2025 January(178) February(102) March(349) April(112) May(0) June(0) July(0) August(0) September(0)
DATE | NAME | Info |
CATEG. |
WEB |
|
31.3.25 |
Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images | Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and | Exploit | |
|
31.3.25 |
Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine | Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT . "The file names use | Virus | The Hacker News |
|
31.3.25 |
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation | Virus | The Hacker News |
|
30.3.25 |
U.S. seized $8.2 million in crypto linked to 'Romance Baiting' scams | The U.S. Department of Justice (DOJ) has seized over $8.2 million worth of USDT (Tether) cryptocurrency that was stolen via 'romance baiting' scams. | Cryptocurrency | |
|
30.3.25 |
Retail giant Sam’s Club investigates Clop ransomware breach claims | Sam's Club, an American warehouse supermarket chain owned by U.S. retail giant Walmart, is investigating claims of a Clop ransomware breach. | Ransom | |
|
30.3.25 |
OpenAI now pays researchers $100,000 for critical vulnerabilities | Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for "exceptional and differentiated" critical security vulnerabilities from $20,000 to $100,000. | AI | |
|
30.3.25 |
Phishing-as-a-service operation uses DNS-over-HTTPS for evasion | A newly discovered phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to evade detection. | Phishing | |
|
30.3.25 |
Microsoft fixes button that restores classic Outlook client | Microsoft resolved an issue that caused the new Outlook email client to crash when users clicked a button designed to switch back to classic Outlook. | Vulnerebility | |
|
30.3.25 |
New Ubuntu Linux security bypasses require manual mitigations | Three security bypasses have been discovered in Ubuntu Linux's unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components. | Exploit | |
|
30.3.25 |
Oracle Health breach compromises patient data at US hospitals | A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers. | Incindent | |
|
30.3.25 |
Microsoft fixes Remote Desktop issues caused by Windows updates | Microsoft has fixed a known issue that caused problems with Remote Desktop and RDS connections after installing Windows updates released since January 2025. | OS | |
|
30.3.25 |
Hijacked Microsoft web domain injects spam into SharePoint servers | The legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all SharePoint sites with old embedded videos to display it as spam. | Hack | |
|
30.3.25 |
Infostealer campaign compromises 10 npm packages, targets devs | Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems. | Virus | |
|
30.3.25 |
Chinese FamousSparrow hackers deploy upgraded malware in attacks | A China-linked cyberespionage group known as 'FamousSparrow' was observed using a new modular version of its signature backdoor 'SparrowDoor' against a US-based trade organization. | Virus | |
|
30.3.25 |
Windows 11 KB5053656 update released with 38 changes and fixes | Microsoft has released the KB5053656 preview cumulative update for Windows 11 24H2 with 38 changes, including real-time translation on AMD and Intel-powered Copilot+ PCs and fixes for authentication and blue-screen issues. | OS | |
|
30.3.25 |
The 4 WordPress flaws hackers targeted the most in Q1 2025 | A new report sheds light on the most targeted WordPress plugin vulnerabilities hackers used in the first quarter of 2025 to compromise sites. | Vulnerebility | |
|
30.3.25 |
Mozilla warns Windows users of critical Firefox sandbox escape flaw | Mozilla has released Firefox 136.0.4 to patch a critical security vulnerability that can let attackers escape the web browser's sandbox on Windows systems. | Vulnerebility | |
|
30.3.25 |
Recent Windows Server 2025 updates cause Remote Desktop freezes | Microsoft says a known issue is causing Remote Desktop freezes on Windows Server 2025 systems after installing security updates released since the February 2025 Patch Tuesday. | OS | |
|
30.3.25 |
Vivaldi integrates Proton VPN into the browser to fight web tracking | Vivaldi has announced the integration of Proton VPN directly into its browser without requiring add-on downloads or plugin activations, allowing users to protect their data against 'Big Tech' surveillance for free. | Safety | |
|
30.3.25 |
Dozens of solar inverter flaws could be exploited to attack power grids | Dozens of vulnerabilities in products from three leading makers of solar inverters, Sungrow, Growatt, and SMA, could be exploited to control devices or execute code remotely on the vendor's cloud platform. | Vulnerebility | |
|
30.3.25 |
UK fines software provider £3.07 million for 2022 ransomware breach | The UK Information Commissioner's Office (ICO) has fined Advanced Computer Software Group Ltd £3.07 million over a 2022 ransomware attack that exposed the sensitive personal data of 79,404 people, including National Health Service (NHS) patients. | Ransom | |
|
30.3.25 |
Oracle customers confirm data stolen in alleged cloud breach is valid | Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid. | Incindent | |
|
29.3.25 |
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials | Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey. | Virus | |
|
29.3.25 |
BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability | In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called | Ransom | The Hacker News |
|
29.3.25 |
StreamElements discloses third-party data breach after hacker leaks data | Cloud-based streaming company StreamElements confirms it suffered a data breach at a third-party service provider after a threat actor leaked samples of stolen data on a hacking forum. | Incindent | |
|
29.3.25 |
New Atlantis AIO platform automates credential stuffing on 140 services | A new cybercrime platform named 'Atlantis AIO' provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs. | CyberCrime | |
|
29.3.25 |
Claude is testing ChatGPT-like Deep Research feature Compass | Claude could be getting a ChatGPT-like Deep Research feature called Compass. You can tell Claude's Compass what you need, and the AI agent will take care of everything. | AI | |
|
29.3.25 |
Microsoft fixes printing issues caused by January Windows updates | Microsoft has fixed a known issue causing some USB printers to start printing random text after installing Windows updates released since late January 2025. | Vulnerebility | |
|
29.3.25 |
RedCurl cyberspies create ransomware to encrypt Hyper-V servers | A threat actor named 'RedCurl,' known for stealthy corporate espionage operations since 2018, is now using a ransomware encryptor designed to target Hyper-V virtual machines. | Ransom | |
|
29.3.25 |
Microsoft: Recent Windows updates cause Remote Desktop issues | Microsoft says that some customers might experience Remote Desktop and RDS connection issues after installing recent Windows updates released since January 2025. | OS | |
|
29.3.25 |
New npm attack poisons local packages with backdoors | Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. | Attack | |
|
29.3.25 |
Juniper Routers, Network Devices Targeted with Custom Backdoors | Backdoored Juniper networking devices are at the center of two major cybersecurity stories that highlight the ongoing vulnerability and active targeting of network infrastructure by cyber adversaries. | Hacking blog | |
|
29.3.25 |
CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin | Trend Research identified Russian threat actor Water Gamayun exploiting CVE-2025-26633, a zero-day vulnerability in the Microsoft Management Console that attackers exploit to execute malicious code and exfiltrate data. | Vulnerebility blog | |
|
29.3.25 |
A Deep Dive into Water Gamayun’s Arsenal and Infrastructure | Trend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management Console framework (CVE-2025-26633) to execute malicious code on infected machines. | Vulnerebility blog | |
|
29.3.25 |
Trend Cybertron: Full Platform or Open-Source? | Previously exclusive to Trend Vision One customers, select Trend Cybertron models, datasets and agents are now available via open-source. Build advanced security solutions and join us in developing the next generation of AI security technology. | Cyber blog | |
|
29.3.25 |
Critical Strapi Vulnerability Allows RCE via Server-Side Template Injection | The SonicWall Capture Labs threat research team became aware of the threat CVE-2025-24813, assessed its impact and developed mitigation measures for the vulnerability. | Vulnerebility blog | SonicWall |
|
29.3.25 |
MoDiRAT Malware Uses Horus Protector to Target France | The SonicWall Capture Labs threat research team has identified a new development in the Horus Protector distributed infection chain. Recently, it has been targeting the French region with MoDiRAT, a malware notorious for stealing credit card and other victim information. | Malware blog | SonicWall |
|
29.3.25 |
Critical Apache Tomcat RCE Vulnerability (CVE-2025-24813) Under Active Exploitation | The SonicWall Capture Labs threat research team became aware of the threat CVE-2025-24813, assessed its impact and developed mitigation measures for the vulnerability. | Vulnerebility blog | SonicWall |
|
29.3.25 |
