Topic: lateral movement
-
3 Browser Sandbox Threats That Evade Security Tools
Browsers are the primary target for cyberattacks but are often neglected in security frameworks, as they handle critical tasks yet prioritize performance over advanced threat protection. Key browser threats include credential theft, malicious extensions, and lateral movement, which exploit standa...
Read More » -
Australia excels at detecting cyberattacks but struggles with alert fatigue, Illumio finds
Australian organizations lead globally in detecting lateral movement security incidents (97% detection rate) but face severe operational challenges from overwhelming alert volumes and false positives. Security teams receive an average of 2,061 alerts daily, leading to alert fatigue and spending n...
Read More » -
Hackers Breach Federal Agency via GeoServer Flaw, CISA Warns
A critical vulnerability (CVE-2024-36401) in GeoServer was exploited to breach a U.S. federal agency's network after attackers compromised an unpatched server. The attackers moved laterally from the initial entry point, deploying malicious tools like China Chopper and using brute force attacks to...
Read More » -
Stop Malicious PowerShell with New ExtraHop Security Tools
ExtraHop has introduced new security enhancements to detect and neutralize malicious PowerShell activity, which attackers use to operate stealthily within networks by blending in with normal administrative tasks. The platform integrates detection mechanisms that identify specific malicious behavi...
Read More » -
Old Windows Flaws Still Leak Your Passwords
Outdated Windows protocols like LLMNR and NBT-NS pose a security threat by allowing credential theft through inherent design flaws, not software vulnerabilities, as they automatically trust any responding device on the network. Attackers can use tools like Responder to intercept authentication da...
Read More » -
CISA Alerts: Chinese "BrickStorm" Malware Targets VMware Servers
A sophisticated Chinese-linked malware campaign called "Brickstorm" is targeting VMware vSphere servers, using hidden virtual machines to steal credentials and compromise networks, as detailed by U.S. and Canadian cybersecurity agencies. The malware employs advanced evasion techniques like encryp...
Read More » -
Microsoft GoAnywhere Flaw Fuels Ransomware Attacks
A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT platform is being exploited by ransomware attackers, allowing remote access without user interaction. The cybercrime group Storm-1175, linked to Medusa ransomware, is actively using this flaw to gain initial access, deploy remot...
Read More » -
Illumio and Microsoft Partner to Stop Cyber Breaches at Scale
Microsoft has fully implemented Illumio's Insights and Segmentation platform across its entire corporate IT infrastructure, marking a strategic shift toward proactive, AI-driven cybersecurity to prevent threats from spreading. The partnership was driven by Illumio's ability to meet Microsoft's im...
Read More » -
Akira Ransomware: 4 Hours from VPN Login to Total Encryption
Akira ransomware attacks can achieve full network encryption in as little as four hours after initial VPN access, leaving organizations with a very narrow window for detection and response. Attackers exploit stolen SonicWall VPN credentials and bypass multi-factor authentication to systematically...
Read More » -
Microsoft 365: The Biggest Cybersecurity Risk You're Ignoring
Microsoft 365's widespread adoption and integration of services like Outlook and Teams make it a prime target for cyberattacks, offering a broad attack surface due to its interconnected ecosystem. The platform's built-in backup and recovery features are often insufficient, potentially preserving ...
Read More » -
The $400M Password Problem: Can You Get a New One?
A social engineering attack on Clorox, executed by impersonating employees and manipulating an outsourced service desk, led to an estimated $380 million in damages by exploiting weak password and MFA reset procedures. The breach caused severe operational disruptions, including halted production a...
Read More » -
China's Salt Typhoon Hackers Target European Telecoms
A China-linked cyber espionage group known as Salt Typhoon is targeting European telecommunications providers to infiltrate critical infrastructure for intelligence gathering and surveillance. The attackers exploited a Citrix NetScaler Gateway vulnerability, deployed the SNAPPYBEE backdoor via DL...
Read More » -
ScreenConnect Flaws Exploited in Network Breaches
Cyber-attacks are increasingly using legitimate remote monitoring and management (RMM) tools like ConnectWise ScreenConnect for initial network access through phishing, providing stealthy unauthorized control. Attackers exploit ScreenConnect's features such as unattended access and VPN functional...
Read More » -
SonicWall VPN Attacks Intensify, MFA Bypassed
A ransomware group named Akira is exploiting SonicWall SSL VPN appliances, primarily through a known vulnerability (CVE-2024-40766), to bypass multi-factor authentication and gain unauthorized access. The attacks are highly automated and rapid, with intruders moving quickly to scan networks and d...
Read More » -
Ransomware Attackers Wipe Azure Data and Backups After Theft
A new wave of cloud-focused ransomware attacks by group Storm-0501 systematically wipes primary data and backups in Microsoft Azure, leaving organizations with no recovery options. The group exploits native cloud functionalities to exfiltrate large volumes of data without on-premises hardware, ma...
