In order to provide you the best services, DrGlenn regularly posts articles and new security concerns. Check back often!

As the threat landscape continues to evolve, critical infrastructure sectors face a growing wave of sophisticated cyber threats. Traditional security strategies that focus solely on indicators of compromise (IoCs) are proving insufficient against the scale and speed of modern cyberattacks. To address today’s challenges, organizations must adopt a threat-informed defense approach—one that shifts the focus from reactive responses to proactive, intelligence-driven security operations. The rise of cybercrime-as-a-service Today’s macro threat landscape is a flourishing ecosystem of cybercrime facilitated by crime-as-a-service (CaaS) models. Cybercriminal networks now operate like legitimate businesses, with specialized units dedicated to activities such as money laundering, malware...

“Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.” -U.S. Constitution, First Amendment. Image: Shutterstock, zimmytws. In an address to Congress this month, President Trump claimed he had “brought free speech back to America.” But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of journalists, students, universities, government workers, lawyers and judges. This story explores a slew of recent actions by the Trump administration that threaten to undermine all five pillars of the First...

What is the VanHelsing ransomware?First reported earlier in March 2025, VanHelsing is a new ransomware-as-a-service operation.Oh, so it's a relatively new player on the malware scene, then. Why the concern?At least three victims of VanHelsing have already been identitified, and a number of variants of the malware have been analysed by security researchers. The fact that VanHelsing runs as a RaaS operation means that the problem could become significantly worse.Remind me again, what is RaaS?RaaS stands for ransomware-as-a-service. The criminals behind VanHelsing lease out their tools and infrastructure to "affiliates" who will launch the attacks, and then share a slice of the money they extort with the VanHelsing operators.Can anyone become a VanHelsing affiliate?Newcomers to the...

Mar 27, 2025Ravie LakshmananEmail Security / malware Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the moniker Morphing Meerkat. "The threat actor behind the campaigns often exploits open redirects on adtech infrastructure, compromises domains for phishing distribution, and distributes stolen credentials through several mechanisms, including Telegram," the company said in a report shared with The Hacker News. One such campaign leveraging the PhaaS toolkit was documented by Forcepoint in...

Understanding Common MisconceptionsDigital security is a growing concern, and many Apple users suspect their iPhones or MacBooks have been hacked. However, in most cases, these fears stem from new features, security alerts, or misinterpretations of system behaviour rather than actual cyberattacks. This article explores common reasons why people believe their Apple devices are compromised and how to distinguish between legitimate threats and harmless system activity.The Latest iPhones and MacBooks: What’s New?Apple continuously enhances its hardware and software with new security measures, AI-powered features, and system optimisations. The latest iPhone models, including the iPhone 15 series, introduce improved AI-driven background tasks, expanded use of eSIM, and enhanced privacy...

India’s Digital Personal Data Protection (DPDP) Act, which came into force in July 2024, marks a significant shift in how organizations handle personal data. The Act aims to balance individuals’ right to privacy with the lawful processing of their data, setting new compliance standards for businesses operating in India. Whether you’re a business owner, data protection officer, or IT security professional, understanding and implementing the DPDP Act is essential to avoid penalties and safeguard personal data.  This blog explores the key aspects of the DPDP Act, including its history, applicability, individual rights, penalties, and organizational obligations. It also offers insights into best practices for achieving compliance.  Understanding the DPDP Act: A Brief History  The DPDP...

New versions of the Albabat ransomware have been developed, enabling threat actors to target multiple operating systems (OS) and improve the efficiency of attacks. Trend Micro researchers said ransomware version 2.0 targets not only Microsoft Windows but also gathers system and hardware information on Linux and macOS. Read now: Eldorado Ransomware Strikes Windows and Linux Networks This version uses a GitHub account to store and deliver configuration files for ransomware. This use of GitHub is designed to streamline operations. The researchers also found evidence of the development of a further Albabat ransomware variant, 2.5, which has currently not been used in the wild. The findings demonstrate the rapid evolution of ransomware tools and techniques to expand and enhance...

