Security Pulse

Custom illustration showing a Windows workstation under surveillance while an obfuscated loader labeled “BadAudio” communicates with APT24 command-and-control infrastructure.

How APT24 Uses BadAudio Malware in Multi-Vector Espionage

yohanmanuja3 months ago3 months ago18 mins

BadAudio gives APT24 a stealthy first-stage foothold in a long-running espionage campaign that focuses on Windows environments. The C++ downloader hides behind DLL search-order hijacking, control-flow obfuscation and AES-encrypted C2, while the group rotates between watering-hole attacks, supply-chain compromises and targeted spearphishing to deliver it. This article breaks down BadAudio’s loader behavior, APT24’s evolving tradecraft and the defensive steps that help security teams detect, contain and disrupt this PRC-nexus operation.

Microsoft Copilot Studio agent interface illustrating token phishing redirection

CoPhish Exploit Shows Trusted Microsoft Domains Aren’t Safe

yohanmanuja4 months ago4 months ago04 mins

A new phishing technique called CoPhish abuses Microsoft Copilot Studio agents to steal OAuth tokens via trusted Microsoft domains, bypassing traditional security filters and highlighting the growing threat within low-code platforms.

Service Finder WordPress authentication bypass (CVE-2025-5947) enabling admin takeover

Service Finder Plugin Flaw (CVE-2025-5947) Abused in Attacks

yohanmanuja4 months ago4 months ago15 mins

A critical vulnerability in the Service Finder Bookings plugin bundled with the Service Finder WordPress theme allows unauthenticated attackers to log in as administrators. The flaw, tracked as CVE-2025-5947, is actively exploited in the wild with a CVSS 9.8 rating. Users must patch immediately to prevent takeovers.

CabinetRAT backdoor cyberattack warning from Ukraine

CERT-UA Issues Alert on CabinetRAT Backdoor Cyber Threat

yohanmanuja4 months ago4 months ago33 mins

Ukraine’s CERT-UA has warned that CabinetRAT backdoor malware is being actively deployed in cyber espionage campaigns targeting government and critical networks.

Microsoft Exchange 2016 and 2019 end of support notice on admin dashboard

Microsoft Announces End of Support for Exchange Servers

yohanmanuja4 months ago4 months ago23 mins

Microsoft has officially ended support for Exchange Server 2016 and 2019, marking the end of a major on-premises email era.
Enterprises still running these versions now face significant security and compliance risks, as both will receive no further patches or updates.

Oracle EBS zero-day exploitation widens as attackers add victims to extortion lists

Oracle EBS Zero-Day Fallout: More Victims Emerge

yohanmanuja4 months ago4 months ago64 mins

The Oracle E-Business Suite campaign continues to grow. This analysis explains the expanding victim list, enterprise impact, and the steps teams should take now to patch, hunt, and contain risk.

showing zombie apps, APIs, and identities reappearing and the steps to detect and decommission them

How Zombie APIs Resurface and Expand Attack Paths

yohanmanuja3 months ago3 months ago25 mins

Abandoned apps, APIs, and identities keep resurfacing. Hunt them continuously, retire them completely, and verify they stay dead—before attackers exploit them.

UK Cyber Security and Resilience Bill strengthens defenses for NHS, water, transport, and energy

UK Unveils Cyber Resilience Bill, Tougher Rules for NHS, Water

yohanmanuja3 months ago3 months ago14 mins

The UK introduced a Cyber Security and Resilience Bill to harden essential services and their suppliers. Consequently, regulators expand scope, speed incident reporting, and push provable resilience across NHS, water, transport, and energy.

Fake Homebrew download page used in Google Ads campaign delivering infostealer malware

Google Ads Abused to Install Hidden macOS Malware

yohanmanuja4 months ago4 months ago25 mins

A new malvertising campaign is using deceptive Google Ads mimicking trusted macOS software brands like Homebrew and LogMeIn to deliver potent infostealers such as AMOS and Odyssey. Mac developers and advanced users are being targeted with copy-and-paste terminal commands that install malware under the guise of legitimate apps. This expert breakdown shows how the attack works, what to watch for and how to defend your environment.

GootLoader returns with web-font obfuscation on WordPress and SEO-poisoned downloads

GootLoader’s comeback: hidden filenames, ZIP-JS payloads

yohanmanuja3 months ago3 months ago33 mins

GootLoader reappeared with custom WOFF2 web-fonts that swap glyph shapes, so a gibberish string in source renders as a harmless-looking filename in the browser. Consequently, victims on SEO-poisoned WordPress sites download ZIP archives carrying JavaScript loaders that trigger rapid, hands-on compromises. Therefore, block risky downloads, hunt for loader execution, and harden WordPress and endpoints to cut dwell time and prevent domain-wide impact within hours.

Secret Service Dismantles Major Telecom Threat Targeting New York City

Australia May Restrict GitHub for Kids Under 16

Hackers Compromise Xubuntu Site to Spread Malicious Downloads

LAMEHUG Malware Uses AI to Generate Commands and Steal Data

LockBit 5.0 Ransomware Variant Targets Hypervisors and Servers

Unauthorized Data Access in Salesforce Published Applications

How APT24 Uses BadAudio Malware in Multi-Vector Espionage

CoPhish Exploit Shows Trusted Microsoft Domains Aren’t Safe

Service Finder Plugin Flaw (CVE-2025-5947) Abused in Attacks

CERT-UA Issues Alert on CabinetRAT Backdoor Cyber Threat

Microsoft Announces End of Support for Exchange Servers

Oracle EBS Zero-Day Fallout: More Victims Emerge

How Zombie APIs Resurface and Expand Attack Paths

UK Unveils Cyber Resilience Bill, Tougher Rules for NHS, Water

Google Ads Abused to Install Hidden macOS Malware

GootLoader’s comeback: hidden filenames, ZIP-JS payloads