By [Alon Gal] | February 2025 Introduction: When National Security Gets Compromised for $10 For years, the U.S. military and its defense contractors have been considered the gold standard of security — equipped with multi-billion-dollar budgets, classified intelligence networks, and the world’s most advanced cybersecurity measures. Yet, Global Infostealing Malware Data from Hudson Rock reveals an unsettling reality: Each one of these infected

Hudson Rock has been the go-to source for all things cybersecurity and infosec updates. Be it offering dark web intelligence or finding one’s own data on breach forums, Hudson Rock has been a torch bearer, bringing the latest updates to people. TechNadu reached out to the company to know how they work, what powers them, their mission, their perspective on

Cybercriminals are continuously evolving their tactics to exploit human behavior and trust. In one of the latest campaigns, attackers have weaponized fake CAPTCHA verification systems—tools typically used to verify a user’s legitimacy—to deliver malicious payloads. Introduction This campaign demonstrates an evolution from basic fake URL-based CAPTCHAs, seen in previous attacks, to a more sophisticated Telegram-based approach. The primary targets are

In December 2024, two critical vulnerabilities in Microsoft’s Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities were deemed as highly significant due to the widespread use of LDAP in Windows environments:  In this blog entry, we discuss a fake proof-of-concept (PoC) exploit for CVE-2024-49113 (aka LDAPNightmare) designed to lure security researchers into downloading and executing information-stealing

Key Takeaways Introduction The increase of fake installers bundled with info stealers is a growing threat for users looking for pirated software. These malicious programs disguise themselves as legitimate applications, often appearing in search results or comments on platforms like GitHub. Unfortunately, many users fall prey to these tricks. The Trend Micro™ Managed XDR service frequently sees the fallout, with the Lumma stealer

Introduction Recent research from Halcyon has uncovered a novel approach by a threat actor — referred to as Codefinger — who is actively abusing Amazon Web Services (AWS) by leveraging its native features to facilitate ransomware attacks in the wild. This technique underlines a powerful shift in the cyber threat landscape: instead of exploiting infrastructure outside the victim’s cloud environments, attackers are now using