2025 January(178) February(102) March(349) April(412) May(435) June(471) July(395) August(189) September(431) October(0) November(0) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
|
31.8.25 |
Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling |
Cybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed an open-source endpoint monitoring and digital forensic tool |
||
|
31.8.25 |
Google shares workarounds for auth failures on ChromeOS devices |
Google is working to resolve authentication failures preventing users from signing into their Clever and ClassLink accounts on some ChromeOS devices. |
||
|
31.8.25 |
Malware devs abuse Anthropic’s Claude AI to build ransomware |
Anthropic's Claude Code large language model has been abused by threat actors who used it in data extortion campaigns and to develop ransomware packages. |
||
|
31.8.25 |
Passwordstate dev urges users to patch auth bypass vulnerability |
Click Studios, the company behind the Passwordstate enterprise-grade password manager, has warned customers to patch a high-severity authentication bypass vulnerability as soon as possible. |
||
|
31.8.25 |
Police seize VerifTools fake ID marketplace servers, domains |
The FBI and the Dutch Police have shut down the VerifTools marketplace for fraudulent identity documents after seizing servers in Amsterdam that hosted the online operation. |
||
|
31.8.25 |
MathWorks, a leading developer of mathematical simulation and computing software, revealed that a ransomware gang stole the data of over 10,000 people after breaching its network in April. |
|||
|
31.8.25 |
Shadow IT isn't theoretical—it's everywhere. Intruder uncovered exposed backups, open Git repos, and admin panels in just days, all hiding sensitive data. Make your hidden assets visible before attackers do. |
|||
|
31.8.25 |
TransUnion suffers data breach impacting over 4.4 million people |
Consumer credit reporting giant TransUnion warns it suffered a data breach exposing the personal information of over 4.4 million people in the United States, with BleepingComputer learning the data was stolen from it's Salesforce account. |
||
|
31.8.25 |
Microsoft warns that a threat actor tracked as Storm-0501 has evolved its operations, shifting away from encrypting devices with ransomware to focusing on cloud-based encryption, data theft, and extortion. |
|||
|
31.8.25 |
Experimental PromptLock ransomware uses AI to encrypt, steal data |
Threat researchers discovered the first AI-powered ransomware, called PromptLock, that uses Lua scripts to steal and encrypt data on Windows, macOS, and Linux systems. |
||
|
31.8.25 |
The Sangoma FreePBX Security Team is warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with the Administrator Control Panel (ACP) is exposed to the internet. |
|||
|
31.8.25 |
IT system supplier cyberattack impacts 200 municipalities in Sweden |
A cyberattack on Miljödata, an IT systems supplier for roughly 80% of Sweden's municipal systems, has caused accessibility problems in more than 200 regions of the country. |
||
|
31.8.25 |
Global Salt Typhoon hacking campaigns linked to Chinese tech firms |
The U.S. National Security Agency (NSA), the UK's National Cyber Security Centre (NCSC), and partners from over a dozen countries have linked the Salt Typhoon global hacking campaigns to three China-based technology firms. |
||
|
31.8.25 |
Over 28,000 Citrix devices vulnerable to new exploited RCE flaw |
More than 28,200 Citrix instances are vulnerable to a critical remote code execution vulnerability tracked as CVE-2025-7775 that is already being exploited in the wild. |
||
|
31.8.25 |
Why zero trust is never 'done' and is an ever-evolving process |
Zero trust isn't a project you finish—it's a cycle that keeps evolving. From supply chain exploits to policy drift, resilience requires continuous testing and adaptation. Learn how Specops Software supports this journey with tools that make it easier. |
||
|
30.8.25 |
Healthcare Services Group data breach impacts 624,000 people |
The Healthcare Services Group (HSGI) is alerting more than 600,000 individuals that their personal information was exposed in a security breach last year. |
||
|
30.8.25 |
Google to verify all Android devs to protect users from malware |
Google is introducing a new defense for Android called 'Developer Verification' to block malware installations from sideloaded apps sourced from outside the official Google Play app store. |
||
|
30.8.25 |
Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks |
Citrix fixed three NetScaler ADC and NetScaler Gateway flaws today, including a critical remote code execution flaw tracked as CVE-2025-7775 that was actively exploited in attacks as a zero-day vulnerability. |
||
|
30.8.25 |
Mustang Panda hackers hijack network captive portals in diplomat attacks |
State-sponsored hackers linked to the Mustang Panda activity cluster targeted diplomats by hijacking web traffic to redirect to a malware serving website. |
||
|
30.8.25 |
Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks |
Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. The ShinyHunters extortion group claims responsibility for these additional Salesforce attacks |
||
|
30.8.25 |
Nevada closes state offices as cyberattack disrupts IT systems |
Nevada remains two days into a cyberattack that began early Sunday, disrupting government websites, phone systems, and online platforms, and forcing all state offices to close on Monday. |
||
|
30.8.25 |
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of hackers exploiting an arbitrary code execution flaw in the Git distributed version control system. |
|||
|
30.8.25 |
Beyond GDPR security training: Turning regulation into opportunity |
Discover how GDPR compliance can spark real growth and give you a competitive advantage with practical strategies and a strong security culture. |
||
|
30.8.25 |
Nissan confirms design studio data breach claimed by Qilin ransomware |
Nissan Japan has confirmed to BleepingComputer that it suffered a data breach following unauthorized access to a server of one of its subsidiaries, Creative Box Inc. (CBI) |
