2025 January(178) February(102) March(349) April(412) May(435) June(471) July(395) August(189) September(431) October(0) November(0) December(0)
|
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
|
28.9.25 |
Europe opens investigation into SAP bad ERP support practices |
The European Comission is investigating potential anti-competitive practices in aftermarket services SAP provides for its on-premise ERP software. |
||
|
28.9.25 |
Fake Microsoft Teams installers push Oyster malware via malvertising |
Hackers have been spotted using SEO poisoning and search engine advertisements to promote fake Microsoft Teams installers that infect Windows devices with the Oyster backdoor, providing initial access to corporate networks. |
||
|
28.9.25 |
Dutch teens arrested for trying to spy on Europol for Russia |
Two Dutch teenage boys aged 17, reportedly used hacking devices to spy for Russia, have been arrested by the Politie on Monday. |
||
|
28.9.25 |
Microsoft’s new AI feature will organize your photos automatically |
Microsoft has begun testing a new AI-powered feature in Microsoft Photos, designed to categorize photos automatically on Windows 11 systems. |
||
|
28.9.25 |
U.S. President Donald Trump has signed an executive order approving a plan to restructure TikTok operations in the country to address national security concerns. |
|||
|
28.9.25 |
Microsoft shares temp fix for Outlook encrypted email errors |
Microsoft is investigating a known issue that triggers Outlook errors when opening encrypted emails sent from other organizations. |
||
|
28.9.25 |
Microsoft is planning to introduce a new Edge security feature that will protect users against malicious extensions sideloaded into the web browser. |
|||
|
28.9.25 |
Generative AI can boost productivity—but without safeguards, it also opens the door to phishing, fraud & model manipulation. Learn more from Acronis TRU on why AI security must be built in from the start. |
|||
|
28.9.25 |
Hackers are actively exploiting a maximum severity vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT that allows injecting commands remotely without authentication. |
|||
|
28.9.25 |
Microsoft has released the final non-security preview update for Windows 10, version 22H2, which includes fixes for the out-of-box experience and SMBv1 protocol connectivity. |
|||
|
28.9.25 |
Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs |
Microsoft Threat Intelligence reports that a new variant of the XCSSET macOS malware has been detected in limited attacks, incorporating several new features, including enhanced browser targeting, clipboard hijacking, and improved persistence mechanisms. |
||
|
28.9.25 |
A npm package copying the official 'postmark-mcp' project on GitHub turned bad with the latest update that added a single line of code to exfiltrate all its users' email communication. |
|||
|
28.9.25 |
Co-op says it lost $107 million after Scattered Spider attack |
The Co-operative Group in the U.K. released its interim financial results report for the first half of 2025 with a massive loss in operating profit of £80 million ($107 million) due to the cyberattack it suffered last April. |
||
|
28.9.25 |
CISA orders agencies to patch Cisco flaws exploited in zero-day attacks |
CISA has issued a new emergency directive ordering U.S. federal agencies to secure their Cisco firewall devices against two flaws that have been exploited in zero-day attacks. |
||
|
28.9.25 |
Cisco warned customers today to patch two zero-day vulnerabilities that are actively being exploited in attacks and impact the company's firewall software. |
|||
|
28.9.25 |
Amazon pays $2.5 billion to settle Prime memberships lawsuit |
Amazon will pay $2.5 billion to settle claims by the U.S. Federal Trade Commission (FTC) that it used dark patterns to trick millions of users into enrolling in its Prime program and made it as difficult as possible to cancel the recurring subscriptions. |
||
|
28.9.25 |
Malicious Rust packages on Crates.io steal crypto wallet keys |
Two malicious packages with nearly 8,500 downloads in Rust's official crate repository scanned developers' systems to steal cryptocurrency private keys and other secrets. |
||
|
28.9.25 |
Teen suspected of Vegas casino cyberattacks released to parents |
A 17-year-old hacker who surrendered to face charges over cyberattacks targeting Vegas casinos in 2023 has been released into the custody of his parents, a family court judge ruled. |
||
|
28.9.25 |
Microsoft will offer free Windows 10 extended security updates in Europe |
Microsoft will offer free extended security updates for Windows 10 users in the European Economic Area (EEA), which includes Iceland, Liechtenstein, Norway, and all 27 European Union member states. |
||
|
28.9.25 |
Two vulnerabilities affecting the firmware of Supermicro hardware, including Baseboard Management Controller (BMC) allow attackers to update systems with maliciously crafted images. |
|||
|
28.9.25 |
OpenAI is internally testing a new version of its AI agent, which uses a special version of GPT-5 dubbed "GPT-Alpha." |
|||
|
28.9.25 |
Kali Linux 2025.3 released with 10 new tools, Wi-Fi enhancements |
Kali Linux has released version 2025.3, the third version of 2025, featuring ten new tools, Nexmon support, and NetHunter improvements. |
||
|
28.9.25 |
Cisco warns of IOS zero-day vulnerability exploited in attacks |
Cisco has released security updates to address a high-severity zero-day vulnerability in Cisco IOS and IOS XE Software that is currently being exploited in attacks. |
||
|
28.9.25 |
Unpatched flaw in OnePlus phones lets rogue apps text messages |
A vulnerability in multiple OnePlus OxygenOS versions allows any installed app to access SMS data and metadata without requiring permission or user interaction. |
||
|
28.9.25 |
Police seizes $439 million stolen by cybercrime rings worldwide |
In a five-month joint operation led by Interpol, law enforcement agencies have seized more than $439 million in cash and cryptocurrency linked to cyber-enabled financial crimes that impacted thousands of victims worldwide. |
||
|
28.9.25 |
Huntress analysts discovered a previously unseen ransomware variant, Obscura, spreading from a victim company's domain controller. Learn how Obscura works—and what it means for defenders—in this week's Tradecraft Tuesday. |
|||
|
28.9.25 |
Google: Brickstorm malware used to steal U.S. orgs' data for over a year |
Suspected Chinese hackers have used the Brickstorm malware in long-term persistence espionage operations against U.S. organizations in the technology and legal sectors. |
||
|
28.9.25 |
UK arrests suspect for RTX ransomware attack causing airport disruptions |
The UK's National Crime Agency has arrested a suspect linked to a ransomware attack that is causing widespread disruptions across European airports. |
||
|
28.9.25 |
PyPI urges users to reset credentials after new phishing attacks |
The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. |
||
|
28.9.25 |
GitHub notifications abused to impersonate Y Combinator for crypto theft |
A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y Combinator (YC) W2026 program. |
||
|
28.9.25 |
Boyd Gaming discloses data breach after suffering a cyberattack |
US gaming and casino operator Boyd Gaming Corporation disclosed it suffered a breach after threat actors gained access to its systems and stole data, including employee information and data belonging to a limited number of other individuals. |
||
|
27.9.25 |
Libraesva ESG issues emergency fix for bug exploited by state hackers |
Libraesva rolled out an emergency update for its Email Security Gateway solution to fix a vulnerability exploited by threat actors believed to be state sponsored. |
||
|
27.9.25 |
WhatsApp adds message translation to iPhone and Android apps |
WhatsApp has started rolling out a new translation feature that enables Android and iPhone users to translate messages in chats, groups, and channel updates. |
||
|
27.9.25 |
Cloudflare mitigates new record-breaking 22.2 Tbps DDoS attack |
Cloudflare has mitigated a distributed denial-of-service (DDoS) attack that peaked at a record-breaking 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps). |
||
|
27.9.25 |
CISA says hackers breached federal agency using GeoServer exploit |
CISA has revealed that attackers breached the network of an unnamed U.S. federal civilian executive branch (FCEB) agency last year after compromising an unpatched GeoServer instance. |
||
|
27.9.25 |
Police dismantles crypto fraud ring linked to €100 million in losses |
Law enforcement authorities in Europe have arrested five suspects linked to a cryptocurrency investment fraud ring that stole over €100 million ($118 million) from more than 100 victims. |
||
|
27.9.25 |
SolarWinds releases third patch to fix Web Help Desk RCE bug |
SolarWinds has released a hotfix for a critical a critical vulnerability in Web Help Desk that allows remote code execution (RCE) without authentication. |
||
|
27.9.25 |
SonicWall releases SMA100 firmware update to wipe rootkit malware |
SonicWall has released a firmware update that can help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices. |
||
|
27.9.25 |
GitHub tightens npm security with mandatory 2FA, access tokens |
GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale incidents recently. |
||
|
27.9.25 |
NPM package caught using QR Code to fetch cookie-stealing malware |
Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser. The package, masquerading as a utility library, leverages this innovative steganographic technique to harvest sensitive data, such as user credentials, from a compromised machine. |
||
|
27.9.25 |
The disruptions over the weekend at several major European airports were caused by a ransomware attack targeting the check-in and boarding systems. |
|||
|
27.9.25 |
American Archive of Public Broadcasting fixes bug exposing restricted media |
A vulnerability in the American Archive of Public Broadcasting's website allowed downloading of protected and private media for years, with the flaw quietly patched this month. |
||
|
27.9.25 |
Automaker giant Stellantis confirms data breach after Salesforce hack |
Automotive manufacturing giant Stellantis has confirmed that attackers stole some of its North American customers' data after gaining access to a third-party service provider's platform. |
||
|
27.9.25 |
New EDR-Freeze tool uses Windows WER to suspend security software |
A new method and proof-of-concept tool called EDR-Freeze demonstrates that evading security solutions is possible from user mode with Microsoft's Windows Error Reporting (WER) system. |
||
|
27.9.25 |
Microsoft lifts Windows 11 update block after face detection fix |
Microsoft has removed a compatibility hold that prevented devices with integrated cameras from installing Windows 11 24H2 due to a face detection bug causing app freezes. |
||
|
27.9.25 |
Mozilla has announced a new feature that enables Firefox extension developers to roll back to previously approved versions, allowing them to quickly address critical bugs and issues. |
|||
|
27.9.25 |
LastPass: Fake password managers infect Mac users with malware |
LastPass is warning users of a campaign that targets macOS users with malicious software impersonating popular products delivered through fraudulent GitHub repositories. |
||
|
27.9.25 |
Why attackers are moving beyond email-based phishing attacks |
Phishing isn't just email anymore. Attackers now use social media, chat apps & malicious ads to steal credentials. Push Security explains the latest tactics and shows how to stop multi-channel phishing where it happens — inside the browser. |
||
|
27.9.25 |
Microsoft says recent updates cause DRM video playback issues |
Microsoft has confirmed a known issue that prevents some apps from playing Digital Rights Management (DRM) protected video content or displaying and recording live TV. |
||
|
27.9.25 |
Verified Steam game steals streamer's cancer treatment donations |
A gamer seeking financial support for cancer treatment lost $32,000 after downloading from Steam a verified game named BlockBlasters that drained his cryptocurrency wallet. |
||
|
27.9.25 |
Microsoft Entra ID flaw allowed hijacking any company's tenant |
A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. |
||
|
27.9.25 |
China-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN Networks |
Telecommunications and manufacturing sectors in Central and South Asian countries have emerged as the target of an ongoing campaign distributing a new variant of a known malware |
