inionline.net - We're "IN" business to take care of your network, so you can take care of your business!

Blog

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows – CVE-2024-45195 (CVSS score: 7.5/9.8) – A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to…

Blog

Credential Theft Becomes Cybercriminals’ Favorite Target

Researchers measured a threefold increase in credential stealing between 2023 and 2024, with more than 11.3 million such thefts last year.

Blog

Ferret Malware Added to ‘Contagious Interview’ Campaign

Targets are lured into a fake interview process that convinces them to download malware needed for a virtual interview.

Blog

Cybercriminals Court Traitorous Insiders via Ransom Notes

Ransomware actors are offering individuals millions to turn on their employers and divulge private company information, in a brand-new cybercrime tactic.

Blog

Chinese ‘Infrastructure Laundering’ Abuses AWS, Microsoft Cloud

Funnull CDN rents IPs from legitimate cloud service providers and uses them to host criminal websites, continuously cycling cloud resources in and out of use and acquiring new ones to stay ahead of cyber-defender detection.

Blog

Managing Software Risk in a World of Exploding Vulnerabilities

Organizations and development teams need to evolve from “being prepared” to “managing the risk” of security breaches.

Blog

Managing Software Risk in a World of Exploding Vulnerabilities

Organizations and development teams need to evolve from “being prepared” to “managing the risk” of security breaches.

Blog

Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access

Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB database module (github.com/boltdb/bolt), per Socket. The malicious version (1.3.1) was published to

Blog

Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access

Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB database module (github.com/boltdb/bolt), per Socket. The malicious version (1.3.1) was published to

Blog

Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections

A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version…