Cloud Threats on the Rise: Alert Trends Show Intensified Attacker Focus on IAM, Exfiltration | The attacks against cloud-hosted infrastructure are increasing, and the proof is in the analysis of security alert trends. Recent research reveals that organizations saw nearly five times as many daily cloud-based alerts at the end of 2024 compared to the start of the year. This means attackers have significantly intensified their focus on targeting and breaching cloud infrastructure. | Hacking blog | Palo Alto |
|
29.3.25 |
VanHelsing, new RaaS in Town | In recent weeks, a new and rapidly expanding ransomware-as-a-service (RaaS) program called VanHelsingRaaS has been making waves in the cybercrime world. Launched on March 7, 2025, this service has already demonstrated its rapid growth and deadly potential, having infected three victims within just two weeks of its introduction | Ransom blog | Checkpoint |
|
29.3.25 |
Gamaredon campaign abuses LNK files to distribute Remcos backdoor | Cisco Talos is actively tracking an ongoing campaign, targeting users in Ukraine with malicious LNK files which run a PowerShell downloader since at least November 2024. | Malware blog | Cisco Blog |
|
29.3.25 |
Money Laundering 101, and why Joe is worried | In this blog post, Joe covers the very basics of money laundering, how it facilitates ransomware cartels, and what the regulatory future holds for cybercrime. | Cyber blog | Cisco Blog |
|
29.3.25 |
Making it stick: How to get the most out of cybersecurity training | Security awareness training doesn’t have to be a snoozefest – games and stories can help instill ‘sticky’ habits that will kick in when a danger is near | Cyber blog | Eset |
|
29.3.25 |
RansomHub affiliates linked to rival RaaS gangs | ESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutions | Ransom blog | |
|
29.3.25 |
FamousSparrow resurfaces to spy on targets in the US, Latin America | Once thought to be dormant, the China-aligned group has also been observed using the privately-sold ShadowPad backdoor for the first time | APT blog | |
|
29.3.25 |
Shifting the sands of RansomHub’s EDRKillShifter | Ransom blog | ||
|
29.3.25 |
You will always remember this as the day you finally caught FamousSparrow | ESET researchers uncover the toolset used by the FamousSparrow APT group, including two undocumented versions of the group’s signature backdoor, SparrowDoor | APT blog | |
|
29.3.25 |
Prevent Web Scraping by Applying the Pyramid of Pain | The Bots Pyramid of Pain: a framework for effective bot defense. | BotNet blog | |
|
29.3.25 |
2025 Advanced Persistent Bot Report: Scraper Bots Deep-Dive | The 2025 Advanced Persistent Bot (APB) Report covers all bot types, across all industries, at a high level. But web scrapers, in particular, are a persistent threat, growing even more so with the seemingly infinite appetite of generative AI platforms. | BotNet blog | |
|
29.3.25 |
2025 Advanced Persistent Bots Report | Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses. | BotNet blog | |
|
29.3.25 |
The Curious Case of PlayBoy Locker | Cybereason issues Threat Analysis reports to investigate emerging threats and provide practical recommendations for protecting against them. | Ransom blog | Cybereason |
|
29.3.25 |
An analysis of the NSO BLASTPASS iMessage exploit | On September 7, 2023 Apple issued an out-of-band security update for iOS | Exploit blog | Project Zero |
|
28.3.25 |
Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA | Cybersecurity researchers have disclosed 46 new security flaws in products from three solar inverter vendors, Sungrow, Growatt, and SMA, that could be exploited | Vulnerebility | The Hacker News |
|
28.3.25 |
CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection | Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that's designed to download and execute secondary | Virus | The Hacker News |
|
28.3.25 |
Windows 11 update breaks Veeam recovery, causes connection errors | Microsoft and Veeam are investigating a known issue that triggers connection errors on Windows 11 24H2 systems when restoring from Veeam Recovery Media. | Vulnerebility | |
|
28.3.25 |
Google fixes Chrome zero-day exploited in espionage campaign | Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser's sandbox and deploy malware in espionage attacks targeting Russian media outlets and government organizations. | Vulnerebility | |
|
28.3.25 |
CrushFTP warns users to patch unauthenticated access flaw immediately | CrushFTP warned customers of an authentication bypass security vulnerability and urged them to patch their servers immediately. | Vulnerebility | |
|
28.3.25 |
Cloudflare R2 service outage caused by password rotation error | Cloudflare has announced that its R2 object storage and dependent services experienced an outage lasting 1 hour and 7 minutes, causing 100% write and 35% read failures globally. | Vulnerebility | |
|
28.3.25 |
Broadcom warns of authentication bypass in VMware Windows Tools | Broadcom released security updates today to fix a high-severity authentication bypass vulnerability in VMware Tools for Windows. | Vulnerebility | |
|
28.3.25 |
New Windows zero-day leaks NTLM hashes, gets unofficial patch | Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer. | Vulnerebility | |
|
28.3.25 |
EncryptHub linked to MMC zero-day attacks on Windows systems | A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month. | Exploit | |
|
28.3.25 |
Browser-in-the-Browser attacks target CS2 players' Steam accounts | A new phishing campaign targets Counter-Strike 2 players utilizing Browser-in-the-Browser (BitB) attacks that display a realistic window that mimics Steam's login page. | Hack | |
|
28.3.25 |
New Android malware uses Microsoft’s .NET MAUI to evade detection | New Android malware campaigns use Microsoft's cross-platform framework .NET MAUI while disguising as legitimate services to evade detection. | Virus | |
|
28.3.25 |
23andMe files for bankruptcy, customers advised to delete DNA data | California-based genetic testing provider 23andMe has filed for Chapter 11 bankruptcy and plans to sell its assets following years of financial struggles. | Incindent | BleepingComputer |
|
28.3.25 |
New VanHelsing ransomware targets Windows, ARM, ESXi systems | A new multi-platform ransomware-as-a-service (RaaS) operation named VanHelsing has emerged, targeting Windows, Linux, BSD, ARM, and ESXi systems. | Ransom | BleepingComputer |
|
28.3.25 |
PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps | An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise | Virus | The Hacker News |
|
28.3.25 |
Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts | Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as | Cryptocurrency | The Hacker News |
|
28.3.25 |
Mozilla Patches Critical Firefox Bug Similar to Chrome's Recent Zero-Day Vulnerability | Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in | Vulnerebility | The Hacker News |
|
28.3.25 |
New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims' DNS Email Records | Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System ( DNS ) mail exchange ( MX ) | Phishing | The Hacker News |
|
28.3.25 |
Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks | A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa , BianLian , and Play . The connection | Ransom | The Hacker News |
|
27.3.25 |
APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware | An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and | APT | The Hacker News |
|
27.3.25 |
New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It | Whether it's CRMs, project management tools, payment processors, or lead management tools - your workforce is using SaaS applications by the pound. | Vulnerebility | The Hacker News |
|
27.3.25 |
150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms | An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has | Hack | The Hacker News |
|
27.3.25 |
CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) | Vulnerebility | The Hacker News |
|
27.3.25 |
NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems | A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation. SnapCenter is an | Vulnerebility | The Hacker News |
|
27.3.25 |
New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations | The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in | APT | The Hacker News |
|
26.3.25 |
Cyberattack takes down Ukrainian state railway’s online services | Ukrzaliznytsia, Ukraine's national railway operator, has been hit by a massive cyberattack that disrupted online services for buying tickets both through mobile apps and the website. | BigBrothers | |
|
26.3.25 |
DrayTek routers worldwide go into reboot loops over weekend | Many Internet service providers (ISPs) worldwide are alerting customers of an outage that started Saturday night and triggered DrayTek router connectivity problems. | Vulnerebility | |
|
26.3.25 |
Chinese Weaver Ant hackers spied on telco network for 4 years | A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers. | Virus | |
|
26.3.25 |
Police arrests 300 suspects linked to African cybercrime rings | African law enforcement authorities have arrested 306 suspects as part of 'Operation Red Card,' an INTERPOL-led international crackdown targeting cross-border cybercriminal networks. | CyberCrime | |
|
26.3.25 |
Critical flaw in Next.js lets hackers bypass authorization | A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. | Vulnerebility | |
|
26.3.25 |
