Blog

Blog

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets

Cybersecurity researchers are calling attention to multiple campaigns that leverage known security vulnerabilities and expose Redis servers to various malicious activities, including leveraging the compromised devices as IoT botnets, residential proxies, or cryptocurrency mining infrastructure. The first set of attacks entails the exploitation of CVE-2024-36401 (CVSS score: 9.8), a critical

Blog

Silk Typhoon Attacks North American Orgs in the Cloud

A Chinese APT is going where most APTs don’t: deep into the cloud, compromising supply chains and deploying uncommon malware.

Blog

ReVault Flaw Exposed Millions of Dell Laptops to Malicious Domination

A bug in the control board that connects peripheral devices in commonly used Dell laptops allowed malicious access all the way down to the firmware running on the device chip, new research finds.

Blog

Apple Intelligence Is Picking Up More User Data Than Expected, Researcher Finds

Music tastes, location information, even encrypted messages — Apple’s servers are gathering a “surprising” amount of personal data through Apple Intelligence, Lumia Security’s Yoav Magid warns in his new analysis.

Blog

Interpol Arrests Over 1K Cybercriminals in ‘Operation Serengeti 2.0’

The operation disrupted countless scams, and authorities seized a significant amount of evidence and recovered nearly $100 million in lost funds.

Blog

Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection

Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell. The “Linux-specific malware infection chain that starts with a spam email with a malicious RAR archive file,” Trellix researcher Sagar Bade said in a technical write-up. “The payload isn’t hidden inside the file content…

Blog

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets

Silk Typhoon Attacks North American Orgs in the Cloud

ReVault Flaw Exposed Millions of Dell Laptops to Malicious Domination

Apple Intelligence Is Picking Up More User Data Than Expected, Researcher Finds

Interpol Arrests Over 1K Cybercriminals in ‘Operation Serengeti 2.0’

Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection

Apple Patches Zero-Day Flaw Used in ‘Sophisticated’ Attack

The Growing Challenge of AI Agent and NHI Management

Insurers May Limit Payments in Cases of Unpatched CVEs

Do Claude Code Security Reviews Pass the Vibe Check?