||
|
27.9.25 |
Researchers Expose Phishing Threats Distributing CountLoader and PureRAT |
A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader , which is then used to drop Amatera Stealer and PureMiner . |
||
|
27.9.25 |
How the notorious Packer-as-a-Service operation built itself into a hydra |
|||
|
27.9.25 |
GOLD SALEM’s Warlock operation joins busy ransomware landscape |
The emerging group demonstrates competent tradecraft using a familiar ransomware playbook and hints of ingenuity |
||
|
27.9.25 |
A phishing campaign in Ukraine uses malicious SVG files to drop Amatera Stealer and PureMiner, enabling data theft and cryptomining. Learn more. |
|||
|
27.9.25 |
CountLoader: Silent Push Discovers New Malware Loader Being Served in 3 Different Versions |
Silent Push has discovered a new malware loader that is strongly associated with Russian ransomware gangs that we are naming: “CountLoader.” |
||
|
27.9.25 |
|
Google Threat Intelligence Group (GTIG) is tracking BRICKSTORM malware activity, which is being used to maintain persistent access to victim organizations in the United States. |
||
|
27.9.25 |
Check Point Research is actively tracking Iranian threat actor Nimbus Manticore. Our latest findings show it is expanding operations into Europe and now targeting the defense, telecom, and aerospace sectors. |
|||
|
27.9.25 |
Australia Ransomware Landscape 2025: Rich Targets Attract Ransomware Groups |
Australia’s high per-capita GDP has led to an outsized number of ransomware attacks. Here are the numbers – and 10 major attacks that hit the ANZ region. |
||
|
27.9.25 |
Cyble Honeypots Detect Exploit Attempts of Nearly Two Dozen Vulnerabilities |
Recent Cyble reports have detailed dozens of vulnerabilities under active attack by threat actors and ransomware groups. |
||
|
27.9.25 |
Australia Urges Immediate Action on Post-Quantum Cryptography as CRQC Threat Looms |
ACSC urges early action as CRQC threatens current encryption. Organizations must adopt post-quantum cryptography by 2030 to protect critical data. |
||
|
27.9.25 |
Countdown to DPDP Rules: What to Expect from the Final DPDP Rules |
The wait is almost over. The final Digital Personal Data Protection (DPDP) Rules are just days away, marking the next big step after the enactment of the DPDPA in 2023. With only a few days left, organizations must gear... |
||
|
27.9.25 |
Why Regional and Cooperative Banks Can No Longer Rely on Legacy VPNs |
Virtual Private Networks (VPNs) have been the go-to solution for securing remote access to banking systems for decades. They created encrypted tunnels for employees, vendors, and auditors to connect with core banking applications. But as cyber threats become more... |
||
|
27.9.25 |
Executive Summary South Africa’s cyber threat landscape has intensified sharply in 2025, reflecting the country’s position as Africa’s most digitally integrated economy and a prime targe |
|||
|
27.9.25 |
Executive Summary CYFIRMA analyzed the September 2, 2025, Jaguar Land Rover (JLR) cyber incident, which caused widespread disruption by shutting down global IT systems and |
|||
|
27.9.25 |
Executive Summary In this report, our researchers analysed recent cyber activity targeting Qatar, including data leaks, the sale of initial access, and ransomware incidents. We explain |
|||
|
27.9.25 |
From MUSE to Manual: Cyberattack Analysis on European Airport Operations |
Executive Summary On 19 September 2025, multiple major European airports, including London Heathrow (LHR), Brussels (BRU), and Berlin Brandenburg (BER), experienced severe |
||
|
27.9.25 |
Firmware protection is gaining increased urgency as cyberattackers from ransomware gangs to nation state APTs target firmware vulnerabilities to maintain persistence in target environments. Eclypsium has been mentioned as a sample vendor in two Gartner Hype Cycles in 2025 under the Firmware Protection as a Service product category. |
|||
|
27.9.25 |
HybridPetya Ransomware Shows Why Firmware Security Can't Be an Afterthought |
Like many in our field, I thought we’d seen the last of Petya-style attacks after the chaos of 2017. |
||
|
27.9.25 |
XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory |
Microsoft Threat Intelligence has uncovered a new variant of the XCSSET malware, which is designed to infect Xcode projects, typically used by software developers building Apple or macOS-related applications. |
||
|
27.9.25 |
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks |
Trend™ Research’s analysis of Wondershare RepairIt reveals how the AI-driven app exposed sensitive user data due to unsecure cloud storage practices and hardcoded credentials, creating risks of model tampering and supply chain attacks. |
||
|
27.9.25 |
Domino Effect: How One Vendor's AI App Breach Toppled Giants |
A single AI chatbot breach at Salesloft-Drift exposed data from 700+ companies, including security leaders. The attack shows how AI integrations expand risk, and why controls like IP allow-listing, token security, and monitoring are critical. |
||
|
27.9.25 |
Poisoned data. Malicious LoRAs. Trojan model files. AI attacks are stealthier than ever—often invisible until it’s too late. Here’s how to catch them before they catch you. |
|||
|
27.9.25 |
Trend™ Research analyzed source binaries from the latest activity from notorious LockBit ransomware with their 5.0 version that exhibits advanced obfuscation, anti-analysis techniques, and seamless cross-platform capabilities for Windows, Linux, and ESXi systems. |
|||
|
27.9.25 |
Cloud-native application protection platform (CNAPP) not only helps organizations protect, but offers the flexibility of multi-cloud. |
|||
|
27.9.25 |
Decrypting Gremlin: A Deep Dive Into The Info Stealer's Data Harvesting Engine |
The SonicWall Capture Labs threat research team has recently been tracking the latest variants of Gremlin malware, a sophisticated .NET-based information stealer designed for comprehensive data exfiltration from infected Windows systems. |
||
|
27.9.25 |
Exploited in the Wild: DELMIA Apriso Insecure Deserialization (CVE-2025-5086) |
The SonicWall Capture Labs threat research team became aware of a deserialization of untrusted data vulnerability in DELMIA Apriso, assessed its impact and developed mitigation measures. |
||
|
27.9.25 |
Check Point Research is tracking a long‑running campaign by the Iranian threat actor Nimbus Manticore, which overlaps with UNC1549, Smoke Sandstorm, and the “Iranian Dream Job” operations. The ongoing campaign targets defense manufacturing, telecommunications, and aviation that are aligned with IRGC strategic priorities. |
|||
|
27.9.25 |
How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking |
Talos discovered that a new PlugX variant’s features overlap with both the RainyDay and Turian backdoors |
||
|
27.9.25 |
Hazel celebrates unseen effort in cybersecurity and shares some PII. Completely unrelated, but did you know “Back to the Future” turns 40 this year? |
|||
|
27.9.25 |
What happens when you bring in a team of cybersecurity responders? How do we turn chaos into control, and what is the long-term value that Talos IR provides to the organizations we work with? |
|||
|
27.9.25 |
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices |
Cisco is aware of new activity targeting certain Cisco Adaptive Security Appliances (ASA) 5500-X Series and has released three CVEs related to the event. We assess with high confidence this activity is related to same threat actor as ArcaneDoor in 2024. |
||
|
27.9.25 |
Put together an IR playbook — for your personal mental health and wellbeing |
This edition pulls the curtain aside to show the realities of the VPN Filter campaign. Joe reflects on the struggle to prevent burnout in a world constantly on fire. |
||
|
27.9.25 |
Discover how a Cisco Talos Incident Response expert transitioned from philosophy to the high-stakes world of incident command, offering candid insights into managing burnout and finding a supportive team. |
|||
|
27.9.25 |
Roblox executors: It’s all fun and games until someone gets hacked |
|||
|
27.9.25 |
DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception |
|||
|
27.9.25 |
||||
|
27.9.25 |
Some time in 2024, during a Project Zero team discussion, we were talking about how remote ASLR leaks would be helpful or necessary for exploiting some types of memory corruption bugs, specifically in the context of Apple devices. |
|||
|
27.9.25 |
Trellix provides an in-depth examination of the Shai-Hulud worm campaign, with guidance for organizations to better protect themselves |
|||
|
27.9.25 |
When AD Gets Breached: Detecting NTDS.dit Dumps and Exfiltration with Trellix NDR |
This blog describes a real-world scenario in which threat actors gained access to a system, dumped the NTDS.dit file, and attempted to exfiltrate it while avoiding common defenses. |
||
|
27.9.25 |
Unmasking Hidden Threats: Spotting a DPRK IT-Worker Campaign |
In the North Korean IT worker employment campaign, skilled operatives from the DPRK (North Korea) pose as remote IT professionals to get hired at Western companies. |
||
|
26.9.25 |
New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks |
The Russian advanced persistent threat (APT) group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed to deliver two new "lightweight" malware families tracked as BAITSWITCH and SIMPLEFIX. |
||
|
26.9.25 |
Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure |
Cybersecurity company watchTowr Labs has disclosed that it has "credible evidence" of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer |
||
|
26.9.25 |
New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module |
Cybersecurity researchers have discovered an updated version of a known Apple macOS malware called XCSSET that has been observed in limited attacks. "This new variant of XCSSET |
||
|
26.9.25 |
Cisco ASA Firewall Zero-Day Exploits Deploy RayInitiator and LINE VIPER Malware |
The U.K. National Cyber Security Centre (NCSC) has revealed that threat actors have exploited the recently disclosed security flaws impacting Cisco firewalls as part of zero-day attacks to |
||
|
26.9.25 |
Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive |
Cisco is urging customers to patch two security flaws impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat |
||
|
26.9.25 |
Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network |
The threat actor known as Vane Viper has been outed as a purveyor of malicious ad technology (adtech), while relying on a tangled web of shell companies and opaque ownership structures to |
||
|
26.9.25 |
Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection |
The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented backdoor called AkdoorTea, along with tools like |
||
|
25.9.25 |
North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers |
The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented backdoor called AkdoorTea, along with tools like |
||
|
25.9.25 |
Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds |
The latest Gcore Radar report analyzing attack data from Q1–Q2 2025, reveals a 41% year-on-year increase in total attack volume. The largest attack peaked at 2.2 Tbps, surpassing the 2 |
||
|
25.9.25 |
Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed |
Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and Ethereum wallet keys from source code. |
||
|
25.9.25 |
Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS SoftwareCisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software |
Cisco has warned of a high-severity security flaw in IOS Software and IOS XE Software that could allow a remote attacker to execute arbitrary code or trigger a denial-of-service (DoS) |
||
|
25.9.25 |
Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike |
A suspected cyber espionage activity cluster that was previously found targeting global government and private sector organizations spanning Africa, Asia, North America, South |
||
|
25.9.25 |
UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors |
Companies in the legal services, software-as-a-service (SaaS) providers, Business Process Outsourcers (BPOs), and technology sectors in the U.S. have been targeted by a suspected |
||
|
24.9.25 |
Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models |
Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the system to artificial intelligence (AI) |
||
|
24.9.25 |
New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus |
Cybersecurity researchers have disclosed details of a new malware family dubbed YiBackdoor that has been found to share "significant" source code overlaps with IcedID and Latrodectus . |
||
|
24.9.25 |
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials |
Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web |
||
|
24.9.25 |
State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability |
Libraesva has released a security update to address a vulnerability in its Email Security Gateway (ESG) solution that it said has been exploited by state-sponsored threat actors. The vulnerability, |
||
|
24.9.25 |
Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security |
Cybersecurity researchers have disclosed details of two security vulnerabilities impacting Supermicro Baseboard Management Controller (BMC) firmware that could potentially allow |
||
|
24.9.25 |
Eurojust Arrests 5 in €100M Cryptocurrency Investment Fraud Spanning 23 Countries |
Law enforcement authorities in Europe have arrested five suspects in connection with an "elaborate" online investment fraud scheme that stole more than €100 million ($118 million) |
||
|
24.9.25 |
U.S. Secret Service Seizes 300 SIM Servers, 100K Cards Threatening U.S. Officials Near UN |
The U.S. Secret Service on Tuesday said it took down a network of electronic devices located across the New York tri-state area that were used to threaten U.S. government officials and |
||
|
23.9.25 |
SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw |
SolarWinds has released hot fixes to address a critical security flaw impacting its Web Help Desk software that, if successfully exploited, could allow attackers to execute arbitrary |
||
|
23.9.25 |
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service |
Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service (DDoS) attacks against targets of interest. The |
||
|
23.9.25 |
GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security |
GitHub on Monday announced that it will be changing its authentication and publishing options "in the near future" in response to a recent wave of supply chain attacks targeting the npm ecosystem, including the Shai-Hulud attack |
||
|
23.9.25 |
BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells |
Cybersecurity researchers are calling attention to a search engine optimization (SEO) poisoning campaign likely undertaken by a Chinese-speaking threat actor using a malware called BadIIS in |
||
|
23.9.25 |
ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks |
Organizations in Belarus, Kazakhstan, and Russia have emerged as the target of a phishing campaign undertaken by a previously undocumented hacking group called ComicForm since at |
||
|
22.9.25 |
Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants |
A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including Global Administrators, across any |
||
|
22.9.25 |
DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams |
Threat actors with ties to the Democratic People's Republic of Korea (aka DPRK or North Korea) have been observed leveraging ClickFix-style lures to deliver a known malware called BeaverTail |
||
|
21.9.25 |
Canada dismantles TradeOgre exchange, seizes $40 million in crypto |
The Royal Canadian Mounted Police has shut down the TradeOgre cryptocurrency exchange and seized more than $40 million believed to originate from criminal activities. |
||
|
21.9.25 |
FBI warns of cybercriminals using fake FBI crime reporting portals |
The FBI warned today that cybercriminals are impersonating its Internet Crime Complaint Center (IC3) website in what the law enforcement agency described as "possible malicious activity." |
||
|
21.9.25 |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the malware deployed in attacks exploiting vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). |
|||
|
21.9.25 |
Fortra warns of max severity flaw in GoAnywhere MFT’s License Servlet |
Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT's License Servlet that can be exploited in command injection attacks. |
||
|
21.9.25 |
Known. Emerging. Unstoppable? Ransomware Attacks Still Evade Defenses |
Ransomware remains one of the most destructive threats—because defenses keep failing. Picus Blue Report 2025 shows prevention dropped to 62%, while data exfiltration prevention collapsed to just 3%. |
||
|
21.9.25 |
Valve has announced that its Steam digital distribution service will drop support for 32-bit versions of Windows starting January 2026. |
|||
|
21.9.25 |
UK arrests 'Scattered Spider' teens linked to Transport for London hack |
Two teenagers, believed to be linked to the August 2024 cyberattack on Transport for London, have been arrested in the United Kingdom. |
||
|
21.9.25 |
SystemBC malware turns infected VPS systems into proxy highway |
The operators of the SystemBC proxy botnet are hunting for vulnerable commercial virtual private servers (VPS) and maintain an average of 1,500 bots every day that provide a highway for malicious traffic. |
||
|
21.9.25 |
Target-rich environment: Why Microsoft 365 has become the biggest risk |
Microsoft 365's dominance and tight integration makes it a massive target in today's cyber landscape. Its tight integration expands the attack surface and amplifies risk. Learn from Acronis TRU why backup blind spots & lateral movement risks demand stronger defenses. |
||
|
21.9.25 |
PyPI invalidates tokens stolen in GhostAction supply chain attack |
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish malware. |
||
|
21.9.25 |
WatchGuard warns of critical vulnerability in Firebox firewalls |
WatchGuard has released security updates to address a remote code execution vulnerability impacting the company's Firebox firewalls. |
||
|
21.9.25 |
Google patches sixth Chrome zero-day exploited in attacks this year |
Google has released emergency security updates to patch a Chrome zero-day vulnerability, the sixth one tagged as exploited in attacks since the start of the year. |
||
|
21.9.25 |
ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks |
The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens. |
||
|
21.9.25 |
VC giant Insight Partners warns thousands after ransomware breach |
New York-based venture capital and private equity firm Insight Partners is notifying thousands of individuals whose personal information was stolen in a ransomware attack. |
||
|
21.9.25 |
Microsoft reminded customers again this week that Office 2016 and Office 2019 will reach the end of extended support in less than 30 days, on October 14, 2025. |
|||
|
20.9.25 |
Microsoft: Office 2016 and Office 2019 reach end of support next month |
Microsoft reminded customers again this week that Office 2016 and Office 2019 will reach the end of extended support in less than 30 days, on October 14, 2025. |
||
|
20.9.25 |
From ClickFix to MetaStealer: Dissecting Evolving Threat Actor Techniques |
ClickFix isn't just back—it's mutating. New variants use fake CAPTCHAs, File Explorer tricks & MSI lures to drop MetaStealer. Stay ahead with Huntress' Tradecraft Tuesday threat briefings. |
||
|
20.9.25 |
Microsoft and Cloudflare disrupt massive RaccoonO365 phishing service |
Microsoft and Cloudflare have disrupted a massive Phishing-as-a-Service (PhaaS) operation, known as RaccoonO365, that helped cybercriminals steal thousands of Microsoft 365 credentials. |
||
|
20.9.25 |
BreachForums hacking forum admin resentenced to three years in prison |
Conor Brian Fitzpatrick, the 22-year-old behind the notorious BreachForums hacking forum, was resentenced today to three years in prison after a federal appeals court overturned his prior sentence of time served and 20 years of supervised release. |
||
|
20.9.25 |
Google nukes 224 Android malware apps behind massive ad fraud campaign |
A massive Android ad fraud operation dubbed "SlopAds" was disrupted after 224 malicious applications on Google Play were used to generate 2.3 billion ad requests per day. |
||
|
20.9.25 |
Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated worm-style campaign dubbed 'Shai-Hulud' started yesterday with the compromise of the @ctrl/tinycolor npm package, and has now expanded to CrowdStrike's npm namespace. |
|||
|
20.9.25 |
Microsoft: WMIC will be removed after Windows 11 25H2 upgrade |
Microsoft has announced that the Windows Management Instrumentation Command-line (WMIC) tool will be removed after upgrading to Windows 11 25H2 and later. |
||
|
20.9.25 |
Jaguar Land Rover extends shutdown after cyberattack by another week |
Jaguar Land Rover (JLR) announced today that it will extend the production shutdown for another week, following a devastating cyberattack that impacted its systems at the end of August. |
||
|
20.9.25 |
Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that was exploited in "extremely sophisticated" attacks |
|||
|
20.9.25 |
New FileFix attack uses steganography to drop StealC malware |
A newly discovered FileFix social engineering attack impersonates Meta account suspension warnings to trick users into unknowingly installing the StealC infostealer malware. |
||
|
20.9.25 |
Google confirms fraudulent account created in law enforcement portal |
Google has confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) platform that law enforcement uses to submit official data requests to the company |
||
|
20.9.25 |
FinWise insider breach impacts 689K American First Finance customers |
FinWise Bank is warning on behalf of corporate customers that it suffered a data breach after a former employee accessed sensitive files after the end of their employment. |
||
|
20.9.25 |
Self-replicating Shai-hulud worm spreads token-stealing malware on npm |
RL researchers have detected the first self-replicating worm compromising popular npm packages with cloud token-stealing malware. |
||
|
20.9.25 |
RL discovered how the crypto contracts were abused — and how this incident is tied to a larger campaign to promote malicious packages on top repositories. |
|||
|
20.9.25 |
|
The emerging group demonstrates competent tradecraft using a familiar ransomware playbook and hints of ingenuity |
||
|
20.9.25 |
CountLoader: Silent Push Discovers New Malware Loader Being Served in 3 Different Versions |
Silent Push has discovered a new malware loader that is strongly associated with Russian ransomware gangs that we are naming: “CountLoader.” |
||
|
20.9.25 |
The Silent Push platform is capable of powerful queries for threat hunting and preemptive discovery of malicious infrastructure. Our team uses this platform every day to proactively hunt and discover infrastructure for our customers, enabling blocking and discovery of threats before they are fully operationalized. |
|||
|
20.9.25 |
The Week in Vulnerabilities: 1000+ Bugs with 135 Publicly Known PoCs |
This week, critical vulnerabilities in Apple, Zimbra, Samsung, and Adobe demand urgent attention as exploits surface in the wild and underground communities weaponize flaws. |
||
|
20.9.25 |
Ransomware Landscape August 2025: Qilin Dominates as Sinobi Emerges |
Qilin led in ransomware attacks in all global regions in August, but the rapid rise of Sinobi and The Gentlemen also merits attention by security teams. |
||
|
20.9.25 |
Inside Maranhão Stealer: Node.js-Powered InfoStealer Using Reflective DLL Injection |
Vulnerabilities in SAP, Sophos, Adobe and Android were among the fixes issued by vendors during a very busy Patch Tuesday week. |
||
|
20.9.25 |
DeerStealer Malware Campaign: Stealth, Persistence, and Rootkit-Like Capabilities |
Executive Summary At CYFIRMA, we are dedicated to providing current insights into prevalent threats and the strategies employed by malicious entities targeting both organizations |
||
|
20.9.25 |
EXECUTIVE SUMMARY Between May and August 2025, CYFIRMA observed sustained cyber operations against the global defence sector, driven by both state-aligned groups and |
|||
|
20.9.25 |
EXECUTIVE SUMMARY Cyfirma’s threat intelligence assessment of XillenStealer identifies it as an open-source, Python-based information stealer publicly available on GitHub. The malware is designed to harvest sensitive system and user… |
|||
|
20.9.25 |
DIGITAL FRONTLINES : INDIA UNDER MULTI-NATION HACKTIVIST ATTACK |
DIGITAL FRONTLINES : INDIA UNDER MULTI-NATION HACKTIVIST ATTACK EXECUTIVE SUMMARY At CYFIRMA, we are committed to offering up-to-date insights into prevalent threats and tactics |
||
|
20.9.25 |
A massive surge in scans targeting Cisco Adaptive Security Appliance (ASA) devices was observed by GreyNoise in late August 2025, with over 25,000 unique IPs probing ASA login portals in a single burst. |