FBI warnings are true—fake file converters do push malware | The FBI is warning that fake online document converters are being used to steal people's information and, in worst-case scenarios, lead to ransomware attacks. | BigBrothers | BleepingComputer |
|
26.3.25 |
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware | The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of | Exploit | The Hacker News |
|
26.3.25 |
RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment | The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor's | Virus | The Hacker News |
|
26.3.25 |
Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks | Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring | Virus | The Hacker News |
|
26.3.25 |
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks | Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of | Exploit | The Hacker News |
|
26.3.25 |
Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms | Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal | CyberCrime | The Hacker News |
|
26.3.25 |
New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround | Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked | Vulnerebility | The Hacker News |
|
25.3.25 |
Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker | A new investigation has unearthed nearly 200 unique command-and-control (C2) domains associated with a malware called Raspberry Robin . "Raspberry Robin (also known as Roshtyak or Storm-0856) is a complex and evolving threat actor | Hack | The Hacker News |
|
25.3.25 |
Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years | A major telecommunications company located in Asia was allegedly breached by Chinese state-sponsored hackers who spent over four years inside its systems, | BigBrothers | The Hacker News |
|
25.3.25 |
Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps | Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft's .NET Multi-platform App UI (.NET MAUI) framework to | CyberCrime | The Hacker News |
|
25.3.25 |
INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust | Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices as part of an international operation | CyberCrime | The Hacker News |
|
25.3.25 |
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication | A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code | Vulnerebility | The Hacker News |
|
25.3.25 |
SANS Institute Warns of Novel Cloud-Native Ransomware Attacks | The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to | Ransom | The Hacker News |
|
25.3.25 |
Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks | Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser. The native data security | AI | The Hacker News |
|
24.3.25 |
VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics | A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025. "The RaaS model allows | Ransom | The Hacker News |
|
24.3.25 |
VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware | Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that's | Ransom | The Hacker News |
|
24.3.25 |
Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks | A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain | Vulnerebility | The Hacker News |
|
23.3.25 |
Cloudflare now blocks all unencrypted traffic to its API endpoints | Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com. | Security | |
|
23.3.25 |
Microsoft Trust Signing service abused to code-sign malware | Cybercriminals are abusing Microsoft's Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. | Virus | |
|
23.3.25 |
Coinbase was primary target of recent GitHub Actions breaches | Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. | Cryptocurrency | |
|
23.3.25 |
Oracle denies breach after hacker claims theft of 6 million data records | Oracle denies it was breached after a threat actor claimed to be selling 6 million data records allegedly stolen from the company's Oracle Cloud federated SSO login servers | Incindent | |
|
23.3.25 |
Fake Semrush ads used to steal SEO professionals’ Google accounts | A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials. | Phishing | |
|
23.3.25 |
Microsoft: Exchange Online bug mistakenly quarantines user emails | Microsoft is investigating an Exchange Online bug causing anti-spam systems to mistakenly quarantine some users' emails. | Security | |
|
23.3.25 |
US removes sanctions against Tornado Cash crypto mixer | The U.S. Department of Treasury announced today that it has removed sanctions against the Tornado Cash cryptocurrency mixer, which North Korean Lazarus hackers used to launder hundreds of millions stolen in multiple crypto heists. | APT | |
|
23.3.25 |
Steam pulls game demo infecting Windows with info-stealing malware | Valve has removed a game titled 'Sniper: Phantom's Resolution' from the Steam store following multiple user reports that indicated its demo installer actually infected their systems with information stealing malware. | Virus | |
|
23.3.25 |
Veeam RCE bug lets domain users hack backup servers, patch now | Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. | Vulnerebility | |
|
23.3.25 |
Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed | The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source | Hack | The Hacker News |
|
23.3.25 |
CISA tags NAKIVO backup flaw as actively exploited in attacks | CISA has warned U.S. federal agencies to secure their networks against attacks exploiting a high-severity vulnerability in NAKIVO's Backup & Replication software. | BigBrothers | |
|
23.3.25 |
VSCode extensions found downloading early-stage ransomware | Two malicious VSCode Marketplace extensions were found deploying in-development ransomware from a remote server, exposing critical gaps in Microsoft's review process. | Ransom | |
|
23.3.25 |
Critical Cisco Smart Licensing Utility flaws now exploited in attacks | Attackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. | Exploit | |
|
23.3.25 |
RansomHub ransomware uses new Betruger ‘multi-function’ backdoor | Security researchers have linked a new backdoor dubbed Betruger, deployed in several recent ransomware attacks, to an affiliate of the RansomHub operation. | Ransom | |
|
23.3.25 |
UK urges critical orgs to adopt quantum cryptography by 2035 | The UK's National Cyber Security Centre (NCSC) has published specific timelines on migrating to post-quantum cryptography (PQC), dictating that critical organizations should complete migration by 2035 | BigBrothers | |
|
22.3.25 |
WordPress security plugin WP Ghost vulnerable to remote code execution bug | Popular WordPress security plugin WP Ghost is vulnerable to a critical severity flaw that could allow unauthenticated attackers to remotely execute code and hijack servers. | Vulnerebility | |
|
22.3.25 |
GitHub Action supply chain attack exposed secrets in 218 repos | The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to the supply chain attack. | Hack | |
|
22.3.25 |
HellCat hackers go on a worldwide Jira hacking spree | Swiss global solutions provider Ascom has confirmed a cyberattack on its IT infrastructure as a hacker group known as Hellcat targets Jira servers worldwide using compromised credentials. | Hack | |
|
22.3.25 |
Malware campaign 'DollyWay' breached 20,000 WordPress sites | A malware operation dubbed 'DollyWay' has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. | Hack | |
|
22.3.25 |
Kali Linux 2025.1a released with 1 new tool, annual theme refresh | Kali Linux has released version 2025.1a, the first version of 2025, with one new tool, desktop changes, and a theme refresh. | OS | |
|
22.3.25 |
Pennsylvania education union data breach hit 500,000 people | The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying over half a million individuals that attackers stole their personal information in a July 2024 security breach. | Incindent | |
|
22.3.25 |
Ukrainian military targeted in new Signal spear-phishing attacks | Ukraine's Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and members of the country's army forces. | BigBrothers | |
|
22.3.25 |
New Arcane infostealer infects YouTube, Discord users via game cheats | A newly discovered information-stealing malware called Arcane is stealing extensive user data, including VPN account credentials, gaming clients, messaging apps, and information stored in web browsers. | Virus | |
|
22.3.25 |
Click Profit blocked by the FTC over alleged e-commerce scams | The US Federal Trade Commission (FTC) has taken action against the "Click Profit" business opportunity platform for allegedly earning $14 million while deceiving consumers with false promises of guaranteed passive income through online stores. | BigBrothers | |
|
22.3.25 |
WhatsApp patched zero-click flaw exploited in Paragon spyware attacks | WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon's Graphite spyware following reports from security researchers at the University of Toronto's Citizen Lab. | Social | |
|
22.3.25 |
Sperm donation giant California Cryobank warns of a data breach | US sperm donor giant California Cryobank is warning customers it suffered a data breach that exposed customers' personal information. | Incindent | |
|
22.3.25 |
GitHub Action hack likely led to another in cascading supply chain attack | A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that leaked CI/CD secrets. | Hack | |
|
22.3.25 |
Western Alliance Bank notifies 21,899 customers of data breach | Arizona-based Western Alliance Bank is notifying nearly 22,000 customers their personal information was stolen in October after a third-party vendor's secure file transfer software was breached. | Incindent | BleepingComputer |