||
|
30.8.25 |
Surge in coordinated scans targets Microsoft RDP auth servers |
Internet intelligence firm GreyNoise reports that it has recorded a significant spike in scanning activity consisting of nearly 1,971 IP addresses probing Microsoft Remote Desktop Web Access and RDP Web Client authentication portals in unison, suggesting a coordinated reconnaissance campaign. |
||
|
30.8.25 |
Researchers have developed a novel attack that steals user data by injecting malicious prompts in images processed by AI systems before delivering them to a large language model. |
|||
|
30.8.25 |
Farmers Insurance data breach impacts 1.1M people after Salesforce attack |
U.S. insurance giant Farmers Insurance has disclosed a data breach impacting 1.1 million customers, with BleepingComputer learning that the data was stolen in the widespread Salesforce attacks. |
||
|
30.8.25 |
Auchan retailer data breach impacts hundreds of thousands of customers |
French retailer Auchan is informing that some sensitive data associated with loyalty accounts of several hundred thousand of its customers was exposed in a cyberattack. |
||
|
30.8.25 |
Malicious Android apps with 19M installs removed from Google Play |
Seventy-seven malicious Android apps containing different types of malware were found on Google Play after being downloaded more than 19 million times. |
||
|
30.8.25 |
Critical Docker Desktop flaw lets attackers hijack Windows hosts |
A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. |
||
|
30.8.25 |
Malware persistence keeps attackers in your systems long after reboots or resets. Wazuh helps detect and block hidden techniques like scheduled tasks, startup scripts, and modified system files—before they turn into long-term compromise. |
|||
|
30.8.25 |
New Android malware poses as antivirus from Russian intelligence agency |
A new Android malware posing as an antivirus tool software created by Russia's Federal Security Services agency (FSB) is being used to target executives of Russian businesses. |
||
|
30.8.25 |
FTC warns tech giants not to bow to foreign pressure on encryption |
The Federal Trade Commission (FTC) is warning major U.S. tech companies against yielding to foreign government demands that weaken data security, compromise encryption, or impose censorship on their platforms. |
||
|
30.8.25 |
Microsoft is working to resolve an Exchange Online issue causing email access problems for Outlook mobile users who use Hybrid Modern Authentication (HMA). |
|||
|
30.8.25 |
Murky Panda hackers exploit cloud trust to hack downstream customers |
A Chinese state-sponsored hacking group known as Murky Panda (Silk Typhoon) exploits trusted relationships in cloud environments to gain initial access to the networks and data of downstream customers. |
||
|
30.8.25 |
APT36 hackers abuse Linux .desktop files to install malware in new attacks |
The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India. |
||
|
30.8.25 |
Fake Mac fixes trick users into installing new Shamos infostealer |
A new infostealer malware targeting Mac devices, called 'Shamos,' is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes. |
||
|
30.8.25 |
Microsoft: August Windows updates cause severe streaming issues |
Microsoft has confirmed that the August 2025 security updates are causing severe lag and stuttering issues with NDI streaming software on some Windows 10 and Windows 11 systems. |
||
|
30.8.25 |
Massive anti-cybercrime operation leads to over 1,200 arrests in Africa |
Law enforcement authorities in Africa have arrested over 1,200 suspects as part of 'Operation Serengeti 2.0,' an INTERPOL-led international crackdown targeting cross-border cybercriminal gangs. |
||
|
30.8.25 |
WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices |
WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with |
||
|
30.8.25 |
Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution |
Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure and remote code |
||
|
30.8.25 |
Loophole allows threat actors to claim VS Code extension names |
RL has discovered a loophole on VS Code Marketplace that allows threat actors to reuse legitimate, removed package names for malicious purposes. |
||
|
30.8.25 |
FortiGuard Labs uncovers a phishing campaign using fake emails and UpCrypter malware to deliver RATs like PureHVNC and DCRat across industries. |
|||
|
30.8.25 |
Malicious Screen Connect Campaign Abuses AI-Themed Lures for Xworm Delivery |
During a recent Advanced Continual Threat Hunt (ACTH) investigation, the Trustwave SpiderLabs Threat Hunt team identified a deceptive campaign that abused fake AI-themed content to lure users into executing a malicious, pre-configured ScreenConnect installer. |
||
|
30.8.25 |
Unraveling Phishing Campaigns Flagged by Trustwave’s URL Scanner |
In recent months, Trustwave SpiderLabs, A LevelBlue Company, saw a significant increase in phishing URLs containing familiar patterns, similar phishing templates, and a resurgence in the use of email marketing platforms. |
||
|
30.8.25 |
Learn about INC and Lynx, two highly successful RaaS groups that share similar tactics and procedures, including a potential connection through shared code. |
|||
|
30.8.25 |
|
An actor tracked as UNC6395 stole OAuth tokens from the Salesloft Drift app and leveraged them for widespread data theft. |
||
|
30.8.25 |
|
In March 2025, Google Threat Intelligence Group (GTIG) identified a complex, multifaceted campaign attributed to the PRC-nexus threat actor UNC6384. The campaign targeted diplomats in Southeast Asia and other entities globally. GTIG assesses this was likely in support of cyber espionage operations aligned with the strategic interests of the People's Republic of China (PRC). |
||
|
30.8.25 |
Australia and New Zealand Threat Landscape in H1 2025 is Worrying, but has a Silver-Lining |
The ransomware threats “Down Under” doubled in the first six months of the year as compared to the last year. |
||
|
30.8.25 |
SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh |
Executive Summary Cyble Research and Intelligence Labs (CRIL) has uncovered an ongoing Android malware tracker named “SikkahBot,” active since July 2024 and explicitly targeting students in Bangladesh. |
||
|
30.8.25 |
Australia faces a surge in AI-driven cyberattacks and supply chain vulnerabilities, with one cyberattack per second and over 1,100 data breaches reported in 2024. |
|||
|
30.8.25 |
The Week in Vulnerabilities: Threat Actors Claim Exploits, Zero Days |
Cyble has detected new attack campaigns and threat actors claiming to offer vulnerability exploits and zero days for sale on the dark web. |
||
|
30.8.25 |
Operation HanKook Phantom: North Korean APT37 targeting South Korea |
Table of Contents: Introduction Threat Profile Infection Chain Campaign-1 Analysis of Decoy: Technical Analysis Fingerprint of ROKRAT’s Malware Campaign-2 Analysis of Decoy Technical analysis Detailed analysis of Decoded tony31.dat Conclusion Seqrite Protections MITRE Att&ck |
||
|
30.8.25 |
WinRAR Directory Traversal & NTFS ADS Vulnerabilities (CVE-2025-6218 & CVE-2025-8088) |
Executive Summary Two high-severity vulnerabilities in WinRAR for Windows — CVE-2025-6218 and CVE-2025-8088 — allow attackers to write files outside the intended extraction directory. CVE-2025-6218 involves traditional path traversal, while CVE-2025-8088 extends the attack using NTFS Alternate Data Streams.. |
||
|
30.8.25 |
EXECUTIVE SUMMARY Cyfirma’s threat intelligence assessment reveals Inf0s3c Stealer, a Python-based grabber designed to collect system information and user data. The executable |
|||
|
30.8.25 |
EXECUTIVE SUMMARY At CYFIRMA, we are dedicated to providing timely intelligence on emerging cyber threats and adversarial tactics that target both individuals and organizations. |
|||
|
30.8.25 |
CVE-2025-8671 – HTTP/2 MadeYouReset Vulnerability DDoS Attack |
EXECUTIVE SUMMARY CVE-2025-8671, dubbed "MadeYouReset", is a newly disclosed HTTP/2 denial-of-service (DoS) vulnerability identified by researchers at Tel Aviv University an |
||
|
30.8.25 |
The FBI and CISA, along with a coalition of other international cybersecurity agencies, have released a new Cybersecurity Advisory, CSA AA25-239A, about Salt Typhoon and other Chinese State-Sponsored Advanced Persistent Threat (APT) groups. |
|||
|
30.8.25 |
The European Union’s Cyber Resilience Act (CRA), Regulation (EU), 2024/2847, “aims to safeguard consumers and businesses” from risks introduced through the digital supply chain. To satisfy this regulation, countless organizations will have to change how they operate. |
|||
|
30.8.25 |
Cybersecurity Stop of the Month: BEC Attacks Targeting Government Agencies |
Email-based threats against public sector organizations are rising in both scale and complexity. One of the most popular attacks that government finance and procurement teams are targeted with is business email compromise (BEC). |
||
|
30.8.25 |
Large language models (LLMs), such as ChatGPT, Claude, and Gemini, are transforming industries by enabling faster workflows, deeper insights, and smarter tools. Their capabilities are reshaping how we work, communicate, and innovate. |
|||
|
30.8.25 |
Storm-0501’s evolving techniques lead to cloud-based ransomware |
Financially motivated threat actor Storm-0501 has continuously evolved their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures (TTPs). |
||
|
30.8.25 |
Operation Serengeti 2.0: Trend Micro Helps Law Enforcement Fight Cybercrime in Africa |
Operation Serengeti 2.0: With Trend Micro’s support, INTERPOL led a major crackdown across Africa, arresting cybercriminals, dismantling infrastructures, recovering illicit funds, and protecting tens of thousands of victims. |
||
|
30.8.25 |
TAOTH Campaign Exploits End-of-Support Software to Target Traditional Chinese Users and Dissidents |
The TAOTH campaign exploited abandoned software and spear-phishing to deploy multiple malware families, targeting dissidents and other high-value individuals across Eastern Asia. |
||
|
30.8.25 |
Critical RCE Vulnerabilities in Commvault: CVE-2025-57791 & CVE-2025-57790 |
The SonicWall Capture Labs threat research team became aware of a critical chain of remote code execution (RCE) vulnerabilities in Commvault CommServe. |
||
|
30.8.25 |
Heists in the digital world may seem fundamentally different from heists in the physical world, but I see a common tie — financially motivated criminals of all types often use social engineering and intensive reconnaissance to achieve their goals. |
|||
|
30.8.25 |
ZipLine Campaign: A Sophisticated Phishing Attack Targeting US Companies |
Check Point Research has been monitoring a sophisticated social-engineering campaign targeting supply chain–critical manufacturing companies, where attackers leverage legitimate-looking business interactions to stealthily deliver a custom malware implant. |
||
|
30.8.25 |
Check Point Research (CPR) uncovered an ongoing in-the-wild campaign attributed to the Silver Fox APT which involves the abuse of a previously unknown vulnerable driver, amsdk.sys (WatchDog Antimalware, version 1.0.600). |
|||
|
30.8.25 |
This month in security with Tony Anscombe – August 2025 edition |
|||
|
30.8.25 |
Cyberbullying is a fact of life in our digital-centric society, but there are ways to push back |
|||
|
30.8.25 |
First known AI-powered ransomware uncovered by ESET Research |
|||
|
30.8.25 |
August's bug report is here. We break down active threats from Fortinet, Apple, and SAP to help you patch critical zero-days before it's too late. |
|||
|
29.8.25 |
Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authentication |
Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated by the Russia-linked APT29 |
||
|
29.8.25 |
Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaign |
An abandoned update server associated with input method editor (IME) software Sogou Zhuyin was leveraged by threat actors as part of an espionage campaign to |
||
|
29.8.25 |
Click Studios Patches Passwordstate Authentication Bypass Vulnerability in Emergency Access Page |