|||
|
20.9.25 |
Going Underground: China-aligned TA415 Conducts U.S.-China Economic Relations Targeting Using VS Code Remote Tunnels |
Throughout July and August 2025, TA415 conducted spearphishing campaigns targeting United States government, think tank, and academic organizations utilizing U.S.-China economic-themed lures. |
||
|
20.9.25 |
EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks |
Combining AI-generated code and social engineering, EvilAI operators are executing a rapidly expanding campaign, disguising their malware as legitimate applications to bypass security, steal credentials, and persistently compromise organizations worldwide. |
||
|
20.9.25 |
Trend™ Research outlines the critical details behind the ongoing NPM supply chain attack and offers essential steps to stay protected against potential compromise. |
|||
|
20.9.25 |
How AI-Native Development Platforms Enable Fake Captcha Pages |
Cybercriminals are abusing AI-native platforms like Vercel, Netlify, and Lovable to host fake captcha pages that deceive users, bypass detection, and drive phishing campaigns. |
||
|
20.9.25 |
Critical ViewState Deserialization Zero-Day in Sitecore (CVE-2025-53690) |
The SonicWall Capture Labs threat research team identified CVE-2025-53690 and assessed its impact. Sitecore is a widely used digital experience platform (DXP) that provides content management, personalization and e-commerce capabilities for enterprises. |
||
|
20.9.25 |
The Risks of Code Assistant LLMs: Harmful Content, Misuse and Deception |
We recently looked into AI code assistants that connect with integrated development environments (IDEs) as a plugin, much like GitHub Copilot. |
||
|
20.9.25 |
Myth Busting: Why "Innocent Clicks" Don't Exist in Cybersecurity |
Picture this: You snag the last spot in a parking lot and find the QR code to pay on the lamppost directly in front of you. Score! You go to pay on the website, but wait…the page is full of ads and looks very suspicious. |
||
|
20.9.25 |
"Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated September 19) |
Palo Alto Networks Unit 42 is investigating an active and widespread software supply chain attack targeting the Node Package Manager (npm) ecosystem. |
||
|
20.9.25 |
Check Point Research conducted a forensic analysis of a ClickFix campaign that lured victims with fake job offers that resulted in an eight-day intrusion. |
|||
|
20.9.25 |
Why a Cisco Talos Incident Response Retainer is a game-changer |
With a Cisco Talos IR Retainer, your organization can stay resilient and ahead of tomorrow's threats. Here's how. |
||
|
20.9.25 |
Put together an IR playbook — for your personal mental health and wellbeing |
This edition pulls the curtain aside to show the realities of the VPN Filter campaign. Joe reflects on the struggle to prevent burnout in a world constantly on fire. |
||
|
20.9.25 |
Discover how a Cisco Talos Incident Response expert transitioned from philosophy to the high-stakes world of incident command, offering candid insights into managing burnout and finding a supportive team. |
|||
|
20.9.25 |
The Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) helps organizations assess and improve their threat intelligence programs by outlining 11 key areas and specific missions where CTI can support decision-making. |
|||
|
20.9.25 |
Thor examines why supply chain and identity attacks took center stage in this week’s headlines, rather than AI and ransomware. |
|||
|
20.9.25 |
Microsoft Patch Tuesday for September 2025 – Snort rules and prominent vulnerabilities |
Microsoft has released its monthly security update for September 2025, which includes 86 vulnerabilities affecting a range of products. |
||
|
20.9.25 |
||||
|
20.9.25 |
Small businesses, big targets: Protecting your business against ransomware |
|||
|
20.9.25 |
||||
|
20.9.25 |
The August 2025 edition of the Advanced Research Center Dark Web Roast delivers a masterclass in how not to run a criminal enterprise, showcasing threat actors who've somehow managed to combine the worst aspects of amateur hour operations with delusions of professional grandeur. |
|||
|
20.9.25 |
LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer |
LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS users through fake GitHub repositories that distribute malware-laced programs |
||
|
20.9.25 |
Researchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell |
Cybersecurity researchers have discovered what they say is the earliest example known to date of a malware with that bakes in Large Language Model (LLM) capabilities. The malware has |
||
|
20.9.25 |
ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent |
Cybersecurity researchers have disclosed a zero-click flaw in OpenAI ChatGPT's Deep Research agent that could allow an attacker to leak sensitive Gmail inbox data with a single crafted email |
||
|
20.9.25 |
UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware |
An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 |
||
|
20.9.25 |
SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers |
A proxy network known as REM Proxy is powered by malware known as SystemBC , offering about 80% of the botnet to its users, according to new findings from the Black Lotus Labs team |
||
|
20.9.25 |
Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability |
Fortra has disclosed details of a critical security flaw in GoAnywhere Managed File Transfer (MFT) software that could result in the execution of arbitrary commands. The vulnerability, |
||
|
20.9.25 |
17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge |
The phishing-as-a-service (PhaaS) offering known as Lighthouse and Lucid has been linked to more than 17,500 phishing domains targeting 316 brands from 74 countries. "Phishing-as-a- |
||
|
19.9.25 |
Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine |
Cybersecurity researchers have discerned evidence of two Russian hacking groups Gamaredon and Turla collaborating together to target and co-comprise Ukrainian entities. Slovak |
||
|
19.9.25 |
U.K. Arrests Two Teen Scattered Spider Hackers Linked to August 2024 TfL Cyber Attack |
Law enforcement authorities in the U.K. have arrested two teen members of the Scattered Spider hacking group in connection with their alleged participation in an August 2024 cyber |
||
|
19.9.25 |
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of two sets of malware that were discovered in an unnamed organization's network following |
||
|
18.9.25 |
SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers |
SonicWall is urging customers to reset credentials after their firewall configuration backup files were exposed in a security breach impacting MySonicWall accounts. The company said it |
||
|
18.9.25 |
CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader |
Cybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to deliver post-exploitation tools like |
||
|
18.9.25 |
SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers |
Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on |
||
|
18.9.25 |
New Phoenix attack bypasses Rowhammer defenses in DDR5 memory |
Academic researchers have devised a new variant of Rowhammer attacks that bypass the latest protection mechanisms on DDR5 memory chips from SK Hynix. |
||
|
18.9.25 |
Microsoft: Exchange 2016 and 2019 reach end of support in 30 days |
Microsoft has reminded administrators again that Exchange 2016 and Exchange 2019 will reach the end of extended support next month and has provided guidance for decommissioning outdated servers. |
||
|
18.9.25 |
Microsoft to force install the Microsoft 365 Copilot app in October |
Next month, Microsoft will begin automatically installing the Microsoft 365 Copilot app on Windows devices outside the European Economic Area (EEA) region that have the Microsoft 365 desktop client apps. |
||
|
18.9.25 |
Stop waiting on NVD — get real-time vulnerability alerts now |
Vulnerabilities are discovered daily—but not every alert matters. SecAlerts pulls from 100+ sources for faster, real-time vuln alerts, filtering the noise so teams can patch quicker and stay secure. |
||
|
18.9.25 |
Microsoft fixes Windows 11 audio issues confirmed in December |
Microsoft has removed a safeguard hold that prevented some users from upgrading their systems to Windows 11 24H2 due to compatibility issues that were causing Bluetooth headsets and speakers to malfunction. |
||
|
18.9.25 |
Microsoft has confirmed that the September 2025 Windows security updates are causing connection issues to Server Message Block (SMB) v1 shares. |
|||
|
18.9.25 |
FBI warns of UNC6040, UNC6395 hackers stealing Salesforce data |
The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations' Salesforce environments to steal data and extort victims. |
||
|
18.9.25 |
New VoidProxy phishing service targets Microsoft 365, Google accounts |
A newly discovered phishing-as-a-service (PhaaS) platform, named VoidProxy, targets Microsoft 365 and Google accounts, including those protected by third-party single sign-on (SSO) providers such as Okta. |
||
|
18.9.25 |
On Friday, Microsoft reminded customers once again that Windows 10 will reach its end of support in 30 days, on October 14. |
|||
|
18.9.25 |
'WhiteCobra' floods VSCode market with crypto-stealing extensions |
A threat actor named WhiteCobra has targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. |
||
|
18.9.25 |
A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious application on the EFI System Partition. |
|||
|
18.9.25 |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers exploiting a critical remote code execution flaw in DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution from French company Dassault Systèmes. |
|||
|
18.9.25 |
Windows 11 23H2 Home and Pro reach end of support in 60 days |
Microsoft has reminded customers today that devices running Home and Pro editions of Windows 11 23H2 will stop receiving updates in November. |
||
|
18.9.25 |
When cyberattacks hit, every second counts. Survival depends on three essentials: clarity to see what's happening, control to contain it, and a lifeline to recover fast. Learn from Acronis TRU how MSPs and IT teams can prepare now for the difference between recovery and catastrophe. |
|||
|
18.9.25 |
Man gets over 4 years in prison for selling unreleased movies |
A Tennessee court has sentenced a Memphis man who worked for a DVD and Blu-ray manufacturing and distribution company to 57 months in prison for stealing and selling digital copies of unreleased movies. |
||
|
18.9.25 |
Samsung patches actively exploited zero-day reported by WhatsApp |
Samsung has patched a remote code execution vulnerability that was exploited in zero-day attacks targeting its Android devices. |
||
|
18.9.25 |
Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions |
Google on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been exploited in the wild. The zero-day |
||
|
18.9.25 |
TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks |
The threat actor known as TA558 has been attributed to a fresh set of attacks delivering various remote access trojans (RATs) like Venom RAT to breach hotels in Brazil and Spanish-speaking |
||
|
18.9.25 |
Chinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy Experts |
A China-aligned threat actor known as TA415 has been attributed to spear-phishing campaigns targeting the U.S. government, think tanks, and academic organizations utilizing U.S.-China |
||
|
17.9.25 |
Akira Ransomware Group Utilizing SonicWall Devices for Initial Access |
In August 2024, SonicWall published a security advisory for CVE SNWLID-2024-0015, which was related to improper access control vulnerability for SSLVPN affecting Gen5, Gen6, and Gen7 firewall appliances. |
||
|
17.9.25 |
Threat Spotlight: ShinyHunters Targets Salesforce Amid Clues of Scattered Spider Collaboration |
In our original investigation posted on August 12, 2025, ReliaQuest predicted that the Scattered Spider hacking collective, linked to ShinyHunters, would soon shift their focus to the financial sector. |
||
|
17.9.25 |
Throughout July and August 2025, TA415 conducted spearphishing campaigns targeting United States government, think tank, and academic organizations utilizing U.S.-China economic-themed lures. |
|||
|
17.9.25 |
From Quantum Hacks to AI Defenses – Expert Guide to Building Unbreakable Cyber Resilience |
Quantum computing and AI working together will bring incredible opportunities. Together, the technologies will help us extend innovation further and faster than |
||
|
