My Courses
-
SmartLoader malware spread through GitHub repositories
Cybersecurity researchers have identified a sophisticated malware distribution campaign that exploits GitHub repositories, masquerading as legitimate software projects. The SmartLoader malware has been strategically deployed…
-
Cybercriminals using CrossC2 to extend Cobalt Strike beacons to Linux and macOS
Japan’s CERT Coordination Centre (JPCERT/CC) reported on Thursday that it observed incidents involving a command-and-control (C2) framework known as CrossC2. This framework is designed to…
-
Weaknesses in the Xerox Print Orchestration Product allow remote code execution
Xerox has addressed critical security vulnerabilities in its FreeFlow Core, specifically Path Traversal and XML External Entity (XXE) injection flaws that could allow unauthenticated remote…
-
Canadian House of Commons targeted by SharePoint Toolshell cyberattack
A cyberattack targeted the Canadian House of Commons on August 9, 2025, when threat actors exploited a recently disclosed Microsoft vulnerability to gain unauthorised access…
-
Apache Tomcat vulnerabilities allow Denial of Service (DoS) attacks
A critical security vulnerability has been discovered in Apache Tomcat’s HTTP/2 implementation, enabling attackers to launch severe denial-of-service (DoS) attacks against web servers. This vulnerability,…
-
Android malware targeting banking applications through NFC relay scams and call hijacking
Cybersecurity researchers have identified a new Android trojan named PhantomCard, which exploits Near-Field Communication (NFC) technology to execute relay attacks aimed at facilitating fraudulent transactions…
-
MadeYouReset vulnerability in HTTP2 facilitates large-scale DDoS attacks
A new Distributed Denial of Service (DDoS) attack vector has emerged, exploiting flaws in HTTP/2 implementations. This vulnerability, dubbed ‘MadeYouReset’, has drawn comparisons to the…
-
Bypassing Passkey Login through Manipulation of the WebAuthn Process
Researchers at the enterprise browser security firm SquareX have demonstrated a significant vulnerability in passkey security systems. They revealed that an attacker could impersonate a…
-
Hackers using specialized phishing tools for downgrade attacks on FIDO authentication
A sophisticated new threat vector has emerged that could undermine one of the most trusted authentication methods in cybersecurity. FIDO-based passkeys, long considered the gold…
-
AI-assisted SOC boosts efficiency and cuts investigation time
Security operations have never been a 9-to-5 job. For Security Operations Centre (SOC) analysts, the day often begins and ends deep in a queue of…