yohanmanuja, Author at Security Pulse

Custom illustration showing a Windows workstation under surveillance while an obfuscated loader labeled “BadAudio” communicates with APT24 command-and-control infrastructure.

How APT24 Uses BadAudio Malware in Multi-Vector Espionage

yohanmanuja1 month ago1 month ago18 mins

BadAudio gives APT24 a stealthy first-stage foothold in a long-running espionage campaign that focuses on Windows environments. The C++ downloader hides behind DLL search-order hijacking, control-flow obfuscation and AES-encrypted C2, while the group rotates between watering-hole attacks, supply-chain compromises and targeted spearphishing to deliver it. This article breaks down BadAudio’s loader behavior, APT24’s evolving tradecraft and the defensive steps that help security teams detect, contain and disrupt this PRC-nexus operation.

Browser notification panel hijacked by a malicious Matrix Push C2 interface delivering phishing alerts

Matrix Push C2 Hijacks Browser Notifications for Stealth Phishing

yohanmanuja1 month ago1 month ago39 mins

Matrix Push C2 is a browser-native command-and-control framework that hijacks web push notifications to deliver phishing prompts, brand-spoofed alerts and malware. By abusing legitimate notification flows, it turns a routine “Allow notifications” click into a persistent phishing channel that most security stacks barely monitor.

Illustration of a TikTok-style feed with a visible AI content slider and a subtle “AI-generated” label on one of the videos.

TikTok AI Content Control Features: Labels for a More Transparent

yohanmanuja1 month ago1 month ago08 mins

TikTok is rolling out an AI content control slider inside its Manage Topics settings, letting users reduce or increase how often AI-generated videos appear in their For You feed. Paired with stricter labeling rules and invisible watermarks for synthetic media, the change reshapes how users, creators and brands navigate AI on the platform.

Three interconnected cloud icons labelled as major providers feeding into a central “internet” node, with a broken configuration symbol triggering warning triangles

Cloudflare, Azure, AWS Outages: The Striking Pattern

yohanmanuja1 month ago1 month ago010 mins

Within four weeks, AWS, Azure and Cloudflare all suffered major outages triggered by internal configuration and metadata failures rather than attacks. This article unpacks the Cloudflare–Azure–AWS outage pattern, examines how cloud centralisation amplifies these incidents and outlines realistic resilience moves for IT, SRE and security teams.

Futuristic IDE view showing GPT-5.1 Codex as an autonomous coding agent connected to a secure pipeline

GPT-5.1 Codex: Long-Horizon AI Agents Meet Enterprise Security

yohanmanuja1 month ago1 month ago18 mins

GPT-5.1 Codex-Max can now code independently for hours inside terminals, IDEs and Windows environments. That jump from helper to autonomous coding agent dramatically changes the threat model, turning AI-generated patches, permissions and pipelines into first-class security concerns.

Custom illustration showing fake software installers with TamperedChef branding dropping a hidden JavaScript backdoor on a workstation.

TamperedChef Malware Uses Fake Installers in Global Campaign

yohanmanuja1 month ago1 month ago06 mins

TamperedChef malware no longer hides only behind a rogue PDF editor. In its latest evolution, the campaign uses signed fake software installers, malvertising and SEO poisoning to deliver an obfuscated JavaScript backdoor via a dropped XML-scheduled task. Telemetry shows a strong footprint in the U.S. and heavy impact on healthcare, construction and manufacturing, where users often search online for product manuals and tools. This article unpacks the global infrastructure, shell-company certificates and execution chain so defenders can hunt and harden effectively.

Ollama AI server parsing a malicious GGUF model file that leads to remote code execution vulnerability

Ollama Under Fire: Code Execution in Popular LLM Framework

yohanmanuja1 month ago1 month ago18 mins

Newly disclosed vulnerabilities in the Ollama framework allow attackers to execute arbitrary code by feeding the server malicious GGUF model files. This article explains how the mllama metadata parsing flaw works, why versions before 0.7.0 are at risk, and what AI security teams should do to harden their local LLM infrastructure against code execution attacks.

An illustration of Zero Trust for remote teams using micro-segmentation lite, where users are granted access only to the specific application groups they need, blocking access to all others

Zero Trust for Remote Teams: Micro-Segmentation Lite

yohanmanuja1 month ago1 month ago06 mins

Remote work needs more than a VPN. This guide shows small businesses how to apply Zero Trust with “micro-segmentation lite”: verify each request with identity and device checks, publish apps through access proxies, and block lateral movement with simple zones. You’ll protect remote teams fast without heavy tooling.

AI-generated deepfake masks over digital profiles representing modern fraud

AI-Powered Fraud Is Exploding: Why Cybercriminals Are Winning

yohanmanuja1 month ago1 month ago25 mins

AI-powered fraud is expanding at an unprecedented rate as criminals weaponize generative models, deepfakes and automated identity systems. Organizations must strengthen identity verification and adopt resilience-first strategies to withstand this next-generation threat.

Concept image of a cloud-managed firewall controlling multiple IoT devices while an attacker silhouette taps into the cloud control channel

Cloud Break: How Hackers Hijack IoT Through Cloud Firewalls

yohanmanuja1 month ago1 month ago39 mins

Cloud Break research shows how attackers can silently take over IoT devices by impersonating them to cloud-managed firewalls and routers, abusing weak serial number–based identity and vendor control planes instead of firmware bugs. This article breaks down the attack path and maps practical defences for security teams running cloud-managed edge gear.

TeamViewer DEX Vulnerabilities Expose Enterprise Endpoint Risks

Trust Wallet Chrome Extension Hack Exposes Browser Wallet Risk

LangChain Core Vulnerability Highlights Risks in AI Frameworks

China-Linked Actors Abuse DNS in Advanced Espionage Malware

Parrot OS 7.0 Focuses on Reliable Penetration Testing Workflows

Stealth Malware Loaders and AI-Assisted Attacks Reshape

yohanmanuja

How APT24 Uses BadAudio Malware in Multi-Vector Espionage

Matrix Push C2 Hijacks Browser Notifications for Stealth Phishing

TikTok AI Content Control Features: Labels for a More Transparent

Cloudflare, Azure, AWS Outages: The Striking Pattern

GPT-5.1 Codex: Long-Horizon AI Agents Meet Enterprise Security

TamperedChef Malware Uses Fake Installers in Global Campaign

Ollama Under Fire: Code Execution in Popular LLM Framework

Zero Trust for Remote Teams: Micro-Segmentation Lite

AI-Powered Fraud Is Exploding: Why Cybercriminals Are Winning

Cloud Break: How Hackers Hijack IoT Through Cloud Firewalls