Click Studios, the developer of enterprise-focused password management solution Passwordstate, said it has released security updates to address an authentication |
||
|
29.8.25 |
FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available |
The Sangoma FreePBX Security Team has issued an advisory warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with an |
||
|
29.8.25 |
Feds Seize $6.4M VerifTools Fake-ID Marketplace, but Operators Relaunch on New Domain |
Authorities from the Netherlands and the United States have announced the dismantling of an illicit marketplace called VerifTools that peddled fraudulent |
||
|
29.8.25 |
Google Warns Salesloft OAuth Breach Extends Beyond Salesforce, Impacting All Integrations |
Google has revealed that the recent wave of attacks targeting Salesforce instances via Salesloft Drift is much broader in scope than previously thought, stating it |
||
|
29.8.25 |
TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies |
Cybersecurity researchers have discovered a cybercrime campaign that's using malvertising tricks to direct victims to fraudulent sites to deliver a new information |
||
|
29.8.25 |
Researchers Find VS Code Flaw Allowing Attackers to Republish Deleted Extensions Under Same Names |
Cybersecurity researchers have discovered a loophole in the Visual Studio Code Marketplace that allows threat actors to reuse names of previously removed |
||
|
28.8.25 |
Salt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations Worldwide |
The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world, including |
||
|
28.8.25 |
Malicious Nx Packages in 's1ngularity' Attack Leaked 2,349 GitHub, Cloud, and AI Credentials |
The maintainers of the nx build system have alerted users to a supply chain attack that allowed attackers to publish malicious versions of the popular npm package |
||
|
28.8.25 |
U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits |
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) announced a fresh round of sanctions against two individuals and two entities for |
||
|
28.8.25 |
Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks |
The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion attacks targeting cloud |
||
|
28.8.25 |
Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model |
Cybersecurity company ESET has disclosed that it discovered an artificial intelligence (AI)-powered ransomware variant codenamed PromptLock . Written in |
||
|
28.8.25 |
Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors |
Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence (AI)-powered chatbot Claude to conduct large- |
||
|
28.8.25 |
ShadowSilk Hits 35 Organizations in Central Asia and APAC Using Telegram Bots |
A threat activity cluster known as ShadowSilk has been attributed to a fresh set of attacks targeting government entities within Central Asia and Asia-Pacific (APAC). |
||
|
27.8.25 |
Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data |
A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift |
||
|
27.8.25 |
Blind Eagle's Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra |
Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025. |
||
|
27.8.25 |
Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775 |
Citrix has released fixes to address three security flaws in NetScaler ADC and NetScaler Gateway, including one that it said has been actively exploited in the wild. |
||
|
27.8.25 |
New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station |
A team of academics has devised a novel attack that can be used to downgrade a 5G connection to a lower generation without relying on a rogue base station (gNB). |
||
|
27.8.25 |
MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers |
Cybersecurity researchers are calling attention to a sophisticated social engineering campaign that's targeting supply chain-critical manufacturing companies with an in- |
||
|
26.8.25 |
ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners |
A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that |
||
|
26.8.25 |
HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands |
Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display |
||
|
26.8.25 |
Google to Verify All Android Developers in 4 Countries to Block Malicious Apps |
Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute their software outside the |
||
|
26.8.25 |
CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws impacting Citrix Session Recording and Git to its Known |
||
|
26.8.25 |
UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats |
A China-nexus threat actor known as UNC6384 has been attributed to a set of attacks targeting diplomats in Southeast Asia and other entities across the globe to |
||
|
26.8.25 |
Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3 |
Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to |
||
|
26.8.25 |
Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads |
Cybersecurity researchers have flagged a new phishing campaign that's using fake voicemails and purchase orders to deliver a malware loader called UpCrypter . The |
||
|
25.8.25 |
Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing |
The advanced persistent threat (APT) actor known as Transparent Tribe has been observed targeting both Windows and BOSS (Bharat Operating System Solutions) |
||
|
25.8.25 |
Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot |
Cybersecurity researchers have discovered a malicious Go module that presents itself as a brute-force tool for SSH but actually contains functionality to discreetly |
||
|
24.8.25 |
FTC warns tech giants not to bow to foreign pressure on encryption |
The Federal Trade Commission (FTC) is warning major U.S. tech companies against yielding to foreign government demands that weaken data security, compromise encryption, or impose censorship on their platforms. |
||
|
24.8.25 |
Microsoft is working to resolve an Exchange Online issue causing email access problems for Outlook mobile users who use Hybrid Modern Authentication (HMA). |
|||
|
24.8.25 |
Murky Panda hackers exploit cloud trust to hack downstream customers |
