serisec

Category: Cyberattack News

  • 10 Most Dangerous Injection Attacks in 2026

    10 Most Dangerous Injection Attacks in 2026 Since you are in the industry, especially in the network and admin team, you need to know a few vulnerabilities, such as injection attacks to stay alert from them. Each attack or vulnerability has a different method, most importantly injection-type attacks. To understand that and to take a…

  • ClickFix Attack Uses Steganography to Hide Malicious Code in Fake Windows Security Update Screen

    ClickFix Attack Uses Steganography to Hide Malicious Code in Fake Windows Security Update Screen A new wave of ClickFix attacks is abusing highly realistic fake Windows Update screens and PNG image steganography to secretly deploy infostealing malware such as LummaC2 and Rhadamanthys on victim systems. The campaigns rely on tricking users into manually running a…

  • 11 Best Cloud Access Security Broker Software (CASB) – 2025

    11 Best Cloud Access Security Broker Software (CASB) – 2025 As organizations accelerate digital transformation, the need for robust cloud security has never been greater. Cloud Access Security Broker (CASB) software stands at the forefront, acting as the critical gatekeeper between users and cloud service providers. With the explosion of SaaS, IaaS, and PaaS platforms,…

  • Top 10 Cyber Attack Maps to See Digital Threats In 2025

    Top 10 Cyber Attack Maps to See Digital Threats In 2025 In 2025, the digital threat landscape is more dynamic and complex than ever. Cyber attacks are escalating in frequency, sophistication, and impact, targeting businesses, governments, and individuals worldwide. Real-time visibility into these threats is essential for proactive defense, strategic planning, and rapid incident response.…

  • 10 Best Free Malware Analysis Tools To Break Down The Malware Samples – 2025

    10 Best Free Malware Analysis Tools To Break Down The Malware Samples – 2025 Malware analysis is a critical skill for cybersecurity professionals, threat hunters, and incident responders. With the growing sophistication of cyber threats, having access to reliable, free malware analysis tools is essential for dissecting, understanding, and mitigating malicious software. This article reviews…

  • Over 90% of Cybersecurity Leaders Worldwide Encountered Cyberattacks Targeting Cloud Environments

    Over 90% of Cybersecurity Leaders Worldwide Encountered Cyberattacks Targeting Cloud Environments In what security experts are describing as a “distributed crisis,” a staggering 90% of cybersecurity and IT leaders worldwide reported experiencing cyberattacks targeting their cloud environments within the past year. This alarming statistic emerges from comprehensive research conducted across ten countries, highlighting the increasing…

  • 23,000 GitHub Repositories Targeted In Supply Chain Attack

    23,000 GitHub Repositories Targeted In Supply Chain Attack In a massive security breach discovered this week, approximately 23,000 GitHub repositories have been compromised in what security experts are calling one of the largest supply chain attacks to date. The attackers exploited vulnerabilities in the software development pipeline to potentially distribute malicious code to thousands of…

  • Multiple Russian Actors Attacking Orgs To Hack Microsoft 365 Accounts via Device Code Authentication

    Multiple Russian Actors Attacking Orgs To Hack Microsoft 365 Accounts via Device Code Authentication Security researchers at Volexity have uncovered multiple Russian threat actors conducting sophisticated social engineering and spear-phishing campaigns targeting Microsoft 365 accounts through Device Code Authentication exploitation. The attacks, observed since mid-January 2025, involve three distinct groups: “CozyLarch (APT29),” “UTA0304,” and “UTA0307.”…

  • Lazarus Group Infostealer Malwares Attacking Developers In New Campaign

    Lazarus Group Infostealer Malwares Attacking Developers In New Campaign The notorious Lazarus Group, a North Korean Advanced Persistent Threat (APT) group, has been linked to a sophisticated campaign targeting software developers. This campaign involves the use of infostealer malware, designed to steal sensitive information from developers’ systems. The attack leverages social engineering tactics, including fake…

  • New Device Code Phishing Attack Exploit Device Code Authentication To Capture Authentication Tokens

    New Device Code Phishing Attack Exploit Device Code Authentication To Capture Authentication Tokens A sophisticated phishing campaign, identified by Microsoft Threat Intelligence, has been exploiting a technique known as “device code phishing” to capture authentication tokens. This attack, attributed to a group called Storm-2372, has been active since August 2024 and targets a wide range…

  • FinStealer Malware Attacking Leading Indian Bank’s Mobile Users To Steal Login Credentials

    FinStealer Malware Attacking Leading Indian Bank’s Mobile Users To Steal Login Credentials A sophisticated malware campaign dubbed “FinStealer” is actively targeting customers of a leading Indian bank through fraudulent mobile applications. The malware, identified as Trojan.rewardsteal/joxpk, employs advanced tactics to steal banking credentials and personal information from unsuspecting users. The malicious campaign operates through a…

  • Akira Ransomware Leads The Number of Ransomware Attacks For January 2025

    Akira Ransomware Leads The Number of Ransomware Attacks For January 2025 January 2025 marked a significant month in the ransomware landscape, with Akira emerging as the leading threat. According to recent reports, Akira was responsible for 72 attacks globally, highlighting its rapid rise in prominence. This surge in activity is part of a broader trend…

  • APT37 Hackers Abusing Group Chats To Attack Via Malicious LNK File

    APT37 Hackers Abusing Group Chats To Attack Via Malicious LNK File The North Korean state-sponsored hacking group APT37 (aka ScarCruft, Reaper), has been identified leveraging group chat platforms to distribute malicious LNK files. This latest tactic highlights the group’s evolving methods to infiltrate systems and exfiltrate sensitive data. APT37’s recent campaign involves sending malicious LNK…