All Posts

Security researchers uncovered a groundbreaking new threat called "AI-in-the-Middle."  For years, we worried that hackers might use AI to write better phishing emails; now, they are using the AI itself as a secret communication tunnel. By exploiting the way AI assistants like Microsoft Copilot or Grok can browse the live web to summarize links, hackers have found a way to hide their malicious activity. Because these AI services are trusted and used by almost every major compa

In early February 2026, a new kind of digital trap was discovered hidden right inside Microsoft Outlook. Known as "AgreeToSteal,"  this campaign involved a once-popular scheduling tool called "AgreeTo" that had been abandoned by its creator. Because the original developer stopped paying for the website that powered the app, a clever hacker stepped in and bought the web address. Since the app was still officially listed in the Microsoft Store and trusted by Outlook, the hacker

In a massive win for global security, an international police task force dismantled JokerOTP in April 2025. This wasn't just a group of hackers; it was a "crime-as-a-service" supermarket that sold high-tech tools to everyday criminals. By the time it was shut down, the platform had powered over 28,000 attacks across 13 countries, stealing roughly $9.5 million USD from unsuspecting victims. The crackdown led to the arrests of key masterminds in the UK and the Netherlands, but

Since late 2024 and moving into early 2026, specialized North Korean groups have realized it is much easier to simply apply for a job. These operatives are posing as elite IT professionals to land remote roles at major companies, particularly in Singapore, Japan, and Malaysia. While they initially started these scams just to collect high-paying paychecks to fund their government’s weapons, they have now turned into dangerous insiders. They are currently hunting for access to

A major security event is currently unfolding that impacts organizations using Citrix NetScaler (formerly known as Citrix ADC and Gateway). Security researchers at GreyNoise and news outlets like BleepingComputer have raised the alarm regarding a massive wave of scanning activity. What makes this particular situation unique and dangerous is not just the vulnerability itself, but the clever way hackers are hiding their tracks using "residential proxies." At Vardaan Sdn Bhd, we

Most developers spend their entire day inside a code editor like VS Code, relying on "extensions" to help format code or manage projects. We usually treat these marketplaces as safe havens, but a new threat called Glassworm  has recently turned that trust into a vulnerability. Security researchers at Socket and BleepingComputer have uncovered a campaign where hackers hijacked legitimate developer accounts on Open VSX  to distribute malicious code. This isn't just a random vir

In today’s digital landscape, the security of web applications is paramount. Cyber threats evolve rapidly, and businesses must stay ahead to protect sensitive data and maintain trust. Mastering penetration testing services is a critical step in identifying vulnerabilities before attackers exploit them. This post will guide you through the essentials of web application penetration testing, offering practical insights to strengthen your security posture. Understanding Penetrati

Wireless earbuds have become everyday essentials. From work calls and online meetings to personal conversations, devices like Xiaomi Redmi Buds  are trusted to handle sensitive audio data seamlessly. But recent security research shows that this trust may be misplaced. In early 2026, multiple security researchers disclosed a set of vulnerabilities affecting Redmi Buds and similar Bluetooth earbuds , revealing that attackers could exploit weaknesses in Bluetooth pairing and com

The Rise of Virtualization in IT Virtualization is foundational in modern IT. It hosts hundreds or thousands of services on a single physical platform. VMware’s ESXi hypervisor is one of the most widely used in enterprise, cloud, and hosted environments. Its core promise is strong isolation between virtual machines. This isolation ensures that a compromise inside a VM does not translate into control of the host. However, in early 2026, researchers revealed a highly sophistica

Introduction: The Growing Threat of IoT & Android Botnets In today’s hyperconnected world, the proliferation of Android devices, smart TVs, and IoT appliances has created new opportunities for cybercriminals. The KimWolf botnet  is the latest example of a large-scale threat exploiting these vulnerabilities. Reported in early 2026, this botnet has infected over 2 million devices globally , leveraging Android smartphones, Android TV boxes, and other IoT systems to expand its re