At the 2024 virus Bulletin conference, Sophos Principal Data Scientist Younghoo Lee presented a paper on SophosAI’s research into ‘multimodal’ AI (a system that integrates diverse data types into a unified analytical framework). In his talk, Lee explored the team’s novel empirical research on applying multimodal AI to the detection of spam, phishing, and unsafe web content. What is multimodal AI? Multimodal AI represents a significant shift in artificial intelligence. Rather than traditional single-mode analysis, multimodal systems can process multiple data streams simultaneously, synthesizing data from multiple inputs. In the context of cybersecurity – and particularly when it comes to classifying threats – this is a powerful capability. Rather than analyzing textual and visual...

Der Großhändler für Flugtickets Aerticket ist Opfer eines Hackerangriffs. Das Buchungssystem ist betroffen.Planeiation – Shutterstock.com Die Webseite von Aerticket ist aktuell nicht erreichbar. Der Großhändler für Flugtickets wurde nach eigenen Angaben am 9. März Ziel eines Cyberangriffs. Wie das in Berlin ansässige Unternehmen mitteilt, ist auch das Buchungssystem Cockpit betroffen, das zur Abwicklung von Buchungen und Reservierungen dient. Angriffsursache noch unklar Weitere Informationen zu dem Angriff gibt es bisher nicht. Die weitreichenden Folgen deuten allerdings daraufhin, dass dabei eine Ransomware im Spiel war. Der Mitteilung zufolge baut Aerticket derzeit eine alternative Buchungsplattform namens Cockpit Light auf. Diese „vorübergehende Buchungsmöglichkeit“ soll allen...

A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed “ClickFix,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. ClickFix attacks mimic the “Verify You are a Human” tests that many websites use to separate real visitors from content-scraping bots. This particular scam usually starts with a website popup that looks something like this: This malware attack pretends to be a CAPTCHA intended to separate humans from bots. Clicking the “I’m not a robot” button generates a pop-up message asking the user to take three sequential steps to prove their humanity....

Has your old Chromecast suddenly developed a problem?You're not alone it seems.Many users of second-generation Chromecast and Chromecast Audio streaming devices have discovered that their beloved dongles have gone belly-up and are showing error messages such as:"Untrusted device: [name] couldn't be verified. This could be caused by outdated firmware."And what has the typical tech user learnt over the years if a piece of hardware isn't working properly? Why, do a factory reset of course!Woah! Stop right there - because Google is advising Chromecast owners to not make the mistake of thinking that performing a factory reset on their Chromecasts will fix the issue.Indeed, Google goes on to explain that if you perform a factory reset while trying to troubleshoot the issue with your...

Mar 11, 2025Ravie LakshmananNetwork Security / Vulnerability Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. "The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet," security researchers Ofek Vardi and Matan Mittelman said in a technical report shared with The Hacker News. CVE-2023-1389 is a high-severity security flaw impacting TP-Link Archer AX-21 routers that could lead to command injection, which could then pave the way for remote code execution. The earliest evidence of active exploitation of the flaw dates back to April 2023, with unidentified threat actors using it to drop...

One of the most successful actions that cyber threat actors have historically taken is in the use of “phishing” while misrepresenting themselves and convincing people to give up their logins, passwords and/or control of their device. The problem with this is that the users volunteer their information and therefore the breach can’t be prosecuted. Anydesk is a known program that turns over control of their device(s) to the cybercriminals. While it’s used for many real uses, such as collaboration, tech support or even IT management, cyber criminals have accessed it for nefarious uses.The fact that users are voluntarily allowing cybercriminals access to their devices using a valid program such as anydesk changes the entire landscape of criminality. One could compare it to opening the...

Artificial Intelligence (AI) is transforming the digital landscape, powering applications that are smarter, faster, and more intuitive than ever before. From personalized recommendations to advanced automation, AI is reshaping how businesses interact with technology. However, with this immense potential comes an equally significant responsibility: ensuring the security of AI-powered applications.  In an era where data breaches and cyber threats are increasingly sophisticated, protecting AI-driven systems is no longer optional—it’s imperative. This article explores the security challenges associated with AI-powered applications and outlines effective strategies for safeguarding these innovations.  The Double-Edged Sword of AI in Application Security  Imagine this scenario: A...

