Security researchers at Volexity have uncovered multiple Russian threat actors conducting sophisticated social engineering and spear-phishing campaigns targeting Microsoft 365 accounts through Device Code Authentication exploitation. The attacks, observed since mid-January 2025, involve three distinct groups: “CozyLarch (APT29),” “UTA0304,” and…
Tag: Cyber Security News
Beware of Fake Outlook Troubleshooting Calls that Ends Up In Ransomware Deployment
A sophisticated cyber threat has emerged in recent weeks, targeting unsuspecting users with fake Outlook troubleshooting calls. These calls, designed to appear legitimate, ultimately lead to the deployment of ransomware on the victim’s system. The scam involves a malicious binary…
Threat Actors Leveraging Modified Version of SharpHide Tool To Create Hidden Registry
Threat actors have been utilizing a modified version of the SharpHide tool to create hidden registry values, significantly complicating detection and deletion efforts. This technique exploits Windows registry redirection, making it challenging for standard tools to identify and remove these…
Meta Paid Out $2.3 Million to Researchers via Bug Bounty Program
In 2024, Meta, the parent company of Facebook, Instagram, and WhatsApp, continued its commitment to cybersecurity by awarding over $2.3 million through its bug bounty program. This initiative, which began in 2011, has now surpassed $20 million in total payouts,…
PurpleLab – A Free Cybersecurity Lab for Security Teams to Detect, Analyze & Simulate Threats
In a significant step forward for cybersecurity professionals, PurpleLab offers an innovative open-source cybersecurity lab for creating and testing detection rules, simulating logs, and running malware tests. Designed as an all-in-one lab environment, PurpleLab equips analysts with tools to enhance…
Hackers Abusing Microsoft Teams Meeting Invites to Trick Victims for Gaining Access
In a sophisticated cyberattack campaign, a threat actor identified as Storm-2372 has been leveraging Microsoft Teams meeting invites to execute “device code phishing” attacks. This campaign, observed since August 2024, targets governments, NGOs, IT services, defense, telecommunications, health, education, and…
Linux Kernel 6.14 rc3 Released – What’s New!
Linus Torvalds has released Linux Kernel 6.14-rc3, the latest release candidate for the upcoming Linux 6.14 stable version. Paolo Bonzini, the maintainer of the Kernel-based Virtual Machine (KVM), has also submitted a series of fixes for the Linux Kernel 6.14-rc3,…
Google Chrome AI-Powered Security Now Available for All Users – Enable Now!
In a significant update, Google has announced that its AI-powered security feature is now available to every Chrome user globally. This development marks a pivotal step in enhancing online safety through advanced machine learning techniques. The new security enhancement leverages…
Cybersecurity Weekly Recap: Latest on Attacks, Vulnerabilities, & Data Breaches
Welcome to this week’s Cybersecurity Newsletter, where we bring you the latest updates and key insights from the ever-changing world of cybersecurity. In today’s fast-paced digital environment, staying informed is crucial. Our goal is to provide you with relevant information…
SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild Following PoC Release
A critical authentication bypass vulnerability in SonicWall firewalls, tracked as CVE-2024-53704, is now being actively exploited in the wild, cybersecurity firms warn. The surge in attacks follows the public release of proof-of-concept (PoC) exploit code on February 10, 2025, by…