-
Microsoft Trust Signing service abused to code-sign malware
Cybercriminals are increasingly exploiting Microsoft’s Trusted Signing platform to sign malware executables using short-lived certificates that last for only three days. This tactic aligns with a long-standing trend in which threat actors seek code-signing certificates to lend legitimacy to their…
-
WordPress security plugin WP Ghost vulnerable to remote code execution bug
WP Ghost, a widely used security plugin for WordPress, is currently exposed to a severe vulnerability that poses significant risks to its users. This flaw allows unauthenticated attackers to execute code remotely, potentially compromising entire servers and their associated websites.…
-
March Windows updates mistakenly uninstall Copilot
Microsoft has issued a significant advisory regarding the unintended removal of its AI-powered Copilot digital assistant following the March 2025 cumulative updates for Windows 10 and Windows 11. This development underscores the importance of understanding cybersecurity implications associated with software…
-
Microsoft apologizes for removing VSCode extensions used by millions
Microsoft has reinstated the ‘Material Theme – Free’ and ‘Material Theme Icons – Free’ extensions on the Visual Studio Marketplace after determining that the obfuscated code they contained did not exhibit malicious intent. This incident highlights the delicate balance between…
-
The AI race: Dark AI is in the lead, but good AI is catching up
In today’s digital landscape, the integration of Artificial Intelligence (AI) into cybercriminal operations has escalated the threat level, challenging cybersecurity frameworks globally. Cybercriminals leverage AI to enhance their strategies, leading to sophisticated attacks that can outsmart traditional defenses. However, cybersecurity…
-
US seizes $23 million in crypto stolen via password manager breach
U.S. authorities have successfully seized over $23 million in cryptocurrency associated with a significant theft amounting to $150 million from a Ripple crypto wallet in January 2024. Investigations suggest that the perpetrators of this cybercrime are linked to the 2022…
-
Fake BianLian ransom notes mailed to US CEOs in postal mail scam
Scammers are increasingly adopting sophisticated tactics in their schemes, as evidenced by the recent impersonation of the BianLian ransomware gang. This deception involves mailing counterfeit ransom notes to U.S. corporations via the United States Postal Service, taking extortion methods to…
-
Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks
Microsoft has identified five critical vulnerabilities within the Paragon Partition Manager’s BioNTdrv.sys driver. Notably, one of these vulnerabilities has been actively exploited by ransomware groups in zero-day attacks, granting hackers SYSTEM-level privileges on Windows systems. Understanding BYOVD Attacks The exploited…
-
FBI confirms Lazarus hackers were behind $1.5B Bybit crypto heist
The FBI has confirmed that North Korean hackers, linked to the notorious Lazarus Group, executed a monumental cyber heist, stealing approximately $1.5 billion from the cryptocurrency exchange Bybit. This incident marks the largest recorded theft in the cryptocurrency sector to…
Must-Read Posts
- Adidas warns of data breach after customer service provider hack
- AI in Cybersecurity: Revolutionizing Defense Against Emerging Threats
- Apiiro unveils free scanner to detect malicious code merges
- Apple fined €150 million over App Tracking Transparency issues
- Chase will soon block Zelle payments to sellers on social media
