%term

The Rise of DLL Side-Loading Cyber Attacks and Browser Data Theft

Jan 23, 2026 By Nima Bagheri In Keeper

Content originally created and published by Venak Security. Cybercriminals are increasingly adopting stealthy and advanced techniques, notably Dynamic-Link Library (DLL) side-loading and browser memory scraping, to install malware that stealthily harvests users’ passwords, credit card data, cookies, session tokens and more. These attacks blend social engineering, search manipulation and memory-level exploitation to bypass traditional defenses and compromise victims at scale.

Read Post

Keeper

Read more about The Rise of DLL Side-Loading Cyber Attacks and Browser Data Theft

Breach and Attack Simulation (BAS)-The Hacker's Playbook

Jan 22, 2026 By SafeBreach In SafeBreach

Breach and attack simulation (BAS) as a foundational check, Hacker's Playbook, and continuous automated red teaming (CART) for offensive testing. Validating tools and detecting the human behind cyber attacks.

View Video

SafeBreach

Read more about Breach and Attack Simulation (BAS)-The Hacker's Playbook

Anatomy of a Vishing Attack: Technical Indicators IT Managers Need to Track

Jan 21, 2026 By Lookout In Lookout

If your organization hasn’t encountered a vishing attack yet, it’s probably only a matter of time. Vishing, or voice phishing, is a sophisticated type of social engineering that adds a whole new dimension to common scams. Rather than emails or text messages, threat actors employ phone calls or online voice calls to carry out vishing schemes. Particularly savvy attackers can even copy a real person’s voice to deceive, coerce, or manipulate potential victims.

Read Post

Lookout

Read more about Anatomy of a Vishing Attack: Technical Indicators IT Managers Need to Track

8 Ways Organizations Reduce Exposure to Social Engineering Attacks

Jan 19, 2026 By SafeAeon Inc. In SafeAeon

It is not always malware or a sophisticated tool that results in cyber threats. Sometimes, this happens through a convincing email or a request that appears trustworthy. There have been occasions where attackers created a moment of urgency to lead someone into clicking, sharing, or approving without realizing the consequences. This is social engineering. Social engineering threats are becoming more dangerous.

Read Post

SafeAeon

Read more about 8 Ways Organizations Reduce Exposure to Social Engineering Attacks

RondoDox Botnet: How 90,000+ Servers Were Hijacked Silently

Jan 16, 2026 By Indusface In Indusface

90,000+ servers compromised. No ransomware. No alerts. RondoDox exploited the Next.js React2Shell flaw to silently recruit unpatched apps into a botnet—deploying cryptominers and DDoS payloads. This is how modern botnets grow, and why app-layer bot protection matters.

View Video

Indusface

Read more about RondoDox Botnet: How 90,000+ Servers Were Hijacked Silently

The Continuing Risk of Remote Code Execution

Jan 16, 2026 By Arctic Wolf In Arctic Wolf

In 2025, there were more than 48,000 vulnerabilities published, amounting to over a 20% increase from 2024. More troubling than the sheer volume of vulnerabilities in 2025 is that more than a third of them were given a rating of “high” or “critical” severity. For security teams already stretched too thin, a proactive vulnerability management plan that patches or otherwise remediates all vulnerabilities is too far out of reach.

Read Post

Arctic Wolf

Read more about The Continuing Risk of Remote Code Execution

What Hackers Know About Fileless Malware (And You Should Too)

Jan 16, 2026 By SecuritySenses In SecuritySenses

Fileless malware doesn't rely on flashy exploits or obvious downloads, which is exactly why it works so well. Instead, it slips into systems quietly, using tools that already belong there. That makes it harder to notice and easier to underestimate. If you think security threats always arrive as suspicious files, you're already behind. Understanding how fileless attacks operate helps you spot warning signs earlier and adjust defenses before real damage starts.

Read Post

SecuritySenses

Read more about What Hackers Know About Fileless Malware (And You Should Too)

2026 Study from Panorays: 85% of CISOs Can't See Third-Party Threats Amid Increasing Supply Chain Attacks

Jan 14, 2026 By Panorays

Panorays, a leading provider of third-party security risk management software, has released the 2026 edition of its annual CISO Survey for Third-Party Cyber Risk Management. The survey highlights third-party cyber risk as one of the most critical challenges facing security leaders today, driven largely by a lack of visibility. While 60% of CISOs report an increase in third-party security incidents, only 15% say they have full visibility into those risks.

Read Post

Read more about 2026 Study from Panorays: 85% of CISOs Can't See Third-Party Threats Amid Increasing Supply Chain Attacks

Critical servers under attack: Why backup isn't enough in 2026

Jan 13, 2026 By Subramani Rao In Acronis

Do you know what it takes to launch a retail website that neatly organizes products and enables customers to add items to their carts with a single click? Do you know what powers the booking system your clients rely on? What is the hidden engine that manages your clients’ logistics, controls their supply chain, processes invoices and stores data for analytics and compliance? These are the systems MSPs are trusted to keep running every day. Critical servers.

Read Post

Acronis

Read more about Critical servers under attack: Why backup isn't enough in 2026

Why Physical Infrastructure Still Matters in a Cyber World

Jan 13, 2026 By SecuritySenses In SecuritySenses

As organizations accelerate cloud adoption and digital transformation, it's tempting to think physical infrastructure is becoming less important. Software-defined networks, virtual machines, and remote access tools dominate security conversations. Yet the reality is more nuanced. Digital systems still rely on physical foundations, and when those foundations fail, even the most sophisticated cyber defenses can unravel.

Read Post