17.9.25 |
Chinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy Experts |
A China-aligned threat actor known as TA415 has been attributed to spear-phishing campaigns targeting the U.S. government, think tanks, and academic organizations |
||
|
17.9.25 |
Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims |
Cybersecurity researchers have tied a fresh round of cyber attacks targeting financial services to the notorious cybercrime group known as Scattered Spider , |
||
|
17.9.25 |
Microsoft seizes 338 websites to disrupt rapidly growing ‘RaccoonO365’ phishing service |
Microsoft’s Digital Crimes Unit (DCU) has disrupted RaccoonO365, the fastest-growing tool used by cybercriminals to steal Microsoft 365 usernames and passwords (“credentials”). |
||
|
17.9.25 |
DOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAM |
The U.S. Department of Justice (DoJ) on Tuesday resentenced the former administrator of BreachForums to three years in prison in connection with his role in |
||
|
17.9.25 |
RaccoonO365 Phishing Network Dismantled as Microsoft, Cloudflare Take Down 338 Domains |
Microsoft's Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365 , a financially motivated threat group |
||
|
16.9.25 |
Popular Tinycolor npm Package Compromised in Supply Chain Attack Affecting 40+ Packages |
Malicious update to @ctrl/tinycolor on npm is part of a supply-chain attack hitting 40+ packages across maintainers |
||
|
16.9.25 |
Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover |
Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in |
||
|
16.9.25 |
SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids |
A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps , collectively attracting 38 million downloads across 228 countries and |
||
|
16.9.25 |
New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site |
Cybersecurity researchers have warned of a new campaign that's leveraging a variant of the FileFix social engineering tactic to deliver the StealC information |
||
|
16.9.25 |
Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack |
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 |
||
|
16.9.25 |
Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds |
A team of academics from ETH Zürich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 (DDR5) memory chips from |
||
|
16.9.25 |
40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials |
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to |
||
|
16.9.25 |
Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs |
The China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously |
||
|
15.9.25 |
AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns |
A new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package |
||
|
15.9.25 |
HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks |
Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute malware. "The |
||
|
14.9.25 |
Microsoft fixes Exchange Online outage affecting users worldwide |
Microsoft says that it has mitigated an Exchange Online outage affecting customers worldwide, which blocked their access to emails and calendars. |
||
|
14.9.25 |
U.S. Senator accuses Microsoft of “gross cybersecurity negligence” |
U.S. Senator Ron Wyden has sent a letter to the Federal Trade Commission (FTC) requesting the agency to investigate Microsoft for failing to provide adequate security in its products, which led to ransomware attacks against healthcare organizations. |
||
|
14.9.25 |
Apple warned customers last week that their devices were targeted in a new series of spyware attacks, according to the French national Computer Emergency Response Team (CERT-FR). |
|||
|
14.9.25 |
Panama Ministry of Economy discloses breach claimed by INC ransomware |
Panama's Ministry of Economy and Finance (MEF) has disclosed that one of its computers may have been compromised in a cyberattack. |
||
|
14.9.25 |
Microsoft adds malicious link warnings to Teams private chats |
Microsoft Teams will automatically alert users when they send or receive a private message containing links that are tagged as malicious. |
||
|
14.9.25 |
Akira ransomware exploiting critical SonicWall SSLVPN bug again |
The Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to gain unauthorized access to SonicWall devices. |
||
|
14.9.25 |
New VMScape attack breaks guest-host isolation on AMD, Intel CPUs |
A new Spectre-like attack dubbed VMScape allows a malicious virtual machine (VM) to leak cryptographic keys from an unmodified QEMU hypervisor process running on modern AMD or Intel CPUs. |
||
|
14.9.25 |
A DDoS mitigation service provider in Europe was targeted in a massive distributed denial-of-service attack that reached 1.5 billion packets per second. |
|||
|
14.9.25 |
Hackers left empty-handed after massive NPM supply-chain attack |
The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but attackers made little profit off it. |
||
|
14.9.25 |
Pixel 10 fights AI fakes with new Android photo verification tech |
Google is integrating C2PA Content Credentials into the Pixel 10 camera and Google Photos, to help users distinguish between authentic, unaltered images and those generated or edited with artificial intelligence technology. |
||
|
14.9.25 |
Cursor AI editor lets repos “autorun” malicious code on devices |
A weakness in the Cursor code editor exposes developers to the risk of automatically executing tasks in a malicious repository as soon as it's opened. |
||
|
14.9.25 |
Jaguar Land Rover confirms data theft after recent cyberattack |
Jaguar Land Rover (JLR) confirmed today that attackers also stole "some data" during a recent cyberattack that forced it to shut down systems and instruct staff not to report to work. |
||
|
14.9.25 |
Microsoft fixes streaming issues triggered by Windows updates |
Microsoft has resolved severe lag and stuttering issues with streaming software affecting Windows 10 and Windows 11 systems after installing the August 2025 security updates. |
||
|
14.9.25 |
Microsoft fixes app install issues caused by August Windows updates |
Microsoft has fixed a known issue caused by the August 2025 security updates, which triggers unexpected User Account Control (UAC) prompts and app installation problems for non-admin users on all Windows versions. |
||
|
14.9.25 |
U.S. sanctions cyber scammers who stole billions from Americans |
The U.S. Department of the Treasury has sanctioned several large networks of cyber scam operations in Southeast Asia, which stole over $10 billion from Americans last year. |
||
|
14.9.25 |
A threat actor targeting exposed Docker APIs has updated its malicious tooling with more dangerous functionality that could lay the foundation for a complex botnet. |
|||
|
14.9.25 |
Microsoft has released the KB5065429 cumulative update for Windows 10 22H2 and Windows 10 21H2, with fourteen fixes or changes, including fixes for unexpected UAC prompts and severe lag and stuttering issues with NDI streaming software. |
|||
|
14.9.25 |
Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days |
Today is Microsoft's September 2025 Patch Tuesday, which includes security updates for 81 flaws, including two publicly disclosed zero-day vulnerabilities. |
||
|
13.9.25 |
FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks |
The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked |
||
|
13.9.25 |
Windows 11 KB5065426 & KB5065431 cumulative updates released |
Microsoft has released Windows 11 KB5065426 and KB5065431 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. |
||
|
13.9.25 |
Kosovo hacker pleads guilty to running BlackDB cybercrime marketplace |
Kosovo national Liridon Masurica has pleaded guilty to running BlackDB.cc, a cybercrime marketplace that has been active since 2018. |
||
|
13.9.25 |
US charges admin of LockerGoga, MegaCortex, Nefilim ransomware |
The U.S. Department of Justice has charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his role as the administrator of the LockerGoga, MegaCortex, and Nefilim ransomware operations. |
||
|
13.9.25 |
Adobe patches critical SessionReaper flaw in Magento eCommerce platform |
Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of " the most severe" flaws in the history of the product. |
||
|
13.9.25 |
How External Attack Surface Management helps enterprises manage cyber risk |
Shadow assets don't care about your perimeter. EASM finds every internet-facing asset, surfaces unknowns, and prioritizes real risks—so you can fix exposures before attackers do. See how Outpost24 makes it easy. |
||
|
13.9.25 |
Microsoft: Anti-spam bug blocks links in Exchange Online, Teams |
Microsoft is working to resolve a known issue that causes an anti-spam service to mistakenly block Exchange Online and Microsoft Teams users from opening URLs and quarantine some of their emails. |
||
|
13.9.25 |
SAP has addressed 21 new vulnerabilities affecting its products, including three critical severity issues impacting the NetWeaver software solution. |
|||
|
13.9.25 |
Microsoft testing new AI features in Windows 11 File Explorer |
Microsoft is testing new File Explorer AI-powered features that will enable Windows 11 users to work with images and documents without needing to open the files. |
||
|
13.9.25 |
Media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal customer authentication data from one of its databases. |
|||
|
13.9.25 |
Surge in networks scans targeting Cisco ASA devices raise concerns |
Large network scans have been targeting Cisco ASA devices, prompting warnings from cybersecurity researchers that it could indicate an upcoming flaw in the products. |
||
|
13.9.25 |
Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack |
A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. |
||
|
13.9.25 |
Signal has introduced a new opt-in feature that helps users create end-to-end encrypted backups of their chats, allowing them to restore messages even if their phones are damaged or lost. |
|||
|
13.9.25 |
American furniture brand Lovesac is warning that it suffered a data breach impacting an undisclosed number of individuals, stating their personal data was exposed in a cybersecurity incident. |
|||
|
13.9.25 |
Sports streaming piracy service with 123M yearly visits shut down |
Calcio, a large piracy sports streaming platform with more than 120 million visits in the past year, was shut down following a collaborative effort by the Alliance for Creativity and Entertainment (ACE) and DAZN. |
||
|
13.9.25 |
Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack |
In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack. |
||
|
13.9.25 |
Salesloft: March GitHub repo breach led to Salesforce data theft attacks |
Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in widespread Salesforce data theft attacks in August. |
||
|
13.9.25 |
Action1 vs. Microsoft WSUS: A Better Approach to Modern Patch Management |
With WSUS deprecated, it's time to move from an outdated legacy patching system to a modern one. Learn from Action1 how its modern patching platform offers cloud-native speed, 3rd-party coverage, real-time compliance, and zero infrastructure. Try it free now! |
||
|
13.9.25 |
This blog post was the final deliverable for a summer internship project, which was completed under the direction of the Volexity Threat Intelligence team. If you’d like more information about |
|||
|
13.9.25 |
SEO Poisoning Attack Targets Chinese-Speaking Users with Fake Software Sites |
FortiGuard Labs uncovered an SEO poisoning campaign targeting Chinese users with fake software sites delivering Hiddengh0st and Winos malware. |
||
|
13.9.25 |
FortiGuard Labs uncovers MostereRAT’s use of phishing, EPL code, and remote access tools like AnyDesk and TightVNC to evade defenses and seize full system control. |
|||
|
13.9.25 |
The Silent Push platform is capable of powerful queries for threat hunting and preemptive discovery of malicious infrastructure. Our team uses this platform every day to proactively hunt and discover infrastructure for our customers, enabling blocking and discovery of threats before they are fully operationalized. |
|||
|
13.9.25 |
It’s extremely rare for our team to publicly share details on how we found the technical fingerprints for an Advanced Persistent Threat (APT) group. We are making these details public now due to our belief that these are legacy fingerprints unlikely to appear again. |
|||
|
13.9.25 |
ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) |
