New findings from Lares Labs underscore the importance of realistic threat emulation exercises that mirror the sophisticated tactics of the Scattered Spider APT group. By integrating real-world incident data into controlled simulations, organizations can proactively assess defenses across networks, endpoints,…
Category: Cyber Security News
New TamperedChef Attack With Weaponized PDF Editor Steals Sensitive Data and Login Credentials
A sophisticated malware campaign that weaponizes a seemingly legitimate PDF editor to steal sensitive data and login credentials from unsuspecting users across Europe. The attack uncovered by Truesec, dubbed “TamperedChef,” represents a new evolution in social engineering tactics that leverage…
FreePBX Servers Hacked in 0-Day Attack – Admins are Urged to Disable Internet Access
A critical zero-day exploit targeting exposed FreePBX 16 and 17 systems. Threat actors are abusing an unauthenticated privilege escalation vulnerability in the commercial Endpoint Manager module, allowing remote code execution (RCE) when the Administrator Control Panel is reachable from the…
Cloudflare Launches MCP Server Portals – A Unified Gateway to All MCP Servers
Cloudflare today launched MCP Server Portals in open beta, a groundbreaking capability designed to centralize, secure, and observe all Model Context Protocol (MCP) connections in an organization. By routing every MCP request through a single portal endpoint, Cloudflare One customers…
CISA Publish Hunting and Mitigation Guide to Defend Networks from Chinese State-Sponsored Actors
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside the NSA, FBI, and a broad coalition of international partners, has released a comprehensive cybersecurity advisory detailing a widespread espionage campaign by People’s Republic of China (PRC) state-sponsored actors targeting critical…
NX Build Tool Hacked with Malware That Checks for Claude or Gemini to Find Wallets and Secrets
Over 1,400 developers discovered today that a malicious post-install script in the popular NX build kit silently created a repository named s1ngularity-repository in their GitHub accounts. This repository contains a base64-encoded dump of sensitive data wallet files, API keys, .npmrc…
CrowdStrike Set to Acquire Onum in $290 Million Deal to Enhance Falcon Next-Gen SIEM
Global cybersecurity leader CrowdStrike announced its intention to acquire Onum, a pioneer in real-time telemetry pipeline management, in a deal reportedly valued at $290 million. The acquisition, unveiled Wednesday, aims to significantly enhance CrowdStrike’s Falcon Next-Gen SIEM platform, transforming it…
Kea DHCP Server Vulnerability Let Remote Attacker With a Single Crafted Packet
A newly disclosed vulnerability in the widely used ISC Kea DHCP server poses a significant security risk to network infrastructure worldwide. The flaw, designated CVE-2025-40779, allows remote attackers to crash DHCP services with just a single maliciously crafted packet, potentially…
TAG-144 Actors Attacking Government Entities With New Tactics, Techniques, and Procedures
Over the past year, a shadowy threat actor known as TAG-144—also tracked under aliases Blind Eagle and APT-C-36—has intensified operations against South American government institutions. First observed in 2018, this group has adopted an array of commodity remote access trojans…
Microsoft Unveils Storm-0501’s Advanced Cloud Ransomware Attack Tactics
Microsoft Threat Intelligence has released a detailed report exposing a significant evolution in ransomware attacks, pioneered by the financially motivated threat actor Storm-0501. The group has shifted from traditional on-premises ransomware to a more destructive, cloud-native strategy that involves data…