A new shift in tactics by the Chinese espionage group Silk Typhoon, also known as Hafnium, has been identified by security researchers.  According to Microsoft Threat Intelligence, the group is increasingly exploiting common IT solutions, such as remote management tools and cloud applications, to gain initial access. While they have not been observed directly targeting Microsoft cloud services, they have leveraged unpatched applications to escalate privileges and infiltrate networks. Silk Typhoon, a well-resourced and technically adept state-sponsored threat actor, has one of the largest targeting footprints among Chinese espionage groups. They opportunistically exploit vulnerabilities in public-facing devices, quickly moving from vulnerability scanning to active exploitation....

Cyber insurance claim values are an effective way to quantify the impact of cyberattacks on organizations. A higher claim value indicates that the victim experienced considerable financial and operational consequences from the attack, while a low claim value reflects limited disruption.  Reducing the value of cyber insurance claims is to everyone’s advantage. For clients, lower claims demonstrate improved cyber resilience while insurers benefit from lower payouts. It also creates a virtuous circle: If insurers are spending less covering claims, they are able to drop premiums, delivering further advantage to clients.  While there is broad consensus that stronger defenses reduce the financial and operational impacts of cyberattacks and the value of the resulting claims, no one has...

A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managers 20 Feb 2025 ESET researchers have observed a malicious campaign where North Korea-aligned threat actors, posing as headhunters, target freelance software developers with info-stealing malware. The activities – named DeceptiveDevelopment and going back to at least November 2023 – involve spearphishing messages that are being distributed on job-hunting and freelancing sites and ask the targets to take a coding test, with the files necessary for the task usually hosted on private repositories such as GitHub. These files are laden with malware, however, which ultimately lets the attackers steal the victims'...

Forscher haben herausgefunden, dass zwei VSCode-Erweiterungen mit Schadcode infiziert sind.VZ_Art – Shutterstock.com Die IT-Forscher Amit Assaraf und Itay Kruk entdeckten kürzlich, dass die beiden Erweiterungen für Visual Studio Code – “Material Theme – Free” und “Material Theme Icons – Free” Schadcode enthalten. Berichten zufolge erfreuten sich diese Erweiterungen großer Beliebtheit und wurden insgesamt fast neun Millionen Mal heruntergeladen. Laut einer Mitteilung eines Microsoft-Mitarbeiters hat der Tech-Konzern daraufhin nicht nur die beiden Erweiterungen entfernt, sondern auch den Entwickler aus dem Marketplace verbannt. Microsoft bestätigte, dass die Sicherheitsanalyse durch die Community mehrere Hinweise auf böswillige Absichten ergeben habe. Recherchen von Microsofts...

One month into his second term, President Trump’s actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consumer protection programs into disarray. At the same time, agencies are battling an ongoing effort by the world’s richest man to wrest control over their networks and data. Image: Shutterstock. Greg Meland. The Trump administration has fired at least 130 employees at the federal government’s foremost cybersecurity body — the Cybersecurity and Infrastructure Security Agency (CISA). Those dismissals reportedly included CISA staff dedicated to securing U.S. elections, and fighting misinformation and foreign influence operations. Earlier this week, technologists with Elon Musk’s Department...

From shadowy Bitcoin exchanges to Interpol’s most wanted, Alexander Vinnik was the alleged kingpin behind BTC-e, a $4bn crypto laundering empire. Learn more about him, and how he became a geopolitical pawn between the US, France, and Russia. Plus! Hear how concert-goers are being warned about a swathe of scams hitting stadiums and arenas around the world. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault. PLUS! Don’t miss our featured interview with Cliff Crosland of Scanner.dev. Warning: This podcast may contain nuts, adult themes, and rude language. Hosts: Graham Cluley:  @grahamcluley.com  @[email protected] Carole Theriault:  @caroletheriault Episode links: Sponsored...