Read More » -
Stop Silent Security Failures with Adversarial Validation
Many organizations overestimate their cybersecurity effectiveness, with research showing only one in seven attacks are detected, leaving significant exposure despite seemingly robust measures. Key factors contributing to undetected security failures include configuration drift, integration gaps b...
Read More » -
China-Linked 'Warp Panda' Hacks North American Firms in Espionage Campaign
A Chinese state-linked cyber-espionage group, 'Warp Panda,' is targeting North American legal, tech, and manufacturing firms for intelligence aligned with China's strategic priorities. The group demonstrates high sophistication, exploiting vulnerabilities to access VMware vCenter systems and depl...
Read More » -
SonicWall VPN Breach: Hackers Exploit Stolen Credentials
Attackers breached over 100 SonicWall SSLVPN accounts using stolen credentials, with malicious activity detected from October 4th to at least October 10th by Huntress. The intrusions utilized previously compromised valid credentials, not brute-force methods, and involved network reconnaissance an...
Read More » -
60,000 Redis Servers Exposed by Critical Security Flaw
A critical vulnerability (CVE-2025-49844) in Redis, rated 10.0 in severity, allows attackers to gain full control over servers by exploiting a flaw in the Lua scripting engine that has existed for 13 years. Approximately 60,000 publicly accessible Redis servers with no authentication are at direc...
Read More » -
Capita Hit With £14m Fine Over 6.6 Million Data Breach
Capita has been fined £14 million by the UK's Information Commissioner's Office for a data breach that exposed the personal information of approximately 6.6 million individuals, with the penalty reduced from an initial £45 million due to the company's cooperation and security improvements. The br...
Read More » -
'BRICKSTORM' Backdoor: Chinese Hackers Target US Firms
A sophisticated cyber espionage campaign using the BRICKSTORM backdoor is targeting U.S. companies, particularly in legal, tech, and SaaS sectors, and is attributed to Chinese-aligned hackers with goals beyond intelligence gathering. The threat actors, known as UNC5221, employ a complex, multi-st...
Read More » -
Federal Agency Hacked Through GeoServer Vulnerability
A federal agency suffered a cybersecurity breach in July 2024 when attackers exploited a critical, unpatched vulnerability in a public-facing GeoServer, allowing them to deploy malicious tools and establish persistence. The attackers used the same vulnerability to breach a second server, moved la...
Read More » -
AI Cyberattacks Are Rising: Is Your Network Ready?
Adversarial AI tools are enabling faster, more sophisticated, and evasive cyberattacks that can bypass traditional defenses and overwhelm manual security processes. This threat evolution necessitates a zero-trust security framework and makes comprehensive network visibility through Network Detect...
Read More » -
Cyber-Espionage Attack Mimics Sandworm Hits Russian, Belarusian Forces
A sophisticated spear-phishing campaign targets Russian and Belarusian military personnel using weaponized documents disguised as legitimate military correspondence to deliver malware. The attack deploys a malicious LNK file that executes PowerShell scripts, establishes persistence, and sets up O...
Read More » -
Securing AI Agents in SaaS with Obsidian
Obsidian Security has launched a new defense system specifically designed to secure AI agents in SaaS environments, addressing the security gaps and cascading threats created by their rapid integration and excessive permissions. The proliferation of AI agents, such as those from Microsoft Copilot...
Read More » -
Critical FortiSIEM Exploit Released: CVE-2025-64155 PoC
A critical vulnerability (CVE-2025-64155) in Fortinet's FortiSIEM platform now has public exploit code, allowing unauthenticated attackers to remotely execute arbitrary code with root privileges. Fortinet has released patches, and customers are urged to immediately upgrade to fixed versions; a te...
Read More » -
Nevada Government Hit by Devastating Ransomware Attack
The ransomware attack began when a state employee inadvertently downloaded malware via a poisoned search ad, giving hackers persistent access to the government network. Nevada refused to pay the ransom and instead mobilized internal IT staff, who worked extensive overtime to rebuild systems, savi...
Read More » -
Skuld Infostealer Exploits WSUS Flaw (CVE-2025-59287)
A critical remote code execution vulnerability (CVE-2025-59287) in Windows Server Update Services (WSUS) is being actively exploited, allowing attackers to install information-stealing malware on unpatched systems. The flaw stems from unsafe deserialization of untrusted data, enabling unauthentic...
Read More » -
8 Ransomware Groups Now Using This EDR-Bypassing Tool
A new advanced tool is being used by multiple ransomware groups to bypass endpoint security by exploiting vulnerable drivers and disabling critical defenses before launching attacks. The tool employs heavy obfuscation and BYOVD attacks to target security products from major vendors, allowing rans...
