CyberSecurityNews

Iranian hackers from APT42 are ramping up their SpearSpecter espionage campaign, deploying the TAMECAT PowerShell backdoor to steal browser credential and sensitive data from high profile targets. Recent analysis from Israel’s National Digital Agency reveals how this modular malware evades detection while targeting defense officials through sophisticated social engineering. Campaign Overview APT42, tied to Iran’s

Imagine searching Google for “mac cleaner” or “clear cache macOS,” clicking a shiny sponsored ad, and without writing handing over your Mac keys to attacker. Cybersecurity researchers have uncovered a fresh campaign abusing Google Ads to redirect users to malicious pages that mimick Apple’s site. These Mac owners with promise of simple storage fixes, only

Malicious Outlook Add-ins Used to Steal Emails In a finding that exposes a hidden gap in Microsoft 365 monitoring, Varonis Threat Labs has uncovered how attackers can quietly abuse Outlook add-ins to extract sensitive email data from organizations. They call this technique “Exfil Out&Look.” These add-ins are meant to boost productivity by integrating web applications

Cal.com’s Access Control Mess Researchers just dug into Cal.com Cloud, that open source scheduling tool folks use as a Calendly alternative with calendar syncs, team features, and APIs. What they found were some nasty, interlinked access control issues that let anyone fully take over user accounts or snoop on every booking, including private meeting details

Generative Application Firewall Generative AI is everywhere these days, powering chatbots, code helpers, and content generators in apps we use daily. This feels like the early days of web apps, when hackers found ways to slip past basic network defenses. Back then, we got Web Application Firewalls (WAFs) to plug the gaps. Now, a new