A Chinese state-sponsored hacking group known as Murky Panda (Silk Typhoon) exploits trusted relationships in cloud environments to gain initial access to the networks and data of downstream customers. |
||
|
24.8.25 |
APT36 hackers abuse Linux .desktop files to install malware in new attacks |
The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India. |
||
|
24.8.25 |
Fake Mac fixes trick users into installing new Shamos infostealer |
A new infostealer malware targeting Mac devices, called 'Shamos,' is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes. |
||
|
24.8.25 |
Microsoft: August Windows updates cause severe streaming issues |
Microsoft has confirmed that the August 2025 security updates are causing severe lag and stuttering issues with NDI streaming software on some Windows 10 and Windows 11 systems. |
||
|
24.8.25 |
Massive anti-cybercrime operation leads to over 1,200 arrests in Africa |
Law enforcement authorities in Africa have arrested over 1,200 suspects as part of 'Operation Serengeti 2.0,' an INTERPOL-led international crackdown targeting cross-border cybercriminal gangs. |
||
|
24.8.25 |
GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets |
Cybersecurity researchers are calling attention to multiple campaigns that leverage known security vulnerabilities and expose Redis servers to various malicious |
||
|
24.8.25 |
DaVita says ransomware gang stole data of nearly 2.7 million people |
Kidney dialysis firm DaVita has confirmed that a ransomware gang that breached its network stole the personal and health information of nearly 2.7 million individuals. |
||
|
24.8.25 |
Dev gets 4 years for creating kill switch on ex-employer's systems |
A software developer has been sentenced to four years in prison for sabotaging his ex-employer's Windows network with custom malware and a kill switch that locked out employees when his account was disabled. |
||
|
24.8.25 |
Colt confirms customer data stolen as Warlock ransomware auctions files |
UK-based telecommunications company Colt Technology Services confirms that customer documentation was stolen as Warlock ransomware gang auctions files. |
||
|
24.8.25 |
Europol has confirmed that a Telegram channel impersonating the agency and offering a $50,000 reward for information on two Qilin ransomware administrators is fake. The impostor later admitted it was created to troll researchers and journalists. |
|||
|
24.8.25 |
Microsoft asks customers for feedback on reported SSD failures |
Microsoft is seeking further information from customers who reported failure and data corruption issues affecting their solid-state drives (SSDs) and hard disk drives (HDDs) after installing the August 2025 security update. |
||
|
24.8.25 |
From hybrid cloud to AI, IT complexity and security risks are accelerating. Certified VMware pros bring clarity and resilience that keep teams ahead. See why CIOs are making certification a workforce strategy with VMUG. |
|||
|
24.8.25 |
FBI warns of Russian hackers exploiting 7-year-old Cisco flaw |
The Federal Bureau of Investigation (FBI) has warned that hackers linked to Russia's Federal Security Service (FSB) are targeting critical infrastructure organizations in attacks exploiting a 7-year-old vulnerability in Cisco devices. |
||
|
24.8.25 |
Scattered Spider hacker gets sentenced to 10 years in prison |
Noah Michael Urban, a key member of the Scattered Spider cybercrime collective, was sentenced to 10 years in prison on Wednesday after pleading guilty to charges of wire fraud and conspiracy in April. |
||
|
24.8.25 |
Orange Belgium discloses data breach impacting 850,000 customers |
Orange Belgium, a subsidiary of telecommunications giant Orange Group, disclosed on Wednesday that attackers who breached its systems in July have stolen the data of approximately 850,000 customers. |
||
|
24.8.25 |
AI website builder Lovable increasingly abused for malicious activity |
Cybercriminals are increasingly abusing the AI-powered Lovable website creation and hosting platform to generate phishing pages, malware-dropping portals, and various fraudulent websites. |
||
|
24.8.25 |
Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an "extremely sophisticated attack." |
|||
|
24.8.25 |
“Rapper Bot” malware seized, alleged developer identified and charged |
The U.S. Department of Justice (DoJ) announced charges against the alleged developer and administrator of the "Rapper Bot" DDoS-for-hire botnet. |
||
|
24.8.25 |
Perplexity’s Comet AI browser tricked into buying fake items online |
A study looking into agentic AI browsers has found that these emerging tools are vulnerable to both new and old schemes that could make them interact with malicious pages and prompts. |
||
|
23.8.25 |
Hackers steal Microsoft logins using legitimate ADFS redirects |
Hackers are using a novel technique that combines legitimate office.com links with Active Directory Federation Services (ADFS) to redirect users to a phishing page that steals Microsoft 365 logins. |
||
|
23.8.25 |
Major password managers can leak logins in clickjacking attacks |
Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details. |
||
|
23.8.25 |
Microsoft is investigating an ongoing issue preventing users across North America from accessing Office.com and the company's Copilot AI-powered assistant. |
|||
|
23.8.25 |
Why email security needs its EDR moment to move beyond prevention |
Email security is stuck where antivirus was a decade ago—focused only on prevention. Learn from Material Security why it's time for an "EDR for email" mindset: visibility, post-compromise controls, and SaaS-wide protection. |
||
|
23.8.25 |
Microsoft reportedly fixing SSD failures caused by Windows updates |
Recently released Windows 11 24H2 updates are reportedly causing data corruption and failure issues for some SSD and HDD models on up-to-date systems. |
||
|
23.8.25 |
Microsoft fixes Windows upgrades failing with 0x8007007F error |
Microsoft has resolved a known issue that caused Windows upgrades to fail with 0x8007007F errors on some Windows 11 and Windows Server systems. |
||
|
23.8.25 |
