Threat Actor Profile: APT35
APT35, also known as Phosphorus, Charming Kitten, and Ajax Security Team, is an Iranian threat actor that has been active since at least 2014. The group has targeted organisations across…
The Emergence of FraudGPT
The cyber threat landscape is continually evolving, with threat actors leveraging advanced technologies to carry out sophisticated attacks. One such development is the emergence of FraudGPT, a new artificial intelligence…
Outlook Email Authentication Bypass: Display Name Obfuscation
Original Source: GitLab Repository The Vulnerability The issue lies in the “display name” of an email’s “From” header in Outlook. It appears that this display name can be manipulated to…
Active Exploitation of Zero-Day Vulnerability (CVE-2023-38606) Affecting All Apple Products
The Centre for Cyber Security Belgium (CERT.be) has issued an advisory warning of an actively exploited zero-day vulnerability (CVE-2023-38606) affecting all Apple products. This vulnerability, which allows for the modification…
OSS Supply Chain Attacks Targeting the Banking Sector: A Detailed Analysis
Introduction In a significant development in the cybersecurity landscape, the banking sector has recently been the target of two distinct open-source software (OSS) supply chain attacks. These attacks, detected by…
Unmasking the Geopolitical Underpinnings of Ransomware Attacks: A Review
In the ever-evolving field of Cyber Threat Intelligence (CTI), understanding the motivations behind cyber-attacks is paramount for effective threat mitigation and response. While financial gain is often a primary driver,…
Unveiling TETRA:BURST – A Deep Dive into the Critical Vulnerabilities of Global Emergency Communication Systems
Introduction The Terrestrial Trunked Radio (TETRA), a communication system extensively utilized by government agencies, law enforcement, and emergency services organizations across Europe, the United Kingdom, and numerous other countries, has…
Unraveling Phishing SMS Campaigns: A Collaborative Success Story
A recent operation against phishing SMS campaigns in the UK, shared via a tweet by Jake from JCyberSec_ (@JCyberSec_) and a LinkedIn post by the Dedicated Card and Payment Crime…
Zero-day vulnerability exploited in cyberattack on Norwegian government’s IT systems
On July 24, 2023, the Norwegian government announced that its ICT platform, used by 12 of its ministries, had been compromised in a cyberattack. The attack was carried out by…
Zenbleed – CVE-2023-20593: A use-after-free in AMD Zen2 Processors announced
A recent oss-security list post from Tavis Ormandy has brought attention to a use-after-free vulnerability, CVE-2023-20593, in AMD Zen2 processors.