On June 13, 2024, a critical vulnerability in Grafana, the popular open-source analytics and monitoring platform, was publicly disclosed. Tracked as CVE-2024-36045, the flaw enables attackers to take over user accounts — including admins — via a broken OAuth implementation, with no user interaction required.
Continue reading...
Researchers at Aikido Security uncovered a sophisticated supply‑chain malware operation that compromised at least 16 popular packages in the npm and PyPI ecosystems, affecting nearly 1,000,000 weekly downloads. In recent years, open‑source package ecosystems (npm, PyPI, RubyGems, etc.) have become a “highway” for attackers into…
Continue reading...
Introduction Fileless cyberattacks are becoming increasingly common in today's threat landscape. These attacks execute malicious code directly in system memory, often using legitimate system utilities instead of saving infected files to disk. As a result, fileless malware leaves few traces and frequently evades traditional file-based…
Continue reading...
In a significant blow to the cybercriminal underworld, Europol, in collaboration with international law enforcement agencies, has dismantled six major DDoS-for-hire (also known as "booter" or "stresser") platforms that enabled users to launch thousands of attacks worldwide. As part of Operation PowerOFF, an ongoing campaign…
Continue reading...
A New Era of Social Engineering Attacks In the constantly evolving landscape of cybersecurity threats, a particularly insidious technique has gained alarming traction among the most sophisticated threat actors in the world. According to recent findings from Proofpoint, multiple state-sponsored hacking groups from Iran, North…
Continue reading...
A malicious Python package named “disgrasya” has been discovered on Python Package Index (PyPI), used as a tool for credit card fraud. This package exploited the WooCommerce API to automate stolen card verification and reached over 34,000 downloads, highlighting a serious and widespread threat in…
Continue reading...
In March 2025, cybersecurity researchers from ThreatFabric sounded the alarm over a new Android threat: Crocodilus, a highly sophisticated banking trojan specifically targeting users in Spain and Turkey—but with the potential to go global. Unlike typical malware clones, Crocodilus emerged as a fully-developed threat from…
Continue reading...
In today’s fast-evolving digital landscape, where cyber attackers constantly innovate, security researchers are sounding the alarm about a new sophisticated threat: CoffeeLoader. Recently analyzed by Zscaler ThreatLabz, this malware is designed to download and execute secondary payloads while evading traditional antivirus and EDR (Endpoint Detection…
Continue reading...
