In April 2024, Microsoft announced a critical security update addressing an unprecedented 149 vulnerabilities, with two of these flaws identified as actively exploited threats. This latest update categorizes three of the vulnerabilities as Critical, 142 as Important, three as Moderate, and one as Low in severity. Additionally, the update follows…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Iranian Hacking Group Unleashes Array of Custom Malware Variants Akshaya Asokan (asokan_akshaya) • November 18, 2025 Image: Evgeniyqw/Shutterstock Google has issued a warning regarding a state-sponsored Iranian hacking group known for targeting the aerospace and defense sectors in the Middle East. This…
Following Microsoft’s recent release of a mitigation tool aimed at addressing cyberattacks targeting on-premises Exchange servers, the company reported that 92% of the internet-facing servers affected by the ProxyLogon vulnerabilities have been patched. This marks a substantial improvement of 43% from the previous week, closing a tumultuous period rife with…
Recent research reveals that the conversion process from DOS to NT paths in Windows represents a potential exploitation vector for threat actors, enabling rootkit-like functionality that could hide and impersonate files, directories, and processes. According to Or Yair, a security researcher from SafeBreach, when users invoke functions that involve a…
On Thursday, the U.S. and U.K. governments officially attributed the supply chain breach of SolarWinds, an IT infrastructure management firm, to Russian government operatives from the Foreign Intelligence Service (SVR). This attribution was made with “high confidence,” acknowledging the complexity and depth of the cyber-attack. The U.K. government issued a…
On Tuesday, cybersecurity giant FireEye confirmed it has suffered a significant breach, falling victim to a sophisticated state-sponsored attack that resulted in the theft of its Red Team penetration testing tools. These tools are integral for evaluating the security measures of their clients, spotlighting the pressing vulnerabilities that organizations face,…
In a significant cybersecurity breach, state-sponsored actors allegedly associated with Russia have targeted prominent U.S. agencies, including the Treasury and the Department of Commerce’s National Telecommunications and Information Administration (NTIA). This sophisticated cyber espionage campaign has involved the monitoring of internal email communications, exposing vulnerabilities in national cybersecurity. Reports from…
A comprehensive state-sponsored espionage operation targeting the software company SolarWinds has also extended to Microsoft, according to recent developments in an ongoing investigation. Initial reports suggest that the attack might be more extensive and sophisticated than earlier assessments indicated. Reuters first disclosed Microsoft’s involvement, noting that malicious actors utilized the…
A recent cyber threat has emerged, linked to the nation-state group known as APT28, which has exploited a vulnerability in the Microsoft Windows Print Spooler service to distribute a custom malware variant named GooseEgg. This security flaw, tracked as CVE-2022-38028, received a high CVSS score of 7.8 and has been…