In a recent investigation, Mandiant Threat Defense discovered an active ViewState deserialization attack affecting Sitecore deployments leveraging a sample machine key that had been exposed in Sitecore deployment guides from 2017 and earlier. An attacker leveraged the exposed ASP.NET machine key to perform remote code execution. |
||
|
13.9.25 |
The Week in Vulnerabilities: ‘Patch Tuesday’ Yields 1,200 New Flaws |
Vulnerabilities in SAP, Sophos, Adobe and Android were among the fixes issued by vendors during a very busy Patch Tuesday week. |
||
|
13.9.25 |
ASD’s ACSC warns of active CVE-2024-40766 exploits in SonicWall SSL VPNs, allowing unauthorized access and firewall crashes across multiple device generations. |
|||
|
13.9.25 |
Canadian Government’s IT Arm Flags Digital Risks, Cyber Threats, and Strategic Priorities |
Shared Services Canada urges IT modernization as it blocks 6.5T cyber threats yearly, highlighting urgent cybersecurity needs across federal systems. |
||
|
13.9.25 |
LunoBotnet: A Self-Healing Linux Botnet with Modular DDoS and Cryptojacking Capabilities |
LunoBotnet is an actively evolving Linux botnet combining crypto-mining and DDoS with modular updates and monetization. |
||
|
13.9.25 |
International Guidance Promotes SBOM Adoption to Enhance Software Supply Chain Security |
New global SBOM guidance aims to boost software supply chain security, enhance transparency, and improve vulnerability and risk management across industries. |
||
|
13.9.25 |
EXECUTIVE SUMMARY In Aug 2025, ransomware activity remained elevated with 522 global victims, a slight decline from July but still far above 2023–2024 levels. Professional services, consumer services, and manufacturing… |
|||
|
13.9.25 |
Deconstructing a Cyber Deception: An Analysis of the Clickfix HijackLoader Phishing Campaign |
Table of Contents Introduction The Evolving Threat of Attack Loaders Objective of This Blog Technical Methodology and Analysis Initial Access and Social Engineering Multi-Stage Obfuscation and De-obfuscation Anti-Analysis Techniques The Final Payload Conclusion IOCs Quick Heal \ Seqrite Protection ... |
||
|
13.9.25 |
Echoleak- Send a prompt , extract secret from Copilot AI!( CVE-2025-32711) |
Introduction: What if your Al assistant wasn’t just helping you – but quietly helping someone else too? A recent zero-click exploit known as EchoLeak revealed how Microsoft 365 Copilot could be manipulated to exfiltrate sensitive information – without the... |
||
|
13.9.25 |
Table of Content: Introduction Infection Chain Process Tree Campaign 1: – Persistence – BATCH files – PowerShell script – Loader – Xworm/Remcos Campaign 2 Conclusion IOCS Detections MITRE ATTACK TTPs Introduction: Recent threat campaigns have revealed an evolving use... |
|||
|
13.9.25 |
SAP NetWeaver Metadata Uploader Vulnerability (CVE-2025-31324) |
Executive Summary CVE-2025-31324 is a critical remote code execution (RCE) vulnerability affecting the SAP NetWeaver Development Server, one of the core components used in enterprise environments for application development and integration. The vulnerability stems from improper validation of uploaded... |
||
|
13.9.25 |
The Rise of SBOM Requirements In Cybersecurity Guidelines and Laws |
Software bills of materials (SBOMs) have been around for years, but they’re historically ill defined, hard to generate, update, and use. So most organizations don’t. |
||
|
13.9.25 |
Golden Dome Requires Firmware Bills of Materials, SBOMs, and Other Supply Chain Security Measures |
In May, 2025 the U.S. Secretary of Defense announced support for the Golden Dome for America (GDA). The project is a next-generation missile defense shield to be integrated with existing U.S. air and missile defense systems. |
||
|
13.9.25 |
Securing Higher Education: Top College Switches from Abnormal to Proofpoint |
When you represent a historic educational institution with a reputation to protect, you can’t afford gaps in email security. This is the reality for many higher education security teams. It was also the case for one liberal arts college on the East Coast that recently made the switch from Abnormal AI to Proofpoint’s API-deployed Core Email Protection. |
||
|
13.9.25 |
Insider Threats Unfold in Two Ways—With Impact or Intervention |
Every insider threat has a cause, whether it’s a lapse in judgment or rushed mistake, growing resentment, a change in ideology, or desire for personal gain. Left unchecked, these small cracks can widen into corporate crises that make headlines. |
||
|
13.9.25 |
The SonicWall Capture Labs threat research team became aware of the threat CVE-2023-34468, assessed its impact and developed mitigation measures for this vulnerability. |
|||
|
13.9.25 |
Microsoft’s September 2025 Patch Tuesday has 81 vulnerabilities, of which 38 are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of September 2025 and has produced coverage for seven of the reported vulnerabilities. |
|||
|
13.9.25 |
Trusted Connections, Hidden Risks: Token Management in the Third-Party Supply Chain |
You are about to log off for the weekend when a high-severity alert flashes on your cloud security tool’s dashboard. A single, unfamiliar OAuth token is making hundreds of connections from three different IP addresses, two of which are flagged as belonging to an unknown VPN service. |
||
|
13.9.25 |
AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks |
In early May 2025, Unit 42 researchers observed that AdaptixC2 was used to infect several systems. |
||
|
13.9.25 |
Data Is the New Diamond: Latest Moves by Hackers and Defenders |
There have been several notable developments in recent weeks related to data theft activity from cybercriminals targeting Salesforce instances, including via the Salesloft Drift supply chain attack detailed in a recent Unit 42 Threat Brief. |
||
|
13.9.25 |
First observed on September 5, Yurei is a newly emerged ransomware group that targeted a Sri Lankan food manufacturing company as its first leaked victim. The group follows a double-extortion model: they encrypt the victim’s files and exfiltrate sensitive data, and then demand a ransom payment to decrypt and refrain from publishingthe stolen information. |
|||
|
13.9.25 |
Stopping ransomware before it starts: Lessons from Cisco Talos Incident Response |
Explore lessons learned from over two years of Talos IR pre-ransomware engagements, highlighting the key security measures, indicators and recommendations that have proven effective in stopping ransomware attacks before they begin. |
||
|
13.9.25 |
Thor examines why supply chain and identity attacks took center stage in this week’s headlines, rather than AI and ransomware. |
|||
|
13.9.25 |
The Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) helps organizations assess and improve their threat intelligence programs by outlining 11 key areas and specific missions where CTI can support decision-making. |
|||
|
13.9.25 |
Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass |
UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal |
||
|
13.9.25 |
Are cybercriminals hacking your systems – or just logging in? |
|||
|
13.9.25 |
Preventing business disruption and building cyber-resilience with MDR |
|||
|
13.9.25 |
Behind the Mask of Madgicx Plus: A Chrome Extension Campaign Targeting Meta Advertisers |
In this Threat Analysis Report, Cybereason analyzes an investigation into a new malicious Chrome extension campaign |
||
|
13.9.25 |
Silent Pivot: Detecting Fileless Lateral Movement via Service Manager with Trellix NDR |
The tactics of cyber adversaries continue to evolve as they attempt to bypass security vendors. |
||
|
12.9.25 |
Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks |
Samsung has released its monthly security updates for Android, including a fix for a security vulnerability that it said has been exploited in zero-day attacks. The |
||
|
12.9.25 |
Apple Warns French Users of Fourth Spyware Campaign in 2025, CERT-FR Confirms |
Apple has notified users in France of a spyware campaign targeting their devices, according to the Computer Emergency Response Team of France (CERT-FR). The |
||
|
12.9.25 |
iCloud Calendar abused to send phishing emails from Apple’s servers |
iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple's email servers, making them more likely to bypass spam filters to land in targets' inboxes. |
||
|
12.9.25 |
Czech cyber agency warns against Chinese tech in critical infrastructure |
The Czech Republic's National Cyber and Information Security Agency (NUKIB) is instructing critical infrastructure organizations in the country to avoid using Chinese technology or transferring user data to servers located in China. |
||
|
12.9.25 |
VirusTotal finds hidden malware phishing campaign in SVG files |
VirusTotal has discovered a phishing campaign hidden in SVG files that create convincing portals impersonating Colombia's judicial system that deliver malware. |
||
|
12.9.25 |
AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack |
Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked. |
||
|
12.9.25 |
Microsoft now enforces MFA on Azure Portal sign-ins for all tenants |
Microsoft says it has been enforcing multifactor authentication (MFA) for Azure Portal sign-ins across all tenants since March 2025. |
||
|
12.9.25 |
ealthsimple, a leading Canadian online investment management service, has disclosed a data breach after attackers stole the personal data of an undisclosed number of customers in a recent incident. |
|||
|
12.9.25 |
An Argo CD vulnerability allows API tokens with even low project-level get permissions to access API endpoints and retrieve all repository credentials associated with the project. |
|||
|
12.9.25 |
Don’t let outdated IGA hold back your security, compliance, and growth |
Identity Governance & Administration (IGA) is critical to keeping data secure, ensuring only the right people have access to the right resources. But legacy IGA is slow, costly, and code-heavy. |
||
|
12.9.25 |
A critical SAP S/4HANA code injection vulnerability is being leveraged in attacks in the wild to breach exposed servers, researchers warn. |
|||
|
12.9.25 |
New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit |
Cybersecurity researchers have discovered a new ransomware strain dubbed HybridPetya that resembles the notorious Petya / NotPetya malware, while also |
||
|
12.9.25 |
Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso |
||
|
12.9.25 |
Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories |
A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted |
||
|
12.9.25 |
Google Pixel 10 Adds C2PA Support to Verify AI-Generated Media Authenticity |
Google on Tuesday announced that its new Google Pixel 10 phones support the Coalition for Content Provenance and Authenticity (C2PA) standard out of the box |
||
|
12.9.25 |
Senator Wyden Urges FTC to Probe Microsoft for Ransomware-Linked Cybersecurity Negligence |
U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to probe Microsoft and hold it responsible for what he called "gross cybersecurity |
||
|
11.9.25 |
SonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware Hackers |
Threat actors affiliated with the Akira ransomware group have continued to target SonicWall devices for initial access. |
||
|
11.9.25 |
Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts |
Cybersecurity researchers have disclosed two new campaigns that are serving fake browser extensions using malicious ads and fake websites to steal sensitive data. |
||
|
11.9.25 |
AsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and Crypto |
Cybersecurity researchers have disclosed details of a new campaign that leverages ConnectWise ScreenConnect, a legitimate Remote Monitoring and Management |
||
|
11.9.25 |
Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems |
An advanced persistent threat (APT) group from China has been attributed to the compromise of a Philippines-based military company using a previously |
||
|
10.9.25 |
BitUnlocker: Leveraging Windows Recovery to Extract BitLocker Secrets |
In Windows, the cornerstone of data protection is BitLocker, a Full Volume Encryption technology designed to secure sensitive data on disk. This ensures that even if an adversary gains physical access to the device, the data remains secure and inaccessible. |
||
|
10.9.25 |
Memory Integrity Enforcement: A complete vision for memory safety in Apple devices |
Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort, spanning half a decade, that combines the unique strengths of Apple silicon hardware with our advanced operating system security to provide industry-first, |
||
|
10.9.25 |
