CVE-2024-12987 allows OS command injection via DrayTek Vigor router web interfaces. Learn which models are affected and how to mitigate this critical flaw. Summary of CVE-2024-12987 A critical OS command…
Picture Courtesy - Adaptive Security
1.1 million job applicant records leaked in major recruitment platform breach. Learn about the exposed data, threat actor TTPs, and mitigation steps. Overview of the Job Applicant Data Breach A…
FBI warns users to replace outdated routers exploited by TheMoon malware for botnet operations. Learn how to identify and secure vulnerable devices. Overview: FBI Alert on TheMoon Malware The FBI…
Compromised npm package ‘rand-user-agent’ delivers a Remote Access Trojan (RAT). Learn how this supply chain attack threatens developer ecosystems and how to defend. Introduction: The Supply Chain Threat The compromised…
On May 15, 2025, Nova Scotia Power confirmed a data breach involving the theft of customer information in a targeted cyberattack. As a regulated utility and subsidiary of Emera Inc.,…
A newly uncovered threat campaign shows how attackers are using a PowerShell-Based Loader Deploys Remcos RAT through fileless attack techniques, bypassing traditional AV and EDR controls. The malware resides entirely…
In a recent security incident, Coinbase rejected a $20 million ransom after discovering that rogue third-party contractors were bribed by external threat actors to exfiltrate sensitive customer data. The bribery…
The Snowflake CISO on shared destiny and yes and reveals a cultural shift in how modern security leaders operate—not just as risk reducers, but as collaborative enablers. Gone are the…
Russia-linked APT28 exploited a zero-day in MDaemon email server software, allowing them to compromise government webmail servers across Europe and North America. The zero-day vulnerability allowed remote attackers to gain…
Hunting Jacq