|
22.3.25 |
Malicious Android 'Vapor' apps on Google Play installed 60 million times | Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information. | Virus | |
|
22.3.25 |
New Windows zero-day exploited by 11 state hacking groups since 2017 | At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017 | Exploit | |
|
22.3.25 |
Google to purchase Wiz for $32 billion in cloud security play | Google has announced it entered into a definitive agreement to acquire Wiz, a leading cloud security platform, for $32 billion in an all-cash transaction. | Vulnerebility | BleepingComputer |
|
22.3.25 |
Critical AMI MegaRAC bug can let attackers hijack, brick servers | A new critical severity vulnerability found in American Megatrends International's MegaRAC Baseboard Management Controller (BMC) software can let attackers hijack and potentially brick vulnerable servers. | Vulnerebility | BleepingComputer |
|
22.3.25 |
U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe | The U.S. Treasury Department has announced that it's removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the | BigBrothers | The Hacker News |
|
22.3.25 |
Albabat Ransomware Group Potentially Expands Targets to Multiple OS, Uses GitHub to Streamline Operations | Trend Research encounters new versions of the Albabat ransomware, which appears to target Windows, Linux, and macOS devices. We also reveal the group’s use of GitHub to streamline their ransomware operation. | Ransom blog | |
|
22.3.25 |
ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns | Trend Zero Day Initiative™ (ZDI) uncovered both state-sponsored and cybercriminal groups extensively exploiting ZDI-CAN-25373, a Windows .lnk file vulnerability that enables hidden command execution. | Vulnerebility blog | |
|
22.3.25 |
SonicWall Detects Credential-Stealing SVG File in Phishing Campaign | This week, the SonicWall Capture Labs threat research team performed an analysis of a phishing email that included an SVG file attachment, which contains HTML and JavaScript code designed to capture user credentials. | Phishing blog | SonicWall |
|
22.3.25 |
WormLocker Ransomware Resurfaces: Infection Cycle, Encryption Tactics, and Prevention | WormLocker was first spotted in late 2020. Since its discovery, it has been observed spreading through phishing emails and exploiting vulnerabilities. The SonicWall Capture Labs threat research team has received what appears to be a more recent sample of this ransomware. Given the dynamic nature of ransomware threats, this might signify its potential resurgence. | Ransom blog | SonicWall |
|
22.3.25 |
Microsoft Security Bulletin Coverage for March 2025 | Microsoft’s March 2025 Patch Tuesday has 56 vulnerabilities, of which 23 are Remote Code Execution. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of March 2025 and has produced coverage for 10 of the reported vulnerabilities. | Vulnerebility blog | SonicWall |
|
22.3.25 |
GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the | Updated March 20: The recent compromise of the GitHub action tj-actions/changed-files and additional actions within the reviewdog organization has captured the attention of the GitHub community, marking another major software supply chain attack. Our team conducted an in-depth investigation into this incident and uncovered many more details about how the attack occurred and its timeline. | Cryptocurrency blog | Palo Alto |
|
22.3.25 |
UAT-5918 targets critical infrastructure entities in Taiwan | UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in victim environments for information theft and credential harvesting. | BigBrother blog | Cisco Blog |
|
22.3.25 |
Operation FishMedley | ESET researchers detail a global espionage operation by FishMonger, the APT group run by I‑SOON | Cyber blog | Eset |
|
22.3.25 |
MirrorFace updates toolset, expands targeting to Europe | The group's Operation AkaiRyū begins with targeted spearphishing emails that use the upcoming World Expo | Cyber blog | |
|
22.3.25 |
Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor | ESET researchers uncovered MirrorFace activity that expanded beyond its usual focus on Japan and targeted a Central European diplomatic institute with the ANEL backdoor | Cyber blog | |
|
22.3.25 |
AI's biggest surprises of 2024 | Unlocked 403 cybersecurity podcast (S2E1) | Here's what's been hot on the AI scene over the past 12 months, how it's changing the face of warfare, and how you can fight AI-powered scams | AI blog | |
|
22.3.25 |
Analysis of Black Basta Ransomware Chat Leaks | Trellix obtained access to Black Basta's chat leaks at the end of February 2025 and immediately began analyzing the chat logs. Given that Black Basta is a rebrand of Conti RaaS, our approach mirrored that which we took in Conti Leaks: Examining the Panama Papers of Ransomware. | Ransom blog | Trelix |
|
21.3.25 |
UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools | Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. "UAT-5918, a | BigBrothers | The Hacker News |
|
21.3.25 |
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates | The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a | Ransom | The Hacker News |
|
21.3.25 |
China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families | The China-linked advanced persistent threat (APT) group. known as Aquatic Panda has been linked to a "global espionage campaign" that took place in 2022 targeting | APT | The Hacker News |
|
21.3.25 |
Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers | Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to target Russian entities, new findings from Kaspersky reveal. "Head | BigBrothers | The Hacker News |
|
21.3.25 |
Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility | Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center . The | Exploit | The Hacker News |
|
21.3.25 |
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users | YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking | Virus | The Hacker News |
|
21.3.25 |
Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems | Veeam has released security updates to address a critical security flaw impacting its Backup & Replication software that could lead to remote code execution. The | Vulnerebility | The Hacker News |
|
20.3.25 |
Blockchain gaming platform WEMIX hacked to steal $6.1 million | Blockchain gaming platform WEMIX suffered a cyberattack last month, allowing threat actors to steal 8,654,860 WEMIX tokens, valued at approximately $6,100,000 at the time. | Cryptocurrency | |
|
20.3.25 |
Telegram CEO leaves France temporarily as criminal probe continues | French authorities have allowed Pavel Durov, Telegram's CEO and founder, to temporarily leave the country while criminal activity on the messaging platform is still under investigation. | Social | |
|
20.3.25 |
Microsoft: New RAT malware used for crypto theft, reconnaissance | Microsoft has discovered a new remote access trojan (RAT) that employs "sophisticated techniques" to avoid detection, maintain persistence, and extract sensitive data. | Virus | |
|
20.3.25 |
OKX suspends DEX aggregator after Lazarus hackers try to launder funds | OKX Web3 has decided to suspend its DEX aggregator services to implement security upgrades following reports of abuse by the notorious North Korean Lazarus hackers, who recently conducted a $1.5 billion crypto heist. | APT | |
|
20.3.25 |
Supply chain attack on popular GitHub Action exposes CI/CD secrets | A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs. | Hack | |
|
20.3.25 |
Critical RCE flaw in Apache Tomcat actively exploited in attacks | A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. | Exploit | |
|
20.3.25 |
Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts | A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full control over their accounts and code. | CyberCrime | |
|
20.3.25 |
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts | Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. | Virus | BleepingComputer |
|
20.3.25 |
Six Governments Likely Use Israeli Paragon Spyware to Hack IM Apps and Harvest Data | The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are likely customers of spyware developed by Israeli company Paragon Solutions, | BigBrothers | The Hacker News |
|
20.3.25 |
CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its | Vulnerebility | The Hacker News |
|
20.3.25 |
CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages | The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a new campaign that targets the defense sectors with Dark Crystal RAT (aka DCRat ). The campaign, detected earlier this month, has been found to target both | Virus | The Hacker News |
|
20.3.25 |
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners | Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT. The vulnerability, assigned the CVE identifier CVE-2024-4577 , refers to an argument injection | Virus | The Hacker News |
|
20.3.25 |
Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia | The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime | Ransom | The Hacker News |
|
20.3.25 |
ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers | The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware | Virus | The Hacker News |
|
19.3.25 |
Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems | Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO , a Supervisory Control and Data Acquisition (SCADA) system | Vulnerebility | The Hacker News |
|
19.3.25 |
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, | Incindent | The Hacker News |
|
19.3.25 |
New 'Rules File Backdoor' Attack Lets Hackers Inject Malicious Code via AI Code Editors | Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered | Virus | The Hacker News |
|
19.3.25 |
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 | An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017. | APT | The Hacker News |
|
19.3.25 |
Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security | Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion. "This acquisition | Security | The Hacker News |
|
19.3.25 |
New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking | A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as | Vulnerebility | The Hacker News |
|
19.3.25 |
New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads | Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store | Exploit | |
|
19.3.25 |
China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation | Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic | Virus | The Hacker News |
|
19.3.25 |
BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse | At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX , | BotNet | The Hacker News |
|
18.3.25 |
Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets | Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and | Virus | The Hacker News |
|
18.3.25 |
Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure | A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept | Exploit | The Hacker News |
|
17.3.25 |
Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year | An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at | BotNet | |
|
17.3.25 |
Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions | Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users' | Exploit | The Hacker News |
|
17.3.25 |
Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from |
|||
|
16.3.25 |
New Akira ransomware decryptor cracks encryptions keys using GPUs |
Security researcher Yohanes Nugroho has released a decryptor for the Linux variant of Akira ransomware, which utilizes GPU power to retrieve the decryption key and unlock files for free. |
||
|
16.3.25 |
Coinbase phishing email tricks users with fake wallet migration |
A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. |
||
|
16.3.25 |
Ransomware gang creates tool to automate VPN brute-force attacks |
The Black Basta ransomware operation created an automated brute-forcing framework dubbed 'BRUTED' to breach edge networking devices like firewalls and VPNs. |
||
|
16.3.25 |
Cisco IOS XR vulnerability lets attackers crash BGP on routers |
Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message. |
||
|
16.3.25 |
Suspected LockBit ransomware dev extradited to United States |
A dual Russian-Israeli national, suspected of being a key developer for the LockBit ransomware operation, has been extradited to the United States to face charges. |
||
|
16.3.25 |
New SuperBlack ransomware exploits Fortinet auth bypass flaws |
A new ransomware operator named 'Mora_001' is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack. |
||
|
16.3.25 |
Microsoft is investigating a known issue that causes the new Outlook email client to crash when users click the "Go to classic Outlook" button, which should help them switch back to the classic Outlook. |
|||
|
16.3.25 |
Juniper patches bug that let Chinese cyberspies backdoor routers |
Juniper Networks has released emergency security updates to patch a Junos OS vulnerability exploited by Chinese hackers to backdoor routers for stealthy access. |
||
|
16.3.25 |
GitLab patches critical authentication bypass vulnerabilities |
GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. |
||
|
16.3.25 |
ClickFix attack delivers infostealers, RATs in fake Booking.com emails |
Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. |
||
|
16.3.25 |
Facebook is warning that a FreeType vulnerability in all versions up to 2.13 can lead to arbitrary code execution, with reports that the flaw has been exploited in attacks. |
|||
|
16.3.25 |
CISA: Medusa ransomware hit over 300 critical infrastructure orgs |
CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month. |
||
|
16.3.25 |
A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. |
|||
|
16.3.25 |
Indian authorities arrested Aleksej Besciokov, the co-founder and one of the administrators of the Russian Garantex crypto-exchange while vacationing with his family in Varkala, India. |
|||
|
16.3.25 |
Mozilla warns users to update Firefox before certificate expires |
Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company's root certificates. |
||
|
15.3.25 |
AI-Assisted Fake GitHub Repositories Fuel SmartLoader and LummaStealer Distribution |
In this blog entry, we uncovered a campaign that uses fake GitHub repositories to distribute SmartLoader, which is then used to deliver Lumma Stealer and other malicious payloads. The campaign leverages GitHub’s trusted reputation to evade detection, using AI-generated content to make fake repositories appear legitimate. |
||
|
15.3.25 |
SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware |
Trend Research analyzed SocGholish’s MaaS framework and its role in deploying RansomHub ransomware through compromised websites, using highly obfuscated JavaScript loaders to evade detection and execute various malicious tasks. |
||
|
15.3.25 |
Critical Mautic Vulnerability (CVE-2024-47051) Enables Arbitrary File Uploads |
The SonicWall Capture Labs threat research team became aware of a critical arbitrary file upload in Mautic, assessed its impact, and developed mitigation measures. |
||
|
15.3.25 |
Recently, we discovered several new malware samples with unique characteristics that made attribution and function determination challenging. |
|||
|
15.3.25 |
Investigating Scam Crypto Investment Platforms Using Pyramid Schemes to Defraud Victims |
Unit 42 researchers discovered a campaign distributing thousands of fraudulent cryptocurrency investment platforms via websites and mobile applications. |
||
|
15.3.25 |
Enterprises Should Consider Replacing Employees’ Home TP-Link Routers |
An examination of CVE trends from February 2025 scanning data. |
||
|
15.3.25 |
Why Critical MongoDB Library Flaws Won't See Mass Exploitation |
Discover how to mitigate CVE-2024-53900 and CVE-2025-23061, which expose Node.js APIs to remote attacks. |
||
|
15.3.25 |
Check Point Research discovered a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. The campaigns are linked to Blind Eagle, also known as APT-C-36, and deliver malicious .url files, which cause a similar effect to the CVE-2024-43451 vulnerability |
|||
|
15.3.25 |
Thorsten picks apart some headlines, highlights Talos’ report on an unknown attacker predominantly targeting Japan, and asks, “Where is the victim, and does it matter?” |
|||
|
15.3.25 |
Microsoft Patch Tuesday for March 2025 — Snort rules and prominent vulnerabilities |
Microsoft has released its monthly security update for March of 2025 which includes 57 vulnerabilities affecting a range of products, including 6 that Microsoft marked as “critical”. |
||
|
15.3.25 |
||||
|
15.3.25 |
||||
|
15.3.25 |
Malicious use of AI is reshaping the fraud landscape, creating major new risks for businesses |
|||
|
15.3.25 |
Microsoft patches Windows Kernel zero-day exploited since 2023 |
Slovak cybersecurity company ESET says a newly patched zero-day vulnerability in the Windows Win32 Kernel Subsystem has been exploited in attacks since March 2023. |
||
|
15.3.25 |
Chinese cyberspies backdoor Juniper routers for stealthy access |
Chinese hackers are deploying custom backdoors on Juniper Networks Junos OS MX routers that have reached end-of-life (EoL) and no longer receive security updates. |
||
|
15.3.25 |
Microsoft: Recent Windows updates make USB printers print random text |
Microsoft says that some USB printers will start printing random text after installing Windows updates released since late January 2025. |
||
|
15.3.25 |
North Korean Lazarus hackers infect hundreds via npm packages |
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. |
||
|
15.3.25 |
Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks |
Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks. |
||
|
15.3.25 |
Microsoft has released the KB5053606 cumulative update for Windows 10 22H2 and Windows 10 21H2, which fixes numerous bugs, including one preventing SSH connections. |
|||
|
15.3.25 |
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws |
Today is Microsoft's March 2025 Patch Tuesday, which includes security updates for 57 flaws, including six actively exploited zero-day vulnerabilities. |
||
|
15.3.25 |
Windows 11 KB5053598 & KB5053602 cumulative updates released |
Microsoft has released Windows 11 KB5053598 and KB5053602 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. |
||
|
15.3.25 |
Microsoft replacing Remote Desktop app with Windows App in May |
Microsoft announced that it will drop support for the Remote Desktop app (available via the Microsoft Store) on May 27 and replace it with its new Windows App. |
||
|
15.3.25 |
MassJacker malware uses 778,000 wallets to steal cryptocurrency |
