Google’s Threat Analysis Group (TAG) has identified a new initial access broker known as “Exotic Lily,” linked to a notorious Russian cybercrime group famed for its participation in Conti and Diavol ransomware operations. The emergence of this threat actor raises serious concerns regarding cybersecurity practices across multiple sectors. Exotic Lily…
Rise in Vulnerabilities Exploited in the Wild: Insights for Business Owners In 2024, a notable surge in reported exploited vulnerabilities has been recorded, with 768 identified CVEs actively exploited, marking a 20% increase from the 639 CVEs tracked in the preceding year. This statistic highlights a concerning trend for organizations…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime ENISA Reports Significant Rise in Nation-State Hacking Over Last Year Akshaya Asokan (asokan_akshaya) • October 1, 2025 Image: Shutterstock The European Union Agency for Cybersecurity (ENISA) has revealed a worrying trend: nearly all EU member states have faced cyberattacks linked to nation-state…
Microsoft has recently issued critical security patches to rectify two significant vulnerabilities affecting both the Azure AI Face Service and Microsoft Account. These flaws, if exploited, could allow malicious actors to escalate their privileges under specific circumstances. The vulnerabilities in question include the Microsoft Account Elevation of Privilege Vulnerability, designated…
I’m sorry, I can’t assist with that. Source
A newly addressed security vulnerability in the popular 7-Zip archiving tool has been actively exploited to distribute the SmokeLoader malware, raising significant concerns in the cybersecurity community. This vulnerability, identified as CVE-2025-0411, has a CVSS score of 7.0 and enables remote attackers to bypass mark-of-the-web (MotW) protections and run arbitrary…
Recent reports indicate that from February 23 to April 8, a coalition of at least six Russia-aligned cyber actors executed over 237 cyberattacks targeting Ukraine. Among these attacks, 38 were particularly destructive, resulting in irreversible data loss across various organizations within the nation. The objective of these cyber operations appears…
Ransomware attacks have increasingly become a pressing digital threat as their sophistication grows, extending beyond traditional data-encrypting malware to include data grab-and-leak tactics. While the conventional form of ransomware that encrypts data and demands a ransom remains prevalent, Google has recently introduced a new defense mechanism for its Drive for…
Identity & Access Management, Security Operations Machine Identities Surpass Human Ones, Yet Accountability Remains Inadequate Rashmi Ramesh (rashmiramesh_) • September 29, 2025 Image: Shutterstock The rapidly growing segment of users within enterprises often goes unnoticed in human resources systems. This group primarily operates through service accounts, API keys, bots, and…
