Cybersecurity News

Leading data security and cyber resilience provider Rubrik has disclosed a security incident involving unauthorized access to one of its logging servers. The company has initiated a comprehensive authentication key rotation campaign in response to the detected compromise, demonstrating its commitment to maintaining robust security measures. Incident Detection and Immediate Response Protocol On February 22, … Read more

Cybersecurity researchers at Positive Technologies have uncovered a significant tactical evolution in the operations of Dark Caracal, a notorious advanced persistent threat (APT) group active since 2012. The group has pivoted to deploying a new backdoor called Poco RAT, marking a substantial shift in their attack methodology and technical capabilities. Sophisticated Campaign Targeting Spanish-Speaking Nations … Read more

A comprehensive investigation by Kaspersky Digital Footprint Intelligence has uncovered an alarming cybersecurity threat, revealing that stealer malware has compromised over 2.3 million banking cards globally during 2023-2024. Technical analysis confirms that 95% of the stolen data corresponds to legitimate payment cards, highlighting the severity of this growing financial security crisis. Global Impact and Infection … Read more

Security researchers at Truffle Security have uncovered a significant security vulnerability in Common Crawl, a widely-used dataset for training artificial intelligence models. Their analysis of approximately 400 terabytes of data revealed nearly 12,000 unique authentication credentials, including API keys and service access tokens, potentially compromising numerous systems and organizations. Extensive Scope of Exposed Credentials The … Read more

Mozilla’s February 2024 privacy policy revision for Firefox has sparked significant discussion within the cybersecurity community, marking a notable shift in how the organization approaches user data handling. This update represents a strategic realignment of Mozilla’s privacy commitments, introducing more nuanced language regarding data usage while maintaining core privacy protections. Critical Changes in Data Handling … Read more

The Federal Bureau of Investigation has officially attributed the massive $1.5 billion cryptocurrency theft from Bybit exchange to North Korea’s notorious hacking group TraderTraitor, also known as Lazarus and APT38. The incident, which occurred on February 21, 2025, represents one of the largest cryptocurrency heists in the industry’s history, highlighting the evolving sophistication of state-sponsored … Read more

In a devastating cybersecurity breach on February 21, 2025, cryptocurrency exchange Bybit suffered a massive attack resulting in the theft of approximately $1.5 billion in digital assets. Cybersecurity investigators have attributed the sophisticated operation to North Korea’s notorious Lazarus Group, marking one of the largest cryptocurrency heists in history. Technical Analysis of the Smart Contract … Read more

Microsoft has taken decisive action to protect Visual Studio Code users by removing two widely-used extensions from its official marketplace: Material Theme – Free and Material Theme Icons – Free. The security intervention came after the discovery of potentially malicious code in these popular developer tools, which had accumulated nearly 9 million downloads combined. Security … Read more

Palo Alto Networks researchers have identified a sophisticated new Linux malware strain dubbed “Auto-Color,” which has been actively targeting educational and government institutions across North America and Asia. The malware campaign, observed between November and December 2024, demonstrates unprecedented technical complexity and advanced evasion capabilities, marking a significant evolution in Linux-targeted threats. Technical Analysis of … Read more

Kaspersky’s Global Research and Analysis Team (GReAT) has uncovered a sophisticated malware distribution campaign leveraging GitHub’s platform to spread malicious code disguised as legitimate open-source projects. The operation, dubbed GitVenom, has compromised over 200 repositories, marking a significant escalation in threat actors’ abuse of trusted development platforms. Attack Vector and Social Engineering Tactics The threat … Read more