A newly discovered clipboard hijacking operation dubbed 'MassJacker' uses at least 778,531 cryptocurrency wallet addresses to steal digital assets from compromised computers. |
||
|
15.3.25 |
Critical PHP RCE vulnerability mass exploited in new attacks |
Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. |
||
|
15.3.25 |
PowerSchool previously hacked in August, months before data breach |
PowerSchool has published a long-awaited CrowdStrike investigation into its massive December 2024 data breach, which determined that the company was previously hacked over 4 months earlier, in August, and then again in September. |
||
|
15.3.25 |
CISA tags critical Ivanti EPM flaws as actively exploited in attacks |
CISA warned U.S. federal agencies to secure their networks against attacks exploiting three critical vulnerabilities affecting Ivanti Endpoint Manager (EPM) appliances. |
||
|
15.3.25 |
X hit by 'massive cyberattack' amid Dark Storm's DDoS claims |
The Dark Storm hacktivist group claims to be behind DDoS attacks causing multiple X worldwide outages on Monday, leading the company to enable DDoS protections from Cloudflare. |
||
|
14.3.25 |
Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges |
A 51-year-old dual Russian and Israeli national who is alleged to be a developer of the LockBit ransomware group has been extradited to the United States, nearly three months after he was formally charged in connection with the e-crime |
||
|
14.3.25 |
GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging |
The GSM Association (GSMA) has formally announced support for end-to-end encryption (E2EE) for securing messages sent via the Rich Communications |
||
|
14.3.25 |
Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom |
Cyber threats evolve daily. In this live webinar, learn exactly how ransomware attacks unfold—from the initial breach to the moment hackers demand payment. |
||
|
14.3.25 |
New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions |
Users searching for pirated software are the target of a new malware campaign that delivers a previously undocumented clipper malware called MassJacker, |
||
|
14.3.25 |
OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection |
A new malware campaign has been observed leveraging social engineering tactics to deliver an open-source rootkit called r77 . The activity, condemned |
||
|
13.3.25 |
Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails |
Microsoft has shed light on an ongoing phishing campaign that targeted the hospitality sector by impersonating online travel agency Booking.com using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware. |
||
|
13.3.25 |
North Korea's ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps |
The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting |
||
|
13.3.25 |
GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks |
Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections. SAML is an XML-based markup |
||
|
13.3.25 |
Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk |
Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild. The vulnerability has |
||
|
13.3.25 |
WARNING: Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback |
Browser maker Mozilla is urging users to update their Firefox instances to the latest version to avoid facing issues with using add-ons due to the impending |
||
|
13.3.25 |
Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits |
The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX routers from Juniper Networks as part of a campaign |
||
|
12.3.25 |
Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack |
Threat intelligence firm GreyNoise is warning of a "coordinated surge" in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities spanning |
||
|
12.3.25 |
URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days |
Microsoft on Tuesday released security updates to address 57 security vulnerabilities in its software, including a whopping six zero-days that it said have |
||
|
12.3.25 |
Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks |
Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in "extremely sophisticated" attacks. The vulnerability has been |
||
|
12.3.25 |
Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks |
The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since |
||
|
11.3.25 |
US govt says Americans lost record $12.5 billion to fraud in 2024 |
The U.S. Federal Trade Commission (FTC) said today that Americans lost a record $12.5 billion to fraud last year, a 25% increase over the previous year. |
||
|
11.3.25 |
FTC will send $25.5 million to victims of tech support scams |
Later this week, the Federal Trade Commission (FTC) will start distributing over $25.5 million in refunds to those misled by tech support companies Restoro and Reimage's scare tactics. |
||
|
11.3.25 |
Swiss critical sector faces new 24-hour cyberattack reporting rule |
Switzerland's National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the agency within 24 hours of their discovery. |
||
|
11.3.25 |
Google paid $12 million in bug bounties last year to security researchers |
Google paid almost $12 million in bug bounty rewards to 660 security researchers who reported security bugs through the company's Vulnerability Reward Program (VRP) in 2024. |
||
|
11.3.25 |
US cities are warning of an ongoing mobile phishing campaign pretending to be texts from the city's parking violation departments about unpaid parking invoices, that if unpaid, will incur an additional $35 fine per day. |
|||
|
11.3.25 |
Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices |
Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. |
||
|
11.3.25 |
SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa |
Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group |
||
|
11.3.25 |
Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches |
Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass |
||
|
11.3.25 |
CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint |
||
|
10.3.25 |
Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials |
Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on. |
||
|
10.3.25 |
Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links |
The Middle East and North Africa have become the target of a new campaign that delivers a modified version of a known malware called AsyncRAT since September |
||
|
10.3.25 |
SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN and DPI Bypass Tools |
A new mass malware campaign is infecting users with a cryptocurrency miner named SilentCryptoMiner by masquerading it as a tool designed to circumvent |
||
|
9.3.25 |
Developer guilty of using kill switch to sabotage employer's systems |
A software developer has been found guilty of sabotaging his ex-employer's systems by running custom malware and installing a "kill switch" after being demoted at the company. |
||
|
9.3.25 |
Undocumented "backdoor" found in Bluetooth chip used by a billion devices |
The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks. |
||
|
9.3.25 |
Cybercriminals are sending bogus copyright claims to YouTubers to coerce them into promoting malware and cryptocurrency miners on their videos. |
|||
|
9.3.25 |
U.S. authorities have seized over $23 million in cryptocurrency linked to the theft of $150 million from a Ripple crypto wallet in January 2024. Investigators believe hackers who breached LastPass in 2022 were behind the attack. |
|||
|
9.3.25 |
Unpatched Edimax IP camera flaw actively exploited in botnet attacks |
A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. |
||
|
9.3.25 |
Employee charged with stealing unreleased movies, sharing them online |
A Memphis man was arrested and charged with stealing DVDs and Blu-ray discs of unreleased movies and sharing ripped digital copies online before their release. |
||
|
9.3.25 |
US charges Garantex admins with money laundering, sanctions violations |
The administrators of the Russian Garantex crypto-exchange have been charged in the United States with facilitating money laundering for criminal organizations and violating sanctions. |
||
|
9.3.25 |
Data breach at Japanese telecom giant NTT hits 18,000 companies |
Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident. |
||
|
9.3.25 |
Microsoft says a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of attacks. |
|||
|
9.3.25 |
Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide. |
|||
|
9.3.25 |
Ransomware gang encrypted network from a webcam to bypass EDR |
The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows. |
||
|
9.3.25 |
US seizes domain of Garantex crypto exchange used by ransomware gangs |
The U.S. Secret Service has seized the domain of the sanctioned Russian cryptocurrency exchange Garantex in collaboration with the Department of Justice's Criminal Division, the FBI, and Europol. |
||
|
9.3.25 |
Cybercrime 'crew' stole $635,000 in Taylor Swift concert tickets |
New York prosecutors say that two people working at a third-party contractor for the StubHub online ticket marketplace made $635,000 after almost 1,000 concert tickets and reselling them online. |
||
|
9.3.25 |
Ethereum private key stealer on PyPI downloaded over 1,000 times |
A malicious Python Package Index (PyPI) package named "set-utils" has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain. |
||
|
9.3.25 |
Over 37,000 VMware ESXi servers vulnerable to ongoing attacks |
Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. |
