Cybersecurity - Insights Cybersecurity - News News News - Insights

Akira Ransomware Continues Exploiting SonicWall Vulnerability Using Legitimate Tools

Security researchers warn that the Akira ransomware group is still actively exploiting a year-old SonicWall vulnerability (CVE-2024-40766) for initial access, while relying on pre-installed and legitimate tools to evade detection. This vulnerability, a critical access control flaw with a CVSS score of 9.3, was patched in August 2024, yet Akira continues to target systems that remain unpatched.Over the past three months, Akira attacks have focused on SSL VPN accounts using one-time passwords (OTP) for multi-factor authentication (MFA). According to Arctic Wolf, dozens of incidents show common indicators such as VPN logins from VPS hosting providers, network scanning, Impacket SMB activity [...]

Read more

Cybersecurity - Insights Cybersecurity - News News News - Insights

Microsoft Thwarts AI-Generated Phishing Campaign Targeting US Organizations

Microsoft Threat Intelligence recently intercepted a sophisticated phishing campaign that appears to have leveraged AI-generated code to avoid detection. The attack targeted organizations in the United States and attempted to hide its malicious payload inside an SVG file disguised as a PDF. On August 18, attackers used a compromised small business email account to distribute phishing messages. The emails were self-addressed, with actual targets hidden in the Bcc field, and mimicked file-sharing notifications. The attached file, named “23mb – PDF- 6 pages.svg,” contained embedded scripts that redirected recipients to a fake CAPTCHA page, likely leading to a fraudulent login form. [...]

Read more

Cybersecurity - Insights Cybersecurity - News News News - Insights

How AI is Transforming Cyberattacks According to Wiz CTO Ami Luttwak

Ami Luttwak, chief technologist at cybersecurity firm Wiz, recently shared insights with TechCrunch on how artificial intelligence (AI) is reshaping the cybersecurity landscape. “Cybersecurity is ultimately a mind game,” Luttwak explained. “Whenever a new technology emerges, it presents attackers with new opportunities.” As businesses rapidly integrate AI into workflows—through vibe coding, AI agents, or other tools—the overall attack surface expands. While AI helps developers deliver code faster, this speed often introduces mistakes and insecure shortcuts, which can be exploited by attackers. Wiz, acquired by Google earlier this year for $32 billion, observed that many AI-assisted applications show insecure authentication implementations. [...]

Read more

Cybersecurity - Insights Cybersecurity - News News News - Insights

First Malicious MCP Server Exposed in Rogue Postmark-MCP Package

Cybersecurity researchers have identified the first-ever case of a malicious Model Context Protocol (MCP) server discovered in the wild, highlighting the growing risks to the software supply chain. According to Koi Security, a threat actor introduced rogue functionality into an npm package named “postmark-mcp”, which mimicked the legitimate Postmark Labs library of the same name. The malicious code first appeared in version 1.0.16, released on September 17, 2025. The authentic Postmark-MCP library, available on GitHub, is designed to expose an MCP server that allows users to send emails, manage templates, and track campaigns with AI assistants. However, the compromised npm [...]

Read more

Cybersecurity - Insights Cybersecurity - News News News - Insights

Amazon Agrees to $2.5 Billion Settlement Over Prime Practices

Amazon has agreed to a $2.5 billion settlement with the Federal Trade Commission (FTC) following allegations that the company used deceptive tactics to enroll and retain customers in its Prime subscription service. Despite settling, Amazon maintains that it has always complied with the law. FTC’s Allegations The FTC accused Amazon of employing misleading designs and practices to push consumers into Prime subscriptions and making it unnecessarily difficult to cancel. According to the lawsuit, Amazon relied on “dark patterns”—manipulative design choices in digital interfaces that confuse or pressure users into actions they might not otherwise take, such as agreeing to recurring [...]

Read more

Cybersecurity - Insights Cybersecurity - News News News - Insights

Cognex Industrial Camera Vulnerabilities Pose Risks Without Available Patches

Several industrial cameras produced by Cognex have been identified with serious security vulnerabilities, and the company has stated that no patches will be released for affected models. Organizations using these devices are being advised to transition to newer versions to maintain secure operations. The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on September 18, highlighting the risks associated with Cognex In-Sight products. These cameras, widely used in manufacturing facilities, guide robotic operations, inspect products for quality, and track inventory—functions critical to many industrial environments. Security researchers from Nozomi Networks discovered nine distinct vulnerabilities affecting In-Sight 2000, 7000, 8000, [...]

Read more

Cybersecurity - Insights Cybersecurity - News News News - Insights

Jaguar Land Rover Initiates Phased Recovery Following Cyber-Attack

Jaguar Land Rover (JLR) has started a gradual restart of its operations after a significant cyber-attack disrupted production across the automotive giant. The UK-based company, owned by Tata Motors, has been working to restore critical IT systems and resume normal business functions. JLR has boosted its IT processing capabilities for invoicing, enabling the company to start addressing the backlog of payments owed to suppliers. Its financial systems, responsible for processing vehicle wholesale transactions, are also back online, allowing faster car sales and registration for customers. The company’s Global Parts Logistics Centre, which supports parts distribution for retail partners both in [...]

