Polymath Central

RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks

November 26, 2024

The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part…

Cybersecurity

CISA Urges Agencies to Patch Critical “Array Networks” Flaw Amid Active Attacks

November 26, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities…

Cybersecurity

PyPI Python Library “aiocpa” Found Exfiltrating Crypto Keys via Telegram Bot

November 25, 2024

The administrators of the Python Package Index (PyPI) repository have quarantined the package “aiocpa” following a new update that included malicious code to exfiltrate private keys via Telegram. The package…

Cybersecurity

Google’s New Restore Credentials Tool Simplifies App Login After Android Migration

November 25, 2024

Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device. Part of Android’s…

Cybersecurity

Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks

November 25, 2024

Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code (IaC) and policy-as-code (PaC) tools like HashiCorp’s Terraform and Open Policy Agent (OPA) that leverage dedicated, domain-specific languages (DSLs) to…

Cybersecurity

Flying Under the Radar – Security Evasion Techniques

November 25, 2024

Dive into the evolution of phishing and malware evasion techniques and understand how attackers are using increasingly sophisticated methods to bypass security measures. The Evolution of Phishing Attacks “I really…

Cybersecurity

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18 – Nov 24)

November 25, 2024

We hear terms like “state-sponsored attacks” and “critical vulnerabilities” all the time, but what’s really going on behind those words? This week’s cybersecurity news isn’t just about hackers and headlines—it’s…

Cybersecurity

Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections

November 25, 2024

Cybersecurity researchers have uncovered a new malicious campaign that leverages a technique called Bring Your Own Vulnerable Driver (BYOVD) to disarm security protections and ultimately gain access to the infected…

Cybersecurity

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

November 23, 2024

The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a…

Cybersecurity

Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites

November 23, 2024

Government agencies and non-governmental organizations in the United States have become the target of a nascent China state threat actor known as Storm-2077. The adversary, believed to be active since…