||
|
9.3.25 |
Malicious Chrome extensions can spoof password managers in new attack |
A newly devised "polymorphic" attack allows malicious Chrome extensions to morph into other browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive information. |
||
|
9.3.25 |
Open-source tool 'Rayhunter' helps users detect Stingray attacks |
The Electronic Frontier Foundation (EFF) has released a free, open-source tool named Rayhunter that is designed to detect cell-site simulators (CSS), also known as IMSI catchers or Stingrays. |
||
|
8.3.25 |
Silk Typhoon hackers now target IT supply chains to breach networks |
Microsoft warns that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. |
||
|
8.3.25 |
US charges Chinese hackers linked to critical infrastructure breaches |
The US Justice Department has charged Chinese state security officers along with APT27 and i-Soon hackers for network breaches and cyberattacks that have targeted victims globally since 2011. |
||
|
8.3.25 |
The BadBox Android malware botnet has been disrupted again by removing 24 malicious apps from Google Play and sinkholing communications for half a million infected devices. |
|||
|
8.3.25 |
YouTube warns of AI-generated video of its CEO used in phishing attacks |
YouTube warns of AI-generated video of its CEO used in phishing attacks |
||
|
8.3.25 |
The Toronto Zoo, the largest zoo in Canada, has provided more information about the data stolen during a ransomware attack in January 2024. |
|||
|
8.3.25 |
Fake BianLian ransom notes mailed to US CEOs in postal mail scam |
Scammers are impersonating the BianLian ransomware gang in fake ransom notes sent to US companies via snail mail through the United States Postal Service. |
||
|
8.3.25 |
Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware |
New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks. |
||
|
8.3.25 |
New Eleven11bot botnet infects 86,000 devices for DDoS attacks |
A new botnet malware named 'Eleven11bot' has infected over 86,000 IoT devices, primarily security cameras and network video recorders (NVRs), to conduct DDoS attacks. |
||
|
8.3.25 |
Cisco warns of Webex for BroadWorks flaw exposing credentials |
Cisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely. |
||
|
8.3.25 |
Google expands Android AI scam detection to more Pixel devices |
Google has announced an increased rollout of new AI-powered scam detection features on Android to help protect users from increasingly sophisticated phone and text social engineering scams. |
||
|
8.3.25 |
New polyglot malware hits aviation, satellite communication firms |
A previously undocumented polyglot malware is being deployed in attacks against aviation, satellite communication, and critical transportation organizations in the United Arab Emirates. |
||
|
8.3.25 |
The Polish Space Agency (POLSA) has been offline since it disconnected its systems from the Internet over the weekend to contain a breach of its IT infrastructure. |
|||
|
8.3.25 |
Hunters International ransomware claims attack on Tata Technologies |
The Hunters International ransomware gang has claimed responsibility for a January cyberattack attack on Tata Technologies, stating they stole 1.4TB of data from the company. |
||
|
8.3.25 |
Broadcom warned customers today about three VMware zero-days, tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center. |
|||
|
8.3.25 |
Google fixes Android zero-day exploited by Serbian authorities |
Google has released patches for 43 vulnerabilities in Android's March 2025 security update, including two zero-days. Serbian authorities have used one of the zero-days to unlock confiscated devices. |
||
|
8.3.25 |
Rubrik disclosed last month that one of its servers hosting log files was breached, causing the company to rotate potentially leaked authentication keys. |
|||
|
8.3.25 |
DHS says CISA will not stop monitoring Russian cyber threats |
The US Cybersecurity and Infrastructure Security Agency says that media reports about it being directed to no longer follow or report on Russian cyber activity are untrue, and its mission remains unchanged. |
||
|
8.3.25 |
CISA tags Windows, Cisco vulnerabilities as actively exploited |
CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. |
||
|
8.3.25 |
New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint |
A newly uncovered ClickFix phishing campaign is tricking victims into executing malicious PowerShell commands that deploy the Havok post-exploitation framework for remote access to compromised devices. |
||
|
8.3.25 |
UK watchdog probes TikTok and Reddit over child privacy concerns |
On Monday, the United Kingdom's privacy watchdog announced that it is investigating TikTok, Reddit, and Imgur because of privacy concerns about how they are processing children's data. |
||
|
8.3.25 |
Nearly 12,000 API keys and passwords found in AI training dataset |
Close to 12,000 valid secrets that include API keys and passwords have been found in the Common Crawl dataset used for training multiple artificial intelligence models. |
||
|
8.3.25 |
Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks |
Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows. |
||
|
8.3.25 |
Exploiting DeepSeek-R1: Breaking Down Chain of Thought Security |
DeepSeek-R1 uses Chain of Thought (CoT) reasoning, explicitly sharing its step-by-step thought process, which we found was exploitable for prompt attacks. |
||
|
8.3.25 |
Malvertising campaign leads to info stealers hosted on GitHub |
Microsoft detected a large-scale malvertising campaign in early December 2024 that impacted nearly one million devices globally. The attack originated from illegal streaming websites embedded with malvertising redirectors and ultimately redirected users to GitHub to deliver initial access payloads as the start of a modular and multi-stage attack chain. |
||
|
8.3.25 |
Uncovering .NET Malware Obfuscated by Encryption and Virtualization |
We will examine these behaviors in samples we have observed, showing how to extract their configuration parameters through unpacking each stage. Performing this same process through automation would allow a sandbox performing static analysis to extract crucial malware configuration parameters from such samples. |
||
|
8.3.25 |
Cisco Talos has discovered an active exploitation of CVE-2024-4577 by an attacker in order to gain access to the victim's machines and carry out post-exploitation activities. |
|||
|
8.3.25 |
Martin Lee dives into to the complexities of defending our customers from threat actors and covers the latest Talos research in this week's newsletter. |
|||
|
8.3.25 | ||||
|
8.3.25 |
Martin Rees: Post-human intelligence – a cosmic perspective | Starmus highlights |
|||
|
8.3.25 |
Threat Report H2 2024: Infostealer shakeup, new attack vector for mobile, and Nomani |
|||
|
8.3.25 |
FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations |
Threat hunters have shed light on a "sophisticated and evolving malware toolkit" called Ragnar Loader that's used by various cybercrime and ransomware groups |
||
|
8.3.25 |
Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide |
Microsoft has disclosed details of a large-scale malvertising campaign that's estimated to have impacted over one million devices globally as part of what it |
||
|
8.3.25 |
This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions |
Cybersecurity researchers have discovered a malicious Python package on the Python Package Index (PyPI) repository that's equipped to steal a victim's |
||
|
8.3.25 |
U.S. Secret Service Seizes Russian Garantex Crypto Exchange Website |
A coalition of international law enforcement agencies has seized the website associated with the cryptocurrency exchange Garantex ("garantex[.]org"), nearly |
||
|
7.3.25 |
Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist |
Safe{Wallet} has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a "highly sophisticated, state-sponsored attack," stating the |
||
|
7.3.25 |
PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors |
Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025. |
||
|
7.3.25 |
Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution |
Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could |
||
|
7.3.25 |
EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing |
The financially motivated threat actor known as EncryptHub has been observed orchestrating sophisticated phishing campaigns to deploy information stealers |
||
|
7.3.25 |
Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom |
The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks |
||
|
7.3.25 |
Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access |
Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. "Creating four backdoors |
||
|
6.3.25 |
U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations |
The U.S. Department of Justice (DoJ) has announced charges against 12 Chinese nationals for their alleged participation in a wide-ranging scheme designed to steal |
||
|
6.3.25 |
China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access |
The China-linked threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT) supply chain as a means to obtain initial access to |
||
|
6.3.25 |
Dark Caracal Uses Poco RAT to Target Spanish-Speaking Enterprises in Latin America |
The threat actor known as Dark Caracal has been attributed to a campaign that deployed a remote access trojan called Poco RAT in attacks targeting Spanish- |
