Cyber Security – Page 3 – Simply Secure Group

Synology DiskStation Manager Vulnerability Allow Remote Attackers to Execute Arbitrary Commands

A critical security advisory has been issued for a severe vulnerability in DiskStation Manager (DSM) that allows unauthenticated remote attackers to execute arbitrary commands. Given the widespread use of Synology network-attached storage (NAS) systems for enterprise backups and data management, network administrators are strongly urged to apply the available patches immediately. Tracked as CVE-2026-32746, the […]

Ghost SPN Attack Lets Hackers Conduct Stealthy Kerberoasting Under the Radar

A sophisticated evolution of Kerberoasting dubbed the “Ghost SPN” attack that allows adversaries to extract Active Directory credentials while erasing all traces of their activity, rendering traditional detection models effectively blind to the intrusion. The attack revealed by Trellix security researchers utilizes delegated administrative permissions, creating temporary exposure windows. Kerberoasting is a well-documented post-exploitation technique […]

China-Linked Hackers Breach Southeast Asian Military Systems in Long-Running Spy Campaign

A sophisticated and long-running cyber espionage campaign, tracked as CL-STA-1087, has been quietly targeting military organizations across Southeast Asia since at least 2020. The operation, assessed with moderate confidence to be linked to a China-aligned threat actor, focuses on collecting strategic and operational intelligence rather than simply stealing large amounts of data. The attackers prioritized staying […]

SmartApeSG ClickFix Campaign Delivers Remcos, NetSupport RAT, StealC and Sectop RAT

A threat campaign known as SmartApeSG — also tracked under the names ZPHP and HANEYMANEY — has been observed pushing multiple strains of malware through a social engineering technique called ClickFix. The campaign, active as recently as March 24, 2026, delivered four separate malware payloads to a single infected host in one session: Remcos RAT, […]

FCC Blocks Foreign-made Consumer Routers Over Security Risks

The Federal Communications Commission (FCC) announced a major update to its Covered List, officially prohibiting the approval of new consumer-grade network routers produced in foreign countries. This regulatory action prevents these new devices from entering the United States market by denying them the required FCC equipment authorization. The decision stems from a determination by a […]

HackerOne Data Breach Employees Data Stolen Following Navia Hack

HackerOne recently disclosed a data breach affecting 287 of its employees following a cyberattack on its U.S. benefits administrator, Navia Benefit Solutions. The breach stemmed from a Broken Object Level Authorization (BOLA) vulnerability in Navia’s API, which exposed the sensitive personal and health information of approximately 2.7 million individuals nationwide. An unknown threat actor exploited […]

Google Forms Job Lures Deliver PureHVNC in New Multi-Stage Malware Campaign

Attackers have found a new way to push malware by weaponizing one of the most trusted everyday tools — Google Forms. A newly identified campaign is exploiting business-themed lures, including fake job interviews, project briefs, and financial documents, to deliver a Remote Access Trojan (RAT) known as PureHVNC onto victim machines. What sets this campaign […]

Hackers Attacking Android Users With Fake ChatGPT Invites to Deploy Malware

Cybercriminals have set their sights on Android users through a well-crafted phishing scheme that disguises malicious applications as beta-testing opportunities for ChatGPT and Meta advertising tools. What appears to be a legitimate app-testing invitation turns out to be a carefully planned attempt to steal Facebook credentials and seize full control of user accounts. This campaign […]

Tax-Themed Google Ads Lead to BYOVD EDR Killer in Huntress-Traced Malvertising Campaign

Every April, millions of Americans rush to file taxes before the deadline — and attackers count on it. A large-scale malvertising campaign, active since at least January 2026, has been exploiting that urgency by placing fake tax form pages through Google Ads, ultimately deploying a kernel-mode EDR killer on victim machines. The campaign targeted U.S. […]

Oblivion RAT Turns Fake Play Store Updates Into a Full-Service Android Spyware Operation

A newly discovered Android remote access trojan known as Oblivion RAT has emerged on cybercrime networks as a complete malware-as-a-service (MaaS) platform, turning fake Google Play Store update pages into a full-scale spyware operation. First reported by Certo Software, the threat has drawn attention because of how polished and ready-to-deploy the operation is, covering everything […]

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.