Blog

Meta Platforms, Inc. is facing serious allegations in a copyright infringement lawsuit, with plaintiffs claiming the tech giant used 81.7 terabytes of pirated books from shadow libraries to train its Llama AI models. The lawsuit, filed in the U.S. District Court for the Northern District of California, accuses Meta of illegally torrenting copyrighted material from sources such […]

Security researchers at Volexity have uncovered multiple Russian threat actors conducting sophisticated social engineering and spear-phishing campaigns targeting Microsoft 365 accounts through Device Code Authentication exploitation. The attacks, observed since mid-January 2025, involve three distinct groups: “CozyLarch (APT29),” “UTA0304,” and “UTA0307.” The threat actors impersonate officials from organizations like the US Department of State, Ukrainian

A recently disclosed vulnerability in AnyDesk, a widely used remote desktop software, has raised significant cybersecurity concerns.  The vulnerability identified by CVE-2024-12754 and tracked by ZDI-24-1711 allows local attackers to exploit the handling of Windows background images to gain unauthorized access to sensitive system files, potentially escalating their privileges to administrative levels. This vulnerability has been classified

In recent months, macOS users have faced a significant rise in password-stealing malware attacks. These threats, often distributed through malicious advertising and fake application installers, have become increasingly sophisticated. Three prominent malware types, “Atomic Stealer,” “Poseidon Stealer,” and “Cthulhu Stealer” are at the forefront of this surge. While the security analysts at Palo Alto Networks’ Unit42 noted that each

2024 marked a record-breaking year for cybersecurity challenges as threat actors ramped up their exploitation of vulnerabilities. According to the latest findings from VulnCheck, 768 Common Vulnerabilities and Exposures (CVEs) were publicly reported as exploited in the wild for the first time this year. This figure represents a 20% increase compared to 639 CVEs reported

A sophisticated web-skimming campaign targeting multiple websites, including the UK online store of electronics giant Casio (casio[.]co.uk). The attack, which exposed sensitive customer data, highlights ongoing vulnerabilities in e-commerce platforms and the evolving tactics of cybercriminals. The breach on casio.co.uk was traced back to a malicious web skimmer script that became active between January 14th

A recent cybersecurity threat has emerged in the form of AsyncRAT, a remote access trojan (RAT) that leverages Python and TryCloudflare for stealthy malware delivery. This sophisticated campaign involves a complex sequence of events, starting with phishing emails that deceive users into downloading malicious payloads. Here the attack chain exploits legitimate infrastructure which makes the detection challenging

The Federal Trade Commission (FTC) has taken significant action against GoDaddy, one of the world’s largest web hosting companies, for failing to implement adequate security measures to protect its customers’ data. The FTC alleges that GoDaddy’s “unreasonable security practices” led to several major breaches between 2019 and 2022, exposing sensitive customer information and putting millions

DeepSeek AI has announced that its latest AI model, DeepSeek R1, now relies on Huawei’s Ascend 910C chip for inference tasks in a bold move that could ripple through the tech industry. This shift comes after the model was initially trained on Nvidia’s H100 GPUs, highlighting a significant pivot toward Chinese hardware amidst escalating U.S.

Cybercriminals recently exploited Google’s g.co subdomain to carry out a meticulously crafted scam over a vishing call. The incident was chronicled by Zach Latta, founder of Hack Club, who nearly fell victim to the attack. His account sheds light on the increasing sophistication of phishing techniques, even targeting tech-savvy users. The attack began with a