Read More » -
Uncover Dark Web Threats on Your Network with NDR
Cybersecurity teams combat dark web threats like ransomware and data theft by using Network Detection and Response (NDR) systems to identify hidden clues in network traffic. NDR platforms provide real-time monitoring with AI and machine learning to detect malicious activities, reduce response tim...
Read More » -
ScreenConnect Admins Alerted to Spoofed Login Attacks
ScreenConnect administrators are targeted by a phishing campaign using fake security alerts to steal login credentials and bypass multi-factor authentication, aiming to compromise Super Admin accounts. Attackers employ the EvilGinx framework to create convincing phishing portals that capture sess...
Read More » -
React2Shell flaw fuels ransomware attacks
The **React2Shell** vulnerability (CVE-2025-55182) is being actively exploited, allowing attackers to gain unauthorized server access and deploy ransomware in under a minute without authentication. Attackers used this flaw to deploy the **Weaxor ransomware**, a less sophisticated rebrand of older...
Read More » -
Ransomware Groups Pivot as Victims Stop Paying
Ransomware payment rates have plummeted to just 23% in Q3 2025, significantly undermining the financial model of cybercriminals and marking a victory for cybersecurity efforts. Attackers are increasingly relying on social engineering tactics like insider threats, helpdesk impersonation, and callb...
Read More » -
Microsoft GoAnywhere Bug Fuels Medusa Ransomware Attacks
A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere platform allows unauthenticated attackers to execute remote code, prompting urgent patching and removal of internet exposure. The flaw was exploited as a zero-day by Storm-1175, who used legitimate tools for reconnaissance and deplo...
Read More » -
Forescout eyeSentry: Continuous Cloud Exposure Management
Forescout launched eyeSentry, a cloud-native platform that helps enterprises identify and manage vulnerabilities across IT, IoT, and IoMT assets, addressing the limitations of traditional security measures in modern networks. A study by Forescout reveals that 65% of connected assets in organizati...
Read More » -
LinkedIn Phishing Attack Uses Pen Testing Tool to Target Executives
A sophisticated phishing campaign targets business leaders and IT professionals via LinkedIn, using industry-specific lures to build false trust and deliver malicious links. The attack deploys a Remote Access Trojan (RAT) by abusing a legitimate PDF reader through DLL sideloading, which complicat...
Read More » -
CISA Alerts: Akira Ransomware Now Targets Linux, Nutanix VMs
The Akira ransomware group has expanded to target Linux systems and Nutanix AHV virtual machines, exploiting vulnerabilities like CVE-2024-40766 and encrypting .qcow2 disk files to increase their impact. Attackers use stolen credentials and tools like AnyDesk and Impacket for initial access, late...
Read More » -
Cisco Hackers Use SNMP Flaw to Install Rootkit on Switches
Cybersecurity experts warn of a serious threat exploiting a recently patched remote code execution vulnerability (CVE-2025-20352) in Cisco networking hardware, allowing attackers with root access to install persistent rootkits. The campaign, named 'Operation Zero Disco', targets Cisco switches li...
Read More » -
Microsoft Secures IE Mode After Hackers Exploit Legacy Backdoor
Microsoft has strengthened Internet Explorer mode security in Edge after attackers exploited zero-day vulnerabilities in August 2025, using social engineering to compromise systems. Attackers tricked users into reloading pages in IE mode, leveraging Chakra engine exploits for remote code executio...
Read More » -
Critical Redis Flaw Exposes Thousands of Instances
A critical security vulnerability (CVE-2025-49844) in Redis allows authenticated attackers to execute remote code via a use-after-free flaw in Lua scripting, posing a severe risk to systems. The flaw affects a vast number of organizations due to Redis's widespread use in cloud environments, and i...
Read More » -
Hypervisors: The Hidden Ransomware Risk in Virtualization
Hypervisors are a critical but often overlooked ransomware target, as a single compromise can jeopardize hundreds of virtual machines, with traditional security tools lacking visibility into this layer. Hypervisor-based ransomware attacks surged dramatically in late 2025, driven by groups like Ak...
Read More » -
Kraken Ransomware Scans Systems for Fastest Encryption
Kraken ransomware uniquely tests a machine's performance to choose the most efficient encryption method, allowing it to encrypt data quickly without triggering system alerts by using temporary files to decide between full or partial encryption. It targets high-value organizations globally through...
Read More » -
AppGate Secures AI Workloads with Zero Trust Agentic AI Core
AppGate has introduced Agentic AI Core Protection to extend zero-trust security principles directly to AI workloads, enabling secure innovation across on-premises and cloud environments. Traditional security models are inadequate for AI agents, as their exposed interfaces create new attack vector...
Read More » -
Ransomware Gangs Now Exploiting Critical Linux Flaw
A critical Linux kernel vulnerability (CVE-2024-1086) is now being actively exploited by ransomware gangs, allowing attackers to gain complete control over affected systems. The flaw enables local privilege escalation to root access, permitting attackers to disable security, deploy malware, and s...
Read More »