Read more

Cybersecurity - Insights Cybersecurity - News News News - Insights

Massive Exposure of Indian Bank Transfer Records After Cloud Security Misconfiguration

A recent data exposure incident has raised alarms in India’s financial sector, after hundreds of thousands of sensitive bank transfer documents were found accessible online due to an unsecured cloud server. The leak revealed account numbers, transaction amounts, and customer contact details. Discovery of the breach Cybersecurity researchers at UpGuard identified the issue in late August, when they found a publicly accessible Amazon-hosted storage bucket containing approximately 273,000 PDF documents related to Indian bank transfers. These files were forms used for processing transactions through the National Automated Clearing House (NACH), a system that handles large volumes of recurring payments such [...]

Read more
Cybersecurity
Akira Ransomware Continues Exploiting SonicWall Vulnerability Using Legitimate Tools

Security researchers warn that the Akira ransomware group is still actively exploiting a year-old SonicWall [...]

Microsoft Thwarts AI-Generated Phishing Campaign Targeting US Organizations

Microsoft Threat Intelligence recently intercepted a sophisticated phishing campaign that appears to have leveraged AI-generated [...]

How AI is Transforming Cyberattacks According to Wiz CTO Ami Luttwak

Ami Luttwak, chief technologist at cybersecurity firm Wiz, recently shared insights with TechCrunch on how [...]

First Malicious MCP Server Exposed in Rogue Postmark-MCP Package

Cybersecurity researchers have identified the first-ever case of a malicious Model Context Protocol (MCP) server [...]

Amazon Agrees to $2.5 Billion Settlement Over Prime Practices

Amazon has agreed to a $2.5 billion settlement with the Federal Trade Commission (FTC) following [...]

Cognex Industrial Camera Vulnerabilities Pose Risks Without Available Patches

Several industrial cameras produced by Cognex have been identified with serious security vulnerabilities, and the [...]

Jaguar Land Rover Initiates Phased Recovery Following Cyber-Attack

Jaguar Land Rover (JLR) has started a gradual restart of its operations after a significant [...]

Massive Exposure of Indian Bank Transfer Records After Cloud Security Misconfiguration

A recent data exposure incident has raised alarms in India’s financial sector, after hundreds of [...]

Software
What is the Difference Between a Synchronous and Asynchronous Action in React Redux?

Summarizing the answer as much as possible, an asynchronous action has a callback and the [...]

How Do I Take a Piece of My Status to Print It Somewhere?

useSelector is used to obtain information from the state. const state = useSelector(state => state); [...]

Achieve Your Goals with Habits

Achieve all your goals with Habits. A true gem. A FREE app available for IOS [...]

Virtual Influencers: Did You Know They Exist?

What if I told you that your favorite influencer does NOT exist? Virtual influencers are [...]

Change the Color of Your Eyes?

Change the color of your eyes? Would you be willing to undergo surgery to do [...]

How to Fix the ‘502 Bad Gateway’ Error in Django Deployed on AWS Elastic Beanstalk

Introduction The “502 Bad Gateway” error is common when Nginx, acting as a reverse proxy, [...]

Setting Up a React Frontend on Amazon S3 and CloudFront

This tutorial will guide you through the steps to set up your React frontend on [...]

Tutorial #1: Create a Local Variable on Your System

For macOS or Linux: Step 1: Open the Terminal. Step 2: Determine which shell you [...]

DevOps
How to Install VirtualBox 2020

Go to the official Virtual Box website: https://www.virtualbox.org/wiki/Downloads Download the one for your OS where [...]

How to Connect to PostgreSQL (psql) from Your Local Computer to an AWS RDS

Connecting to an Amazon Web Services (AWS) RDS database from your local computer is an [...]

How to Deploy a React App on AWS S3 and CloudFront

In this tutorial, you will learn how to deploy a React application on AWS using [...]

Tutorial: Deploying an AWS Lambda Function with Dependencies, Environment Variables, and Refresh Token Using the AWS Console

1. Create the function in AWS Lambda Step 1: Access the Lambda console Step 2: [...]

Missing a Temporary Directory’ Error in WordPress: Causes and Solution on Servers with VestaCP

Below you will find a step-by-step tutorial to fix the “Missing a Temporary Folder” error [...]

How We Connect a WhatsApp Chatbot to a Medical System Without an API

One of our healthcare clients uses software similar to Doctoralia Pro or Agenda Pro, specialized [...]

Deploying an AWS Lambda Function with Dependencies, Environment Variables, and a Refresh Token (via AWS Console)

1. Create the Function in AWS Lambda Step 1: Access the Lambda Console Step 2: [...]