Introduction A recent zero-day vulnerability in Salesforce’s software was exploited by threat actors to phish Facebook credentials. This incident was first reported by Guardio Labs, who detected a sophisticated email…
A recent cybersecurity incident has brought to light a malicious Python package on the Python Package Index (PyPI), posing as the VMware vSphere connector module ‘vConnector’. This package, named ‘VMConnect’,…
Introduction In a recent blog post by VulnCheck, a vulnerability in MikroTik RouterOS was discussed in detail. The vulnerability, identified as CVE-2023-30799, affects MikroTik RouterOS up until version 6.49.8 (July…
Introduction In a significant development in the cybersecurity landscape, the banking sector has recently been the target of two distinct open-source software (OSS) supply chain attacks. These attacks, detected by…
Ivanti, a leading provider of IT software solutions, has recently addressed a critical zero-day authentication bypass vulnerability in its Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. This vulnerability,…
In the recently released “Threat Intelligence Report 2023” by Nokia, the company provides an in-depth analysis of the current cybersecurity landscape, particularly focusing on telecom networks and customer data. The…
Online and at conferences, people ask me how to get started in threat intel. What I usually offer as advice to budding analysts starting out is to practise analysing things…
Insider threats are a significant cybersecurity risk that originates from within an organisation. These threats can come from current or former employees, contractors, or anyone else with intimate knowledge of…
In the ever-evolving landscape of cyber threats, the UAC-0006 threat actor group has recently resurfaced with a new wave of attacks. This time, they're deploying the SmokeLoader malware through a…
In a recent report, the Computer Emergency Response Team of Ukraine (CERT-UA) has highlighted a significant increase in cyberattacks against the country’s civil infrastructure websites, particularly those of government agencies…