Cyber Security – Page 7 – Simply Secure Group

Attackers Abuse Google AppSheet, Netlify, and Telegram in Facebook Phishing Campaign

A sophisticated cybercriminal operation dubbed “AccountDumpling” has compromised approximately 30,000 Facebook accounts worldwide. Discovered by Guardio Labs, this Vietnamese-linked campaign abuses Google’s AppSheet platform to bypass traditional email security filters. By routing fully authenticated phishing lures through legitimate channels, the attackers successfully harvest credentials and identity documents. These stolen Facebook Business accounts are subsequently monetized […]

EtherRAT Campaign Uses SEO Poisoning and GitHub Facades to Target Enterprise Admins

A new and well-planned malware campaign has been actively targeting enterprise administrators, DevOps engineers, and security analysts by hijacking their everyday search habits. Rather than using mass phishing or broad spam waves, threat actors behind this operation have carefully crafted a delivery chain that puts dangerous software directly in front of high-privilege IT professionals when […]

Ransomware Victims Jump to 7,831 as AI Crime Tools Scale Global Attacks

The ransomware threat has reached a new and alarming level. According to Fortinet’s newly released 2026 Global Threat Landscape Report, the number of confirmed ransomware victims worldwide jumped to 7,831 in 2025, up from roughly 1,600 victims recorded in the previous year’s report. That is a 389% increase year-over-year, a rise that reflects how deeply […]

Qilin Ransomware Enumerates RDP Authentication History on a Compromised Server

Qilin ransomware is one of the most active and damaging threats in the cyber landscape today. The group has steadily evolved its tactics since it first appeared in 2022, and its latest technique of enumerating Remote Desktop Protocol (RDP) authentication history on compromised servers gives it a fast, quiet way to map out a network […]

OpenAI Releases 5-Point Action Plan to Strengthen AI-Powered Cyber Defense

OpenAI has published a comprehensive cybersecurity action plan titled “Cybersecurity in the Intelligence Age: An Action Plan for Democratizing AI-Powered Cyber Defense,” outlining a five-pillar strategy to equip trusted defenders with advanced AI capabilities while preventing adversarial misuse. Artificial intelligence is fundamentally reshaping the cybersecurity landscape and not just for defenders. Malicious actors are already […]

Linux Kernel 0-Day Copy Fail Roots Every Major Distribution Since 2017

A critical zero-day vulnerability in the Linux kernel has been publicly disclosed, enabling any unprivileged local user to obtain root access on virtually every major Linux distribution shipped since 2017. Dubbed “Copy Fail” and tracked as CVE-2026-31431, the flaw was discovered by Theori researcher Taeyang Lee and scaled into a full exploit chain by the […]

SAP npm Packages Compromised to Harvest Developer and CI/CD Secrets

A new supply chain attack dubbed “mini Shai Hulud” has compromised four SAP-related npm packages by injecting malicious preinstall scripts that silently execute during dependency installation, targeting developer environments and CI/CD pipelines to steal credentials across GitHub, npm, and major cloud providers. Security researchers at StepSecurity, Aikido Security, SafeDep, Socket, and Wiz identified that malicious […]

Minecraft Players Targeted by LofyStealer Using Node.js Loader and In-Memory Browser Injection

A dangerous infostealer malware called LofyStealer is actively targeting Minecraft players by disguising itself as a game cheat tool named “Slinky.” The malware runs a two-stage attack that quietly steals sensitive data from popular web browsers while staying largely hidden from standard security software installed on the victim machine. The campaign is notably more sophisticated […]

New BlobPhish Attack Leverages Browser Blob Objects to Steal Users Login Credentials

A sophisticated, memory-resident phishing campaign called BlobPhish, active since October 2024, that exploits browser Blob URL APIs to silently steal credentials from Microsoft 365 users, major U.S. banks, and financial platforms while remaining almost completely invisible to traditional security tools. BlobPhish is a sustained credential-phishing operation that fundamentally changes how phishing pages are delivered to […]

Critical GitHub.com and Enterprise Server RCE Vulnerability Enables Full Server Compromise

A critical remote code execution (RCE) vulnerability tracked as CVE-2026-3854 in GitHub’s internal git infrastructure that could have allowed any authenticated user to compromise backend servers, access millions of private repositories, and, in the case of GitHub Enterprise Server (GHES), achieve full server takeover. Discovered by Wiz researchers through AI-augmented reverse engineering of closed-source compiled […]

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.