||
|
6.3.25 |
Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud |
Google has announced the rollout of artificial intelligence (AI)-powered scam detection features to secure Android device users and their personal information. |
||
|
6.3.25 |
Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants |
The threat actor known as Lotus Panda has been observed targeting government, manufacturing, telecommunications, and media sectors in the Philippines, |
||
|
5.3.25 |
Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems |
Cybersecurity researchers are alerting of an ongoing malicious campaign targeting the Go ecosystem with typosquatted modules that are designed to |
||
|
5.3.25 |
Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates |
Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining |
||
|
5.3.25 |
VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches |
Broadcom has released security updates to address three actively exploited security flaws in VMware ESXi, Workstation, and Fusion products that could lead |
||
|
5.3.25 |
Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector |
Threat hunters are calling attention to a new highly-targeted phishing campaign that singled out "fewer than five" entities in the United Arab Emirates (U.A.E.) to |
||
|
5.3.25 |
Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers |
Internet service providers (ISPs) in China and the West Coast of the United States have become the target of a mass exploitation campaign that deploys information |
||
|
4.3.25 |
Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting software from Cisco, Hitachi Vantara, |
||
|
4.3.25 |
Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities |
Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under |
||
|
4.3.25 |
Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail |
Threat actors are targeting Amazon Web Services ( AWS ) environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo |
||
|
4.3.25 |
Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites |
Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control |
||
|
4.3.25 |
Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks |
Threat actors have been exploiting a security vulnerability in Paragon Partition Manager's BioNTdrv.sys driver in ransomware attacks to escalate privileges and |
||
|
4.3.25 |
U.K. ICO Investigates TikTok, Reddit, and Imgur Over Children's Data Protection Practices |
The U.K.'s Information Commissioner's Office (ICO) has opened an investigation into online platforms TikTok, Reddit, and Imgur to assess the steps they are taking |
||
|
3.3.25 |
Vo1d Botnet's Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries |
Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed |
||
|
1.3.25 |
Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks |
Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows. |
||
|
1.3.25 |
U.S. recovers $31 million stolen in 2021 Uranium Finance hack |
U.S. authorities recovered $31 million in cryptocurrency stolen in 2021 cyberattacks on Uranium Finance, a Binance Smart Chain-based DeFi protocol. |
||
|
1.3.25 |
Qilin ransomware claims attack at Lee Enterprises, leaks stolen data |
The Qilin ransomware gang has claimed responsibility for the attack at Lee Enterprises that disrupted operations on February 3, leaking samples of data they claim was stolen from the company. |
||
|
1.3.25 |
Police arrests suspects tied to AI-generated CSAM distribution ring |
Law enforcement agencies from 19 countries have arrested 25 suspects linked to a criminal ring that was distributing child sexual abuse material (CSAM) generated using artificial intelligence (AI). |
||
|
1.3.25 |
Serbian police used Cellebrite zero-day hack to unlock Android phones |
Serbian authorities have reportedly used an Android zero-day exploit chain developed by Cellebrite to unlock the device of a student activist in the country and attempt to install spyware. |
||
|
1.3.25 |
Vo1d malware botnet grows to 1.6 million Android TVs worldwide |
A new variant of the Vo1d malware botnet has grown to 1,590,299 infected Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks. |
||
|
1.3.25 |
Privacy tech firms warn France’s encryption and VPN laws threaten privacy |
Privacy-focused email provider Tuta (previously Tutanota) and the VPN Trust Initiative (VTI) are raising concerns over proposed laws in France set to backdoor encrypted messaging systems and restrict internet access. |
||
|
1.3.25 |
Over 49,000 misconfigured building access systems exposed online |
Researchers discovered 49,000 misconfigured and exposed Access Management Systems (AMS) across multiple industries and countries, which could compromise privacy and physical security in critical sectors. |
||
|
1.3.25 |
Belgium probes if Chinese hackers breached its intelligence service |
The Belgian federal prosecutor's office is investigating whether Chinese hackers were behind a breach of the country's State Security Service (VSSE). |
||
|
1.3.25 |
Suspected Desorden hacker arrested for breaching 90 organizations |
A suspected cyber criminal believed to have extorted companies under the name "DESORDEN Group" or "ALTDOS" has been arrested in Thailand for leaking the stolen data of over 90 organizations worldwide. |
||
|
1.3.25 |
FBI confirms Lazarus hackers were behind $1.5B Bybit crypto heist |
FBI has confirmed that North Korean hackers stole $1.5 billion from cryptocurrency exchange Bybit on Friday in the largest crypto heist recorded until now. |
||
|
1.3.25 |
Southern Water says Black Basta ransomware attack cost £4.5M in expenses |
United Kingdom water supplier Southern Water has disclosed that it incurred costs of £4.5 million ($5.7M) due to a cyberattack it suffered in February 2024. |
||
|
1.3.25 |
GrassCall malware campaign drains crypto wallets via fake job interviews |
A recent social engineering campaign targeted job seekers in the Web3 space with fake job interviews through a malicious "GrassCall" meeting app that installs information-stealing malware to steal cryptocurrency wallets. |
||
|
1.3.25 |
Unit 42 researchers have observed phishing activity that we track as TGR-UNK-0011. We assess with high confidence that this cluster overlaps with the threat actor group JavaGhost. The threat actor group JavaGhost has been active for over five years and continues to target cloud environments to send out phishing campaigns to unsuspecting targets. |
|||
|
1.3.25 |
Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations |
This article reviews a cluster of malicious activity that we identify as CL-STA-0049. Since at least March 2023, a suspected Chinese threat actor has targeted governments, defense, telecommunication, education and aviation sectors in Southeast Asia and South America. |
||
|
1.3.25 |
Malware targeting macOS systems is increasingly pervasive in our current threat landscape. Most of the associated threats are cybercrime-related, ranging from information stealers to cryptocurrency mining. Over the past year, we have witnessed an increase in cybercrime activity linked to North Korean nation-state APT groups. |
|||
|
1.3.25 |
Between early November and December 2024, Palo Alto Networks researchers discovered new Linux malware called Auto-color. We chose this name based on the file name the initial payload renames itself after installation. |
|||
|
1.3.25 |
Silent Killers: Unmasking a Large-Scale Legacy Driver Exploitation Campaign |
While the abuse of vulnerable drivers has been around for a while, those that can terminate arbitrary processes have drawn increasing attention in recent years. As Windows security continues to evolve, it has become more challenging for attackers to execute malicious code without being detected. |
||
|
1.3.25 |
Over the past few decades, hacktivism has been, in a lot of cases, characterized by minor website defacements and distributed denial-of-service (DDoS) attacks, which, while making headlines, had minimal lasting impact. |
|||
|
1.3.25 |
Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools |
|||
|
1.3.25 |
Sellers can get scammed too, and Joe goes off on a rant about imposter syndrome |
Joe has some advice for anyone experiencing self doubt or wondering about their next career move. Plus, catch up on the latest Talos research on scams targeting sellers, and the Lotus Blossom espionage group. |
||
|
1.3.25 |
There are many risks associated with selling items on online marketplaces that individuals and organizations should be aware of when conducting business on these platforms. |
|||
|
1.3.25 |
Bernhard Schölkopf: Is AI intelligent? | Starmus highlights |
|||
|
1.3.25 |
This month in security with Tony Anscombe – February 2025 edition |
|||
|
1.3.25 | ||||
|
1.3.25 |
Business email compromise attacks have become increasingly common in recent years, driven by sophisticated social engineering tactics that make it easier to dupe victims. |
|||
|
1.3.25 |
Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language |
Firefox browser maker Mozilla on Friday updated its Terms of Use a second time within a week following criticism overbroad language that appeared to give the |
||
|
1.3.25 |
Amnesty Finds Cellebrite's Zero-Day Used to Unlock Serbian Activist's Android Phone |
A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the device, according to a new report from Amnesty International. "The Android phone of one student protester was |
||