Committee Statement on Ongoing PRC Cyber-Espionage Targeting U.S. Trade Policy Stakeholders |
WASHINGTON, D.C. — The House Select Committee on China is alerting the public to an ongoing series of highly targeted cyber-espionage campaigns that we have concluded are linked to the Chinese Communist Party. |
||
|
10.9.25 |
Threat Spotlight: Speed, Scale, and Stealth: How Axios Powers Automated Phishing |
Axios user agent activity surged 241% from June to August 2025, dwarfing the 85% growth of all other flagged user agents combined. |
||
|
10.9.25 |
CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems |
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access |
||
|
10.9.25 |
Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs |
Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release. |
||
|
10.9.25 |
Apple iPhone Air and iPhone 17 Feature A19 Chips With Spyware-Resistant Memory Safety |
Apple on Tuesday revealed a new security feature called Memory Integrity Enforcement (MIE) that's built into its newly introduced iPhone models, including iPhone 17 and iPhone Air. |
||
|
10.9.25 |
China-Linked APT41 Hackers Target U.S. Trade Officials Amid 2025 Negotiations |
The House Select Committee on China has formally issued an advisory warning of an "ongoing" series of highly targeted cyber espionage campaigns linked to the |
||
|
10.9.25 |
Watch Out for Salty2FA: New Phishing Kit Targeting US and EU Enterprises |
Phishing-as-a-Service (PhaaS) platforms keep evolving, giving attackers faster and cheaper ways to break into corporate accounts. Now, researchers at ANY.RUN has |
||
|
10.9.25 |
Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts |
Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take |
||
|
10.9.25 |
SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws |
SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code |
||
|
10.9.25 |
Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks |
Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft's Direct Send feature to form a "highly efficient attack pipeline" in recent |
||
|
9.9.25 |
RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities |
A new Android malware called RatOn has evolved from a basic tool capable of conducting Near Field Communication ( NFC ) relay attacks to a sophisticated |
||
|
9.9.25 |
From MostereRAT to ClickFix: New Malware Campaigns Highlight Rising AI and Phishing Risks |
Cybersecurity researchers have disclosed details of a phishing campaign that delivers a stealthy banking malware-turned-remote access trojan called |
||
|
9.9.25 |
TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs |
Cybersecurity researchers have discovered a variant of a recently disclosed campaign that abuses the TOR network for cryptojacking attacks targeting exposed |
||
|
9.9.25 |
20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack |
Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer's account was compromised in a phishing attack. The |
||
|
9.9.25 |
45 Previously Unreported Domains Expose Longstanding Salt Typhoon Cyber Espionage |
Threat hunters have discovered a set of previously unreported domains, some going back to May 2020, that are associated with China-linked threat actors Salt Typhoon |
||
|
9.9.25 |
GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies |
Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account. Google-owned Mandiant, which began an |
||
|
9.9.25 |
GPUGate Malware Uses Google Ads and Fake GitHub Commits to Target IT Firms |
Cybersecurity researchers have detailed a new sophisticated malware campaign that leverages paid ads on search engines like Google to deliver malware to |
||
|
7.9.25 |
Amazon’s threat intelligence team has identified and disrupted a watering hole campaign conducted by APT29 (also known as Midnight Blizzard), a threat actor associated with Russia’s Foreign Intelligence Service (SVR). |
|||
|
7.9.25 |
Bitdefender Labs warns that cybercriminals are doubling down on spreading malware through Meta’s advertising system. |
|||
|
7.9.25 |
Truesec has observed what appears to be a large cybercrime campaign, involving multiple fraudulent websites promoted through a Google advertising campaign. |
|||
|
7.9.25 |
Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign |
A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector in Kazakhstan. The activity, codenamed Operation |
||
|
7.9.25 |
Hackers exploited Sitecore zero-day flaw to deploy backdoors |
Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. |
||
|
7.9.25 |
Texas sues PowerSchool over breach exposing 62M students, 880k Texans |
Texas Attorney General Ken Paxton has filed a lawsuit against education software company PowerSchool, which suffered a massive data breach in December that exposed the personal information of 62 million students, including over 880,000 Texans. |
||
|
7.9.25 |
Chess.com discloses recent data breach via file transfer app |
Chess.com has disclosed a data breach after threat actors gained unauthorized access to a third-party file transfer application used by the platform. |
||
|
7.9.25 |
New TP-Link zero-day surfaces as CISA warns other flaws are exploited |
TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as CISA warns that other router flaws have been exploited in attacks. |
||
|
7.9.25 |
France slaps Google with €325M fine for violating cookie regulations |
The French data protection authority has fined Google €325 million ($378 million) for violating cookie regulations and displaying ads between Gmail users' emails without their consent. |
||
|
7.9.25 |
6 browser-based attacks all security teams should be ready for in 2025 |
The browser is now the frontline for cyberattacks. From phishing kits and ClickFix lures to malicious OAuth apps and extensions, attackers are targeting the very place your employees access business-critical apps. Push Security explains how to defend where breaches begin. |
||
|
7.9.25 |
Tire giant Bridgestone confirms cyberattack impacts manufacturing |
Car tire giant Bridgestone confirms it is investigating a cyberattack that impacts the operation of some manufacturing facilities in North America. |
||
|
7.9.25 |
Microsoft says recent Windows updates cause app install issues |
Microsoft says the August 2025 security updates are triggering unexpected User Account Control (UAC) prompts and app installation issues for non-admin users across all supported Windows versions. |
||
|
7.9.25 |
Threat actors are using Grok, X's built-in AI assistant, to bypass link posting restrictions that the platform introduced to reduce malicious advertising. |
|||
|
7.9.25 |
US offers $10 million bounty for info on Russian FSB hackers |
The U.S. Department of State is offering a reward of up to $10 million for information on three Russian Federal Security Service (FSB) officers involved in cyberattacks targeting U.S. critical infrastructure organizations on behalf of the Russian government. |
||
|
7.9.25 |
Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws |
Hackers are increasingly using a new AI-powered offensive security framework called HexStrike-AI in real attacks to exploit newly disclosed n-day flaws. |
||
|
7.9.25 |
US sues robot toy maker for exposing children's data to Chinese devs |
The U.S. Department of Justice has sued toy maker Apitor Technology for allegedly allowing a Chinese third party to collect children's geolocation data without their knowledge and parental consent. |
||
|
7.9.25 |
Police disrupts Streameast, largest pirated sports streaming network |
The Alliance for Creativity and Entertainment (ACE) and Egyptian authorities have shut down Streameast, the world's largest illegal live sports streaming network, and arrested two people allegedly associated with the operation. |
||
|
6.9.25 |
SaaS giant Workiva discloses data breach after Salesforce attack |
Workiva, a leading cloud-based SaaS (Software as a Service) provider, notified its customers that attackers who gained access to a third-party customer relationship management (CRM) system stole some of their data. |
||
|
6.9.25 |
Google fixes actively exploited Android flaws in September update |
Google has released the September 2025 security update for Android devices, addressing a total of 84 vulnerabilities, including two actively exploited flaws. |
||
|
6.9.25 |
Disney to pay $10M to settle claims it collected kids’ data on YouTube |
Disney will pay $10 million to settle claims by the U.S. Federal Trade Commission that it mislabeled videos for children on YouTube, which allowed the collection of kids' personal information without their consent or notification to their parents. |
||
|
6.9.25 |
They know where you are: Cybersecurity and the shadow world of geolocation |
Geolocation is the invisible attack vector. From Stuxnet to today's APTs, malware now lies dormant until it hits the right place—turning location data into a weapon. Acronis' TRU explains why defenses must evolve beyond VPNs and perimeter controls. |
||
|
6.9.25 |
Hackers tried to steal $130 million from Evertec's Brazilian subsidiary Sinqia S.A.after gaining unauthorized access to its environment on the central bank's real-time payment system (Pix). |
|||
|
6.9.25 |
Cloudflare hit by data breach in Salesloft Drift supply chain attack |
Cloudflare is the latest company impacted in a recent string of Salesloft Drift breaches, part of a supply-chain attack disclosed last week. |
||
|
6.9.25 |
Cloudflare blocks largest recorded DDoS attack peaking at 11.5 Tbps |
Internet infrastructure company Cloudflare said it recently blocked the largest recorded volumetric distributed denial-of-service (DDoS) attack, which peaked at 11.5 terabits per second (Tbps). |
||
|
6.9.25 |
Jaguar Land Rover says cyberattack ‘severely disrupted’ production |
Jaguar Land Rover (JLR) announced that a cyberattack forced the company to shut down certain systems as part of the mitigation effort. |
||
|
6.9.25 |
Pennsylvania AG Office says ransomware attack behind recent outage |
The Office of the Pennsylvania Attorney General announced that a ransomware attack is behind the ongoing two-week service outage. |
||
|
6.9.25 |
Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys |
A new set of four malicious packages have been discovered in the npm package registry with capabilities to steal cryptocurrency wallet credentials from Ethereum |
||
|
6.9.25 |
Palo Alto Networks data breach exposes customer info, support cases |
Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesloft Drift breach to access its Salesforce instance. |
||
|
6.9.25 |
Zscaler data breach exposes customer info after Salesloft Drift compromise |
Cybersecurity company Zscaler warns it suffered a data breach after threat actors gained access to its Salesforce instance and stole customer information, including the contents of support cases. |
||
|
6.9.25 |
Amazon disrupts Russian APT29 hackers targeting Microsoft 365 |
Researchers have disrupted an operation attributed to Russian state-sponsored threat group Midnight Blizzard, who sought access to Microsoft 365 accounts and data. |
||
|
6.9.25 |
Brokewell Android malware delivered through fake TradingView ads |
Cybercriminals are abusing Meta's advertising platforms with fake offers of a free TradingView Premium app that spreads the Brokewell malware for Android. |
||
|
6.9.25 |
OpenAI releases big upgrade for ChatGPT Codex for agentic coding |
OpenAI has announced a big update for Codex, which is the company's agentic coding tool. |
||
|
6.9.25 |
Anthropic is testing GPT Codex-like Claude Code web app |
|||
|
6.9.25 |
If you use ChatGPT to learn new topics, you might want to try its new flashcard-based quiz feature, which can help you evaluate your progress. |
|||
|
6.9.25 |
OpenAI is working on a new feature called the Thinking effort picker for ChatGPT. |
|||
|
6.9.25 |
TamperedChef infostealer delivered through fraudulent PDF Editor |
Threat actors have been using multiple websites promoted through Google ads to distribute a convincing PDF editing app that delivers an info-stealing malware called TamperedChef. |
||
|
6.9.25 |
Windows 11 KB5064081 update clears up CPU usage metrics in Task Manager |
Microsoft has released the KB5064081 preview cumulative update for Windows 11 24H2, which includes thirty-six new features or changes, with many gradually rolling out. These updates include new Recall features and a new way of displaying CPU usage in Task Manager. |
||
|
6.9.25 |
Microsoft fixes bug behind Windows certificate enrollment errors |
