More results...
Microsoft has announced significant restrictions on the use of default onmicrosoft.com domains for email communication, implementing new throttling measures to combat spam and improve email deliverability across its Microsoft 365 platform. Policy Chang…
New cybersecurity research has revealed important details about how DPRK-affiliated IT professionals, who fall under Microsoft’s “Jasper Sleet” threat actor group, operate. They take advantage of remote work opportunities in the Web3,…
Kaspersky researchers have uncovered a widespread campaign involving the Efimer malicious script, a sophisticated Trojan-dropper primarily aimed at stealing cryptocurrency. First detected in June 2025, the malware impersonates legal correspondence from…
“In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable a…
Security researchers at StrongestLayer, in collaboration with Jeremy, a seasoned Security Architect at a major manufacturing firm, have exposed a multi-layered spear phishing attack that exploits Microsoft 365’s Direct Send feature to infiltrate …
The Russian state-sponsored threat actor APT28, also known as Fancy Bear or Forest Blizzard, has deployed LameHug, the first publicly documented malware leveraging large language models (LLMs) for automated command generation and execution. According t…
Threat actors have revived the sophisticated VIP keylogger malware, previously detailed in an earlier white paper for its use of spear-phishing and steganography to infiltrate systems and steal data from web browsers and user credentials. This iteratio…
Python developers are being warned about a sophisticated phishing campaign targeting users of the Python Package Index (PyPI) through fraudulent emails and a deceptive clone of the official repository website. While PyPI’s infrastructure remains …
A critical security vulnerability has been discovered in the popular Post SMTP plugin for WordPress, potentially exposing over 400,000 websites to account takeover attacks. The vulnerability, tracked as CVE-2025-24000, affects versions 3.2.0 and below …
Threat actors have deployed a malicious LNK file masquerading as a credit card company’s security email authentication pop-up to pilfer sensitive user information. The file, named “card_detail_20250610.html.lnk,” cleverly disguises it…