the injection of a backdoor into SolarWinds’ Orion network monitoring software. This marks an alarming addition to previously disclosed malware, notably Sunburst and…
Critical Vulnerability Discovered in React Framework: Immediate Action Required A significant security vulnerability has been identified in various versions of the React framework, prompting urgent calls for patching from researchers. This vulnerability, categorized as CVE-2025-55182, has been described by experts as a “perfect 10,” indicating its severity. Specifically, React versions…
Recent findings from cybersecurity experts reveal a sophisticated spyware campaign aimed at users in Pakistan. This operation employs malicious variants of legitimate Android applications to conduct covert surveillance and data exfiltration. The spyware masquerades as well-known applications, including those like the Pakistan Citizen Portal, a prayer timing app called Pakistan…
A sprawling network believed to be responsible for defrauding individuals through fraudulent online gambling platforms has reportedly been operating for 14 years. Researchers have indicated that this extensive operation is likely supported by a nation-state, targeting both government and private sector organizations in the United States and Europe. Previous investigations…
Mimecast Confirms Breach Linked to SolarWinds Cyberattack Mimecast, a prominent cloud-based email management provider, disclosed on Tuesday that a “sophisticated threat actor” had compromised one of its digital certificates integral to secure connections with Microsoft 365 Exchange. This alarming revelation emerged after Microsoft notified Mimecast of potential vulnerabilities. In response,…
Cybersecurity researchers from Koi Security have uncovered a significant espionage scheme orchestrated by a group dubbed ShadyPanda, which has compromised over 4.3 million users of Chrome and Microsoft Edge over the course of roughly seven years. The attackers employed a methodical and deceptive approach by uploading seemingly innocuous browser extensions…
In a recent development, cybersecurity researchers uncovered an ongoing surveillance initiative targeting Colombian government institutions and private enterprises within the energy and metallurgical sectors. This attack campaign, referred to as “Operation Spalax,” was detailed in a report released Tuesday by ESET, a Slovak cybersecurity firm. The operation first began in…
Target’s Pricing Algorithm Raises Data Privacy Concerns in New York Target’s pricing strategy has come under scrutiny after discrepancies were noted in egg prices, varying significantly based on geographic location. In Rochester, New York, a carton of Target’s Good & Gather eggs is priced at $1.99, while the same product…
Recent revelations by cybersecurity experts have uncovered a series of sophisticated cyberattacks orchestrated by a Chinese threat actor, targeting various organizations in Russia and Hong Kong. This campaign has been noted for the deployment of an undocumented backdoor, showcasing the evolving nature of threats in today’s digital landscape. Researchers from…