Third-party risks have become a recurring concern in cybersecurity. Organizations often invest heavily in securing their own systems, but vulnerabilities at trusted vendors can directly impact client data. Today, Nissan Motor Co., Ltd. faces such a scenario. In late 2025, Red Hat, a leading provider of enterprise open-source software solutions, discovered unauthorized access to its GitLab infrastructure , which manages development and customer systems for clients including Ni

Introduction / Background The Iranian advanced persistent threat (APT) group known as Prince of Persia , also tracked as Infy , has re-emerged after several years of perceived dormancy. Active since at least 2004, Prince of Persia is one of Iran’s earliest state-aligned cyber units, focused on long-term intelligence collection rather than financial gain. Although disruption efforts around 2021–2022 suggested dormancy, recent reporting confirms that the group quietly continued

In the digital age, malware threats are constantly evolving, leveraging new tactics and technologies to compromise unsuspecting users. One such emerging threat is the AMOS Infostealer , a sophisticated piece of malware that specifically targets macOS  devices. Unlike traditional malware that relies on exploiting vulnerabilities, AMOS uses AI-driven social engineering  tactics to deceive victims, making it a new breed of cyber threat. This malware campaign highlights a growing

In the world of mobile cybersecurity, Android devices  have long been a target for cybercriminals. However, a new threat has emerged that takes mobile malware to the next level. Enter DroidLock , a highly sophisticated malware strain that combines the tactics of ransomware with the ability to remotely control Android devices . Unlike many traditional threats that only steal data or lock files, DroidLock takes things further by hijacking devices completely, locking users out,

Introduction In December 2025, the cybercrime group known as GoldFactory launched a widespread malware campaign targeting financial institutions across Southeast Asia. The group’s main weapon is a modified version of banking Trojan malware which infected thousands of mobile users in countries like Indonesia, Thailand, and Vietnam. The malware was cleverly disguised as legitimate banking apps, making it difficult for users to identify the threats. This article explores the bac

Introduction In December 2025, a massive Distributed Denial of Service (DDoS) attack shook global internet infrastructure, achieving an unprecedented peak of 29.7 Tbps. This attack, attributed to the Aisuru  botnet, leveraged a vast network of compromised Internet of Things (IoT) devices. The botnet utilized advanced amplification techniques to overwhelm its targets, leaving behind significant disruption. In this article, we will examine the background of the attack, its impa

Introduction / Background Since at least late 2023, the threat actor known as Bloody Wolf has been active — initially observed targeting organisations in Kazakhstan and Russia using tools such as STRRAT and NetSupport RAT. In mid-2025, researchers from Group-IB (in collaboration with local state enterprise UKUK) uncovered a renewed campaign: spear-phishing attacks against government, financial, and IT sectors, starting in Kyrgyzstan and — by October 2025 — expanding into Uzbe

Cybersecurity has taken a front-row seat again with the recent discovery of a dangerous exploit in the Triofox platform. Google's Mandiant Threat Defense has unearthed a flaw giving cyber attackers dangerous levels of access to companies worldwide. Here’s what you need to know about these cunning digital pirates and their schemes. Unpacking the Attack The Triofox vulnerability, labeled CVE-2025-12480, is a gaping security hole that allows attackers to slip past defenses as if

Hey everyone, cybersecurity enthusiasts and tech defenders! A new campaign is making headlines, and this time, Oracle E-Business Suite (EBS) is the main target. The CL0P ransomware group has been exploiting a critical zero-day vulnerability (CVE-2025-61882) in Oracle EBS to steal data and launch extortion attacks against global organizations. What Happened The campaign started in mid-2025, when attackers began using multiple flaws in Oracle EBS to gain access to sensitive bus

Hey there, tech enthusiasts and cybersecurity aficionados! If you’re developing apps on a Mac, there’s an emerging digital threat you...