Cyber Defense Advisors

News

RansomHouse ransomware: what you need to know

What is RansomHouse? RansomHouse is a cybercrime operation that follows a Ransomware-as-a-Service (RaaS) business model, where affiliates (who do not require technical skills of their own) use the ransomware operator’s infrastructure to extort money from victims.  So they are a bog-standard ransomware gang? Not quite. Many ransomware operations encrypt and steal your data, demanding a […]

Cyber News

Slopsquatting

As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names—laced with malware, of course. Tags: AI, LLM, malware Sidebar photo of Bruce Schneier by Joe MacInnis.  

Cyber News

The AI Fix #46: AI can read minds now, and is your co-host a clone?

In episode 46 of The AI Fix, China trolls US tariffs, a microscopic pogoing flea-bot makes a tiny leap forward for robotics, Google unveils the Agent2Agent protocol, a robot dog is so cute it ruins Graham’s entire day, and Europe commits €20 billion and all of its buzzwords to five moonshot AI gigafactories. Graham brings […]

Cyber News

Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool

The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Linux systems. “Threat actors are increasingly using open source tools in their arsenals for cost-effectiveness and obfuscation to save money and, in […]

Cyber News

Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence

A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change. The flaw, assigned the CVE identifier CVE-2025-24859, carries a CVSS score of 10.0, indicating maximum severity. It affects all versions of Roller up to and […]

Cyber News

Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders

Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that’s designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens. The package, ccxt-mexc-futures, purports to be an extension built on top of a popular Python library named ccxt (short for CryptoCurrency […]

Cyber News

Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds

Everybody knows browser extensions are embedded into nearly every user’s daily workflow, from spell checkers to GenAI tools. What most IT and security people don’t know is that browser extensions’ excessive permissions are a growing risk to organizations. LayerX today announced the release of the Enterprise Browser Extension Security Report 2025, This report is the […]

Cyber News

Crypto Developers Targeted by Python Malware Disguised as Coding Challenges

The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks […]

Cyber News

Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability

A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks. It […]

Cyber News