Hacker

CISA details threat actors exploiting CVE-2024-36401 in GeoServer for initial access to a U.S. federal network on July 11, 2024, using webshells, dirtycow escalation, and lateral movement—undetected until July 31. Key lessons: Immediate KEV patching, enhanced IR plans, and continuous EDR monitoring.

Cybercriminals abused compromised AWS credentials to hijack Amazon SES, sending 50,000+ phishing emails daily by bypassing sandbox limits. Learn how to detect and prevent SES abuse.

Cybercriminals register deceptive domains mimicking FIFA World Cup sites to steal data and distribute malware ahead of the 2026 tournament. Learn about the attack methods and protection strategies.

Hackers are exploiting macOS security features like Keychain, TCC, SIP, and Gatekeeper to spread malware. Learn how to detect and prevent these advanced macOS attacks.

Discover how a Pakistan-based cybercrime network exploited pirated software to infect 1.88 million devices and steal $4.67 million in credentials. Learn about their tactics and operation details.

Hackers exploit a legitimate driver to bypass Microsoft Defender and install Akira ransomware. Learn how this vulnerability works and how to protect your PC.

Cybercriminals compromised corporate systems in under five minutes by exploiting QuickAssist and PowerShell scripting. Learn how social engineering facilitated this rapid breach.

Cybercriminals are using free trials of Endpoint Detection and Response (EDR) software to disable existing security measures. Learn about the BYOEDR attack technique and its implications.

In 2024, over 84,000 online gaming accounts were leaked in India, according to Kaspersky. Discover the impact of this data breach and the state of gaming security in the APAC region.

A Hyderabad housewife lost ₹1.61 crore to cyber scammers posing as employers. Discover how the scam unfolded and the steps taken by police to investigate.