Microsoft releases emergency updates to fix Windows recovery |
Microsoft has released emergency Windows out-of-band updates to resolve a known issue breaking reset and recovery operations after installing the August 2025 Windows security updates. |
||
|
23.8.25 |
PyPI now blocks domain resurrection attacks used for hijacking accounts |
The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. |
||
|
23.8.25 |
Okta open-sources catalog of Auth0 rules for threat detection |
Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in event logs. |
||
|
23.8.25 |
Microsoft shares workaround for Teams "couldn't connect" error |
Microsoft is resolving a known issue that causes "couldn't connect" errors when launching the Microsoft Teams desktop and web applications. |
||
|
23.8.25 |
Enterprise search and security company Elastic is rejecting reports of a zero-day vulnerability impacting its Defend endpoint detection and response (EDR) product. |
|||
|
23.8.25 |
Pharma firm Inotiv says ransomware attack impacted operations |
American pharmaceutical company Inotiv has disclosed that some of its systems and data have been encrypted in a ransomware attack, impacting the company's business operations. |
||
|
23.8.25 |
Microsoft: August security updates break Windows recovery, reset |
Microsoft has confirmed that the August 2025 Windows security updates are breaking reset and recovery operations on systems running Windows 10 and older versions of Windows 11. |
||
|
23.8.25 |
NY Business Council discloses data breach affecting 47,000 people |
The Business Council of New York State (BCNYS) has revealed that attackers who breached its network in February stole the personal, financial, and health information of over 47,000 individuals. |
||
|
23.8.25 |
Hackers have stolen the personal information of 1.1 million individuals in a Salesforce data theft attack, which impacted U.S. insurance giant Allianz Life in July. |
|||
|
23.8.25 |
XenoRAT malware campaign hits multiple embassies in South Korea |
A state-sponsored espionage campaign is targeting foreign embassies in South Korea to deploy XenoRAT malware from malicious GitHub repositories. |
||
|
23.8.25 |
Nebraska man gets 1 year in prison for $3.5M cryptojacking scheme |
A Nebraska man was sentenced to one year in prison for defrauding cloud computing providers of over $3.5 million to mine cryptocurrency worth nearly $1 million. |
||
|
23.8.25 |
ERMAC Android malware source code leak exposes banking trojan infrastructure |
The source code for version 3 of the ERMAC Android banking trojan has been leaked online, exposing the internals of the malware-as-a-service platform and the operator's infrastructure. |
||
|
23.8.25 |
UK sentences “serial hacker” of 3,000 sites to 20 months in prison |
A 26-year old in the UK who claimed to have hacked thousands of websites was sentenced to 20 months in prison after pleading guilty earlier this year. |
||
|
23.8.25 |
Over 800 N-able servers left unpatched against critical flaws |
Over 800 N-able N-central servers remain unpatched against a pair of critical security vulnerabilities tagged as actively exploited last week. |
||
|
23.8.25 |
Mozilla warns Germany could soon declare ad blockers illegal |
A recent ruling from Germany's Federal Supreme Court (BGH) has revived a legal battle over whether browser-based ad blockers infringe copyright, raising fears about a potential ban of the tools in the country. |
||
|
23.8.25 |
Microsoft: Recent Windows updates may fail to install via WUSA |
Microsoft has mitigated a known issue that caused Windows update failures when installing them from a network share using the Windows Update Standalone Installer (WUSA). |
||
|
23.8.25 |
HR giant Workday discloses data breach after Salesforce attack |
Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platform in a recent social engineering attack. |
||
|
23.8.25 |
U.S. seizes $2.8 million in crypto from Zeppelin ransomware operator |
The U.S. Department of Justice (DoJ) announced the seizure of over $2,800,000 in cryptocurrency from alleged ransomware operator Ianis Aleksandrovich Antropenko. |
||
|
23.8.25 |
Researcher to release exploit for full auth bypass on FortiWeb |
A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attacker to bypass authentication. |
||
|
23.8.25 |
The New Era of Cybercrime in Australia — AI-Powered Attacks and How to Stay Ahead |
AI-driven cyberattacks are rising in Australia, with 50+ threat groups active in 2025 and a 13% spike in major incidents across key sectors. |
||
|
23.8.25 |
Inside the Australian Dark Web: What Hackers Are Selling About Your Business Right Now |
The Australian dark web has evolved into a booming underground economy, with rising ransomware attacks and stolen data traded openly, Cyble reports. |
||
|
23.8.25 |
The Week in Vulnerabilities: Patch Tuesday Yields Hundreds of Vendor Fixes |
Monthly fixes from IT vendors led to hundreds of newly disclosed vulnerabilities in the past week. Here are over a dozen to prioritize |
||
|
23.8.25 |
Ransomware Landscape July 2025: Qilin Stays on Top as New Threats Emerge |
Qilin was the top ransomware group for the third time in four months – but INC and other rivals aren’t standing still. |
||
|
23.8.25 |
The Week in Vulnerabilities: 717 New Cybersecurity Flaws Reported! |
Cyble found 717 new vulnerabilities, including 222 with PoCs and 17 in EOL products, exposing systems to growing cyberattack risks. |
||
|
23.8.25 |
Ransomware surged in H1 2025. Meet CL0P, Akira, and Qilin — the top threat actors behind over 1,000 global attacks reshaping the cybercrime landscape. |
|||
|
23.8.25 |
APT36: Targets Indian BOSS Linux Systems with Weaponized AutoStart Files |
Executive Summary CYFIRMA has identified an ongoing cyber-espionage campaign orchestrated by APT36 (Transparent Tribe), a Pakistan-based threat actor with a sustained focus on Indian Government entities. This operation reflects the… |
||
|
23.8.25 |
Why Do Cyber Threat Actors Target Saudi Arabia? Energy Superpower: As the world's largest oil exporter, any disruption to Saudi energy assets can ripple across global markets, |
