Category: DarkNet

China-linked cyber-espionage actors tracked as ‘Bronze Butler’ (Tick) exploited a Motex Lanscope Endpoint Manager vulnerability as a zero-day to deploy an updated version of their Gokcpdoor malware. The discovery of this activity comes from Sophos researchers, who observed the threat actors exploiting the vulnerability in mid-2025 before it was patched to steal confidential information. The

Resources & Guides Microsoft 365 offers powerful built-in security features, but misconfigurations or disabled security settings can leave any organization vulnerable. Our latest guide provides a deep dive on the top 5 Microsoft 365 security checks that every IT and security team should review. For each recommendation, we cover: Common misconfigurations to look out for

Resources & Guides Google Workspace is a powerful platform, but misconfigurations or disabled security settings can leave any organization vulnerable. Our latest guide provides a deep dive on the top 5 Google Workspace security settings that every IT and security team should review. For each security setting, we cover: Common misconfigurations to look out for

The Australian government is warning about ongoing cyberattacks against unpatched Cisco IOS XE devices in the country to infect routers with the BadCandy webshell. The vulnerability exploited in these attacks is CVE-2023-20198, a max-severity flaw that allows remote unauthenticated threat actors to create a local admin user via the web user interface and take over

The University of Pennsylvania suffered a cybersecurity incident on Friday, where students and alumni received a series of offensive emails from various University email addresses, claiming that data was stolen in a breach. The emails have a subject line of “We got hacked  (Action Required)” and claim that data was stolen during an alleged breach, also

Microsoft is introducing a new scareware sensor for the Microsoft Edge web browser, which helps detect scam pages more quickly and ensures that Defender SmartScreen blocks them faster. In scareware scams (also known as tech support scams), fraudsters use aggressive landing pages to trick potential victims into believing that their devices have been compromised with

A Ukrainian national believed to be a member of the Conti ransomware operation has been extradited to the United States and faces charges that could get him 25 years in prison. 43-year-old Oleksii Oleksiyovych Lytvynenko allegedly controlled data stolen from many of Conti victims and was involved in sending ransom notes as part of the

Ribbon Communications, a provider of telecommunications services to the U.S. government and telecom companies worldwide, revealed that nation-state hackers breached its IT network as early as December 2024. Ribbon provides networking solutions and secure cloud communications services to telecommunications companies and critical infrastructure organizations worldwide. The company has over 3,100 employees in 68 global offices

On Thursday, CISA warned U.S. government agencies to secure their systems against attacks exploiting a high-severity vulnerability in Broadcom’s VMware Aria Operations and VMware Tools software. Tracked as CVE-2025-41244 and patched one month ago, this vulnerability allows local attackers with non-administrative privileges to a virtual machine (VM) with VMware Tools and managed by Aria Operations

Near-Field Communication (NFC) relay malware has grown massively popular in Eastern Europe, with researchers discovering over 760 malicious Android apps using the technique to steal people’s payment card information in the past few months. Contrary to the traditional banking trojans that use overlays to steal banking credentials or remote access tools to perform fraudulent transactions