Cloud Break research shows how attackers can silently take over IoT devices by impersonating them to cloud-managed firewalls and routers, abusing weak serial number–based identity and vendor control planes instead of firmware bugs. This article breaks down the attack path and maps practical defences for security teams running cloud-managed edge gear.
Cephalus ransomware breaks in through exposed or weak RDP, steals data, and launches a Go-based encryptor that disables backups and evades analysis with DLL sideloading and key obfuscation. Consequently, victims encounter fast double-extortion pressure and noisy business disruption unless identity and remote-access controls stop the chain early.
Cybercriminals are distributing malware through fake judicial notification emails, posing as court summons or legal notices.
The campaign aims to deceive users into opening malicious attachments or clicking links that trigger trojan infections and data theft.
Microsoft Outlook has disabled inline SVG image rendering after attackers exploited the feature in phishing campaigns, marking another step in tightening email security.
Gootloader is active again. Attackers poison search results for legal templates, hide content with glyph-mapped fonts, and ship malformed ZIP files that drop JavaScript. The post-compromise tempo increases, so defenders must harden browsers, restrict scripts, and tune detections now.
A public PoC exploit for CVE-2025-32463 in Sudo has been released, enabling local privilege escalation to root. Linux users are urged to update to Sudo 1.9.16p1.
Italy fined Apple $986 million for allegedly enforcing App Tracking Transparency in a way that disadvantaged competitors. The ruling highlights the collision of privacy frameworks, platform control, and competition law
Security researchers revealed that ChatGPT’s Atlas Browser can be manipulated through hidden prompt injections, allowing attackers to hijack AI behavior, leak data, and bypass safeguards. Learn how it works and how to defend against it.
A breach at 700Credit exposed sensitive personal information of millions of vehicle dealership customers due to an API validation flaw. This analysis examines the incident details, response actions, and key cybersecurity lessons for enterprises.
The recent outage at AWS’s US-EAST-1 region grounded dozens of major services and exposed a deeper issue: the loss of senior engineering expertise at Amazon. As widespread apps and platforms went offline, one question loomed large: Can the world’s largest cloud infrastructure sustain itself amid massive talent reductions? Below, we analyse the root causes, implications and lessons for infrastructure reliability.