|||
|
23.8.25 |
There are many examples online of DIY cyberdecks. These compact, modular builds push the boundaries of portable computing. The goal, at least for me, is to have something portable to run penetration testing hardware and software tools from. |
|||
|
23.8.25 |
We are often asked about the impact of AI on the threat landscape. While we have observed that large language model (LLM) generated emails or scripts have so far had little impact, some AI tools are lowering the barrier for entry for digital crime. Take, for example, services that can create websites in minutes with the help of AI. |
|||
|
23.8.25 |
Proofpoint’s Next Human Factor Report Uncovers New Insights on Phishing and URL-Based Threats |
Proofpoint’s new Human Factor report series is a fresh take on how we share insights about the threat landscape. Instead of long, technical reports, this year we’ve shortened them to make them more actionable. Each volume focuses on a specific threat tactic along with key trends and cybercriminal behaviors, which are observed across Proofpoint’s global threat intelligence and backed by data from more than 3.5 billion emails analyzed daily. |
||
|
23.8.25 |
Think before you Click(Fix): Analyzing the ClickFix social engineering technique |
The ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily. |
||
|
23.8.25 |
New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises |
We uncovered a campaign that makes use of Charon, a new ransomware family, and advanced APT-style techniques to target organizations with customized ransom demands. |
||
|
23.8.25 |
Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware |
Warlock ransomware exploits unpatched Microsoft SharePoint vulnerabilities to gain access, escalate privileges, steal credentials, move laterally, and deploy ransomware with data exfiltration across enterprise environments. |
||
|
23.8.25 |
Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks |
Crypto24 is a ransomware group that stealthily blends legitimate tools with custom malware, using advanced evasion techniques to bypass security and EDR technologies. |
||
|
23.8.25 |
A newly identified .NET-based infostealer, called Chihuahua Stealer, was first observed in April 2025. It has been distributed via malicious documents, often hosted on cloud storage platforms such as Google Drive or OneDrive. |
|||
|
23.8.25 |
Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth |
We have detected a campaign aimed at gaining access to victims’ machines and monetizing access to their bandwidth. It functions by exploiting the CVE-2024-36401 vulnerability in the GeoServer geospatial database. This Critical-severity remote code execution vulnerability has a CVSS score of 9.8. Criminals have used the vulnerability to deploy legitimate software development kits (SDKs) or modified apps to gain passive income via network sharing or residential proxies. |
||
|
23.8.25 |
The rapid expansion of generative AI (GenAI) has led to a diverse set of web-based platforms offering capabilities such as code assistance, natural language generation, chatbot interaction and automated website creation. This article uses insights from our telemetry to show trends in how the GenAI web is evolving. |
|||
|
23.8.25 |
A Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode |
We created an in-depth malware analysis tutorial featuring shellcode generated by a tool named Donut. The tutorial walks through a single infection chain from end to end, starting with a sample, and assuming no prior knowledge of the malware in question. |
||
|
23.8.25 |
New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer |
Unit 42 researchers recently observed a shift in the delivery method in the distribution of DarkCloud Stealer and the obfuscation techniques used to complicate analysis. First seen in early April 2025, these new methods and techniques include an additional infection chain for DarkCloud Stealer. This chain involves obfuscation by ConfuserEx and a final payload written in Visual Basic 6 (VB6). |
||
|
23.8.25 |
Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild |
This article presents our observations of exploit attempts targeting CVE-2025-32433. This vulnerability allows unauthenticated remote code execution (RCE) in the Secure Shell (SSH) daemon (sshd) from certain versions of the Erlang programming language's Open Telecom Platform (OTP). |
||
|
23.8.25 |
When Good Accounts Go Bad: Exploiting Delegated Managed Service Accounts in Active Directory |
BadSuccessor is a critical attack vector that emerged following the release of Windows Server 2025. Under certain conditions, this server version enables users to leverage delegated Managed Service Accounts (dMSAs) to elevate privileges within Active Directory environments running Windows Server 2025. At the time of writing this article, no patch exists for this issue. |
||
|
23.8.25 |
A Russian state-sponsored group, Static Tundra, is exploiting an old Cisco IOS vulnerability to compromise unpatched network devices worldwide, targeting key sectors for intelligence gathering. |
|||
|
23.8.25 |
Amy (ahem, Special Agent Dale Cooper) shares lessons from their trip to the Olympic Peninsula and cybersecurity travel tips for your last-minute adventures. |
|||
|
23.8.25 |
Ransomware attackers continue to primarily target small and medium-sized manufacturing businesses in Japan. |
|||
|
23.8.25 |
Get an inside look at how JJ Cummings helped build and lead one of Cisco Talos’ most impactful security teams, and discover what drives him to stay at the forefront of threat intelligence. |
|||
|
23.8.25 |
"What happens online stays online" and other cyberbullying myths, debunked |
|||
|
23.8.25 |
The need for speed: Why organizations are turning to rapid, trustworthy MDR |
|||
|
23.8.25 |
Investors beware: AI-powered financial scams swamp social media |
|||
|
23.8.25 |
Malicious filename in a RAR archive to silently trigger Bash commands and drop a memory-only Vshell backdoor |
|||
|
23.8.25 |
