North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between March and July 2025. The activity manifested in the form of at least 19 spear-phishing emails that impersonated trusted diplomatic contacts with the goal of luring embassy staff andRead More »North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms

A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service (DDoS)-for-hire botnet called RapperBot. Ethan Foltz of Eugene, Oregon, has been identified as the administrator of the service, the U.S. Department of Justice (DoJ) said. The botnet has been usedRead More »DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks

Warlock ransomware exploits unpatched Microsoft SharePoint vulnerabilities to gain access, escalate privileges, steal credentials, move laterally, and deploy ransomware with data exfiltration across enterprise environments.

A 22-year-old Oregon man has been arrested on suspicion of operating “Rapper Bot,” a massive botnet used to power a service for launching distributed denial-of-service (DDoS) attacks against targets — including a March 2025 DDoS that knocked Twitter/X offline. The Justice Department asserts the suspect and an unidentified co-conspirator rentedRead More »Oregon Man Charged in ‘Rapper Bot’ DDoS Service

Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware called DripDropper. But in an unusual twist, the unknown attackers have been observed patching the exploited vulnerability after securing initial access to prevent further exploitation by otherRead More »Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems

A majority of organizations are unprepared for shorter SSL/TLS certificate lifespans. 

Financial institutions like trading and brokerage firms are the target of a new campaign that delivers a previously unreported remote access trojan called GodRAT. The malicious activity involves the “distribution of malicious .SCR (screen saver) files disguised as financial documents via Skype messenger,” Kaspersky researcher Saurabh Sharma said in aRead More »New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code

Most organizations approach cybersecurity issues reactively, responding to threats only after the damage has been done.