Microsoft has resolved a known issue causing false CertificateServicesClient (CertEnroll) error messages after installing the July 2025 preview and subsequent Windows 11 24H2 updates. |
||
|
6.9.25 |
WhatsApp patches vulnerability exploited in zero-day attacks |
WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks. |
||
|
6.9.25 |
Microsoft to enforce MFA for Azure resource management in October |
Starting in October, Microsoft will enforce multi-factor authentication (MFA) for all Azure resource management actions to protect Azure clients from unauthorized access attempts. |
||
|
6.9.25 |
Microsoft has found no link between the August 2025 KB5063878 security update and customer reports of failure and data corruption issues affecting solid-state drives (SSDs) and hard disk drives (HDDs). |
|||
|
6.9.25 |
Google warns Salesloft breach impacted some Workspace accounts |
Google reports that the Salesloft Drift breach is larger than initially thought, warning that attackers also used stolen OAuth tokens to access Google Workspace email accounts in addition to Salesforce data. |
||
|
6.9.25 |
The U.S. Treasury's Office of Foreign Assets Control (OFAC) has sanctioned two individuals and two companies associated with North Korean IT worker schemes that operate at the expense of American organizations. |
|||
|
6.9.25 |
ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) |
In a recent investigation, Mandiant Threat Defense discovered an active ViewState deserialization attack affecting Sitecore deployments leveraging a sample machine key that had been exposed in Sitecore deployment guides from 2017 and earlier. An attacker leveraged the exposed ASP.NET machine key to perform remote code execution. |
||
|
6.9.25 |
CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation |
Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the discovery of a security flaw |
||
|
6.9.25 |
Security analysts face the constant challenge of gaining immediate and accurate context on IP addresses that pop up during an investigation, to minimize risk and prevent loss. |
|||
|
6.9.25 |
SocGholish, operated by TA569, actually functions as a Malware-as-a-Service (MaaS) vendor, selling access to compromised systems to various financially motivated cybercriminal clients. |
|||
|
6.9.25 |
IP Tagging in Silent Push: VPN, Proxy and Sinkhole Detection |
Silent Push has uncovered a massive Internet Protocol Television (IPTV)-based piracy network that has been active for several years and is currently hosted across more than 1,000 domains and over 10,000 IP addresses. |
||
|
6.9.25 |
Key Findings: Newly released framework called Hexstrike-AI provides threat actors with an orchestration “brain” that ... |
|||
|
6.9.25 |
The Week in Vulnerabilities: Apple, Citrix Flaws Draw Threat Actor Interest |
Several vulnerabilities this week were the focus of intense online discussion and face active exploitation. |
||
|
6.9.25 |
How Chinese State-Sponsored APT Actors Exploit Routers for Stealthy Cyber Espionage |
Chinese state-sponsored APT groups target global telecom, government, and military networks, exploiting router vulnerabilities for stealthy, long-term cyber espionage since 2021. |
||
|
6.9.25 |
Supply Chain Attacks Have Doubled. What’s Driving the Increase? |
Threat actors have been able to access the most sensitive data of suppliers and their customers, serving as a wakeup call for third-party risks. |
||
|
6.9.25 |
Google Salesforce Breach: A Deep dive into the chain and extent of the compromise |
Executive Summary In early June 2025, Google’s corporate Salesforce instance (used to store contact data for small‑ and medium‑sized business clients) was compromised through a sophisticated vishing‑extortion campaign orchestrated by the threat‑group tracked as UNC6040 & UNC6240 (online cybercrime collective known |
||
|
6.9.25 |
Introduction AI-powered malware has become quite a trend now. We have always been discussing how threat actors could perform attacks by leveraging AI models, and here we have a PoC demonstrating exactly that. Although it has not yet been |
|||
|
6.9.25 |
TYPHOON IN THE FIFTH DOMAIN : CHINA’S EVOLVING CYBER STRATEGY |
EXECUTIVE SUMMARY China’s cyber operations have evolved from economic espionage to strategic, politically driven campaigns that pose significant threats to Western critical |
||
|
6.9.25 |
Unmasked: Salat Stealer – A Deep Dive into Its Advanced Persistence Mechanisms and C2 Infrastructure |
EXECUTIVE SUMMARY CYFIRMA has identified Salat Stealer (also known as WEB_RAT), a sophisticated Go-based infostealer targeting Windows systems. The malware exfiltrates browser credentials, cryptocurrency wallet data, and session |
||
|
6.9.25 |
Something that has caught my attention lately, both in the news and from recent leaks of threat actor groups, is that attackers continue to use what works. The technique could be something elaborate or straightforward. |
|||
|
6.9.25 |
Not Safe for Work: Tracking and Investigating Stealerium and Phantom Infostealers |
Proofpoint researchers observed an increase in opportunistic cybercriminals using malware based on Stealerium, an open-source malware that is available “for educational purposes.” |
||
|
6.9.25 |
For CISOs responsible for cyber risk management, these three insights will help build a strong and reliable foundation for your proactive security strategy. |
|||
|
6.9.25 |
An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps |
Trend™ Research analyzed a campaign distributing Atomic macOS Stealer (AMOS), a malware family targeting macOS users. Attackers disguise the malware as “cracked” versions of legitimate apps, luring users into installation. |
||
|
6.9.25 |
This week, the SonicWall Capture Labs threat research team analyzed a sample of LummaC, a prolific infostealer. The multi-stage infection uses a combination of techniques to avoid detection, create persistence, and exfiltrate data using encryption and network methods. It is also built to resist analysis, with layers of obfuscation and code traps designed to break tools. |
|||
|
6.9.25 |
The SonicWall Capture Labs threat research team became aware of the threat CVE-2023-34468, assessed its impact and developed mitigation measures for this vulnerability. |
|||
|
6.9.25 |
Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances |
Unit 42 has observed activity consistent with a specific threat actor campaign leveraging the Salesloft Drift integration to compromise customer Salesforce instances. This brief provides information about our observations and guidance for potentially affected organizations. |
||
|
6.9.25 |
Model Namespace Reuse: An AI Supply-Chain Attack Exploiting Model Name Trust |
Our research uncovered a fundamental flaw in the AI supply chain that allows attackers to gain Remote Code Execution (RCE) and additional capabilities on major platforms like Microsoft’s Azure AI Foundry, Google’s Vertex AI and thousands of open-source projects. We refer to this issue as Model Namespace Reuse. |
||
|
6.9.25 |
Under lock and key: Safeguarding business data with encryption |
|
||
|
6.9.25 |
GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes |
|||
|
6.9.25 |
A wave of active exploitation is targeting recently disclosed vulnerabilities in Microsoft SharePoint Server (CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771). Collectively referred to as ToolShell, these vulnerabilities impact self-hosted SharePoint Server 2016, 2019, and Subscription Edition, enabling unauthenticated remote code execution and security bypasses. |
|||
|
6.9.25 |
XWorm’s Evolving Infection Chain: From Predictable to Deceptive |
The Trellix Advanced Research Center has uncovered a new XWorm backdoor campaign using evolved deployment methods. Unlike previous versions, this campaign employs sophisticated, deceptive techniques to bypass detection. Moving beyond simple email attacks, it now uses authentic-looking .exe filenames and blends social engineering with technical attack vectors. |
||
|
5.9.25 |
TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations |
The threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan known as |
||
|
5.9.25 |
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild |
A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild. The |
||
|
5.9.25 |
VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages |
Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics (SVG) files as part of phishing attacks impersonating the Colombian judicial system. |
||
|
5.9.25 |
Russian APT28 Deploys "NotDoor" Outlook Backdoor Against Companies in NATO Countries |
The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple |
||
|
5.9.25 |
GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module |
Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 |
||
|
4.9.25 |
Cybercriminals Exploit X's Grok AI to Bypass Ad Protections and Spread Malware to Millions |
Cybersecurity researchers have flagged a new technique that cybercriminals have adopted to bypass social media platform X's malvertising protections and |
||
|
4.9.25 |
Google Fined $379 Million by French Regulator for Cookie Consent Violations |
The French data protection authority has fined Google and Chinese e-commerce giant Shein $379 million (€325 million) and $175 million (€150 million), respectively, |
||
|
4.9.25 |
CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to its Known Exploited |
||
|
4.9.25 |
Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers |
Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry |
||
|
4.9.25 |
Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure |
Threat actors are attempting to leverage a newly released artificial intelligence (AI) offensive security tool called HexStrike AI to exploit recently disclosed security |
||
|
4.9.25 |
Android Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under Attack |
Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two |
||
|
4.9.25 |
Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting Diplomats |
An Iran-nexus group has been linked to a "coordinated" and "multi-wave" spear-phishing campaign targeting the embassies and consulates in Europe and other |
||
|
4.9.25 |
Weaponized GenAI + Extortion-First Strategies Fueling a New Age of Ransomware |
Trends and insights based on expert analysis of public leak sites, ransomware samples and attack data. |
||
|
4.9.25 |
Cloudflare on Tuesday said it automatically mitigated a record-setting volumetric distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second |
|||
|
4.9.25 |
CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ranger Extender |
||
|
4.9.25 |
Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations |
Salesloft on Tuesday announced that it's taking Drift temporarily offline "in the very near future," as multiple companies have been ensnared in a far-reaching supply |
||
|
4.9.25 |
Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE |
The North Korea-linked threat actor known as the Lazarus Group has been attributed to a social engineering campaign that distributes three different pieces of |
||
|
4.9.25 |
Researchers Warn of MystRodX Backdoor Using DNS and ICMP Triggers for Stealthy Control |
Cybersecurity researchers have disclosed a stealthy new backdoor called MystRodX that comes with a variety of features to capture sensitive data from compromised |
||
|
2.9.25 |
Shadow AI Discovery: A Critical Part of Enterprise AI Governance |
The Harsh Truths of AI Adoption MITs State of AI in Business report revealed that while 40% of organizations have purchased enterprise LLM subscriptions, over 90% |
||
|
2.9.25 |
Ukrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP Devices |
Cybersecurity researchers have flagged a Ukrainian IP network for engaging in massive brute-force and password spraying campaigns targeting SSL VPN and RDP |
||
|
2.9.25 |
Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware |
The threat actor known as Silver Fox has been attributed to abuse of a previously unknown vulnerable driver associated with WatchDog Anti-malware as part of a |
||
|
2.9.25 |
Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets |
Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency |
||
|
2.9.25 |
Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans |
Cybersecurity researchers are calling attention to a new shift in the Android malware landscape where dropper apps, which are typically used to deliver banking |
||
|
2.9.25 |
ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics |
Cybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft (aka APT37) to deliver a |
||
|
|
|
|
|
|