From ransomware gangs having public meltdowns over affiliate drama to AI-powered malware that needs to phone home for basic instructions, this month's underground activities showcased the perfect blend of criminal ambition and spectacular incompetence that keeps cybersecurity professionals both entertained and employed. |
|||
|
23.8.25 |
The Coordinated Embassy Hunt: Unmasking the DPRK-linked GitHub C2 Espionage Campaign |
The Trellix Advanced Research Center uncovered a sophisticated espionage operation targeting diplomatic missions across several regions in South Korea during early 2025. |
||
|
22.8.25 |
Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection |
Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell . The "Linux- |
||
|
22.8.25 |
Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage |
Cybersecurity researchers are calling attention to malicious activity orchestrated by a China-nexus cyber espionage group known as Murky Panda that involves abusing |
||
|
22.8.25 |
INTERPOL Arrests 1,209 Cybercriminals Across 18 African Nations in Global Crackdown |
INTERPOL on Friday announced that authorities from 18 countries across Africa have arrested 1,209 cybercriminals who targeted 88,000 victims. "The crackdown |
||
|
22.8.25 |
Ex-Developer Jailed Four Years for Sabotaging Ohio Employer with Kill-Switch Malware |
A 55-year-old Chinese national has been sentenced to four years in prison and three years of supervised release for sabotaging his former employer's network with |
||
|
22.8.25 |
Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks |
Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances. The list of |
||
|
22.8.25 |
Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages |
Threat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3. |
||
|
21.8.25 |
Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger |
Cybersecurity researchers have disclosed details of a new malware loader called QuirkyLoader that's being used to deliver via email spam campaigns an array of |
||
|
21.8.25 |
Scattered Spider Hacker Gets 10 Years, $13M Restitution for SIM Swapping Crypto Theft |
A 20-year-old member of the notorious cybercrime gang known as Scattered Spider has been sentenced to ten years in prison in the U.S. in connection with a series of |
||
|
21.8.25 |
Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks |
Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild. The |
||
|
21.8.25 |
DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft |
Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account |
||
|
21.8.25 |
FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage |
A Russian state-sponsored cyber espionage group known as Static Tundra has been observed actively exploiting a seven-year-old security flaw in Cisco IOS and Cisco |
||
|
20.8.25 |
Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts |
Cybersecurity researchers have demonstrated a new prompt injection technique called PromptFix that tricks a generative artificial intelligence (GenAI) model into carrying out intended actions by embedding the malicious instruction inside a fake CAPTCHA check on a web page. |
||
|
20.8.25 |
North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms |
North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between |
||
|
20.8.25 |
DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks |
A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service (DDoS)-for-hire botnet |
||
|
20.8.25 |
Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems |
Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware called DripDropper |
||
|
19.8.25 |
New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code |
Financial institutions like trading and brokerage firms are the target of a new campaign that delivers a previously unreported remote access trojan called GodRAT |
||
|
19.8.25 |
Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution |
A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and |
||
|
19.8.25 |
U.K. Government Drops Apple Encryption Backdoor Order After U.S. Civil Liberties Pushback |
The U.K. government has apparently abandoned its plans to force Apple to weaken encryption protections and include a backdoor that would have enabled access to |
||
|
19.8.25 |
PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks |
The maintainers of the Python Package Index (PyPI) repository have announced that the package manager now checks for expired domains to prevent supply chain |
||
|
19.8.25 |
Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures |
The threat actors behind the Noodlophile malware are leveraging spear-phishing emails and updated delivery mechanisms to deploy the information stealer in |
||
|
19.8.25 |
Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware |
Cybersecurity researchers have lifted the lid on the threat actors' exploitation of a now-patched security flaw in Microsoft Windows to deploy the PipeMagic malware |
||
|
19.8.25 |
Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks |
Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior through a dependency that allows it to establish persistence and achieve code execution. |
||
|
17.8.25 |
|
Check Point Research uncovered six fresh vulnerabilities in Microsoft Windows, including one critical flaw with ... |
||
|
17.8.25 |
|
From critical infrastructure to classrooms, no sector is being spared. In July 2025, cyber attacks ... |
||
|
17.8.25 |
|
One of the most pressing cyber threats businesses face today is the rampant rise in ... |
||
|
17.8.25 |
|
CVE-2025-54136 – MCPoison Key Insights Critical RCE Flaw in Popular AI-powered IDE Check Point Research ... |
||
|
17.8.25 |
A Region-Wise Breakdown of Cyber Threats: What H1 2025 Data Reveals |
The Global Threat Landscape H1 2025 shows rising cyberattacks, with ransomware targeting regions like the U.S., UK, APAC, and MEA based on sectoral weaknesses. |
||
|
17.8.25 |
Ransomware Landscape July 2025: Qilin Stays on Top as New Threats Emerge |
Qilin was the top ransomware group for the third time in four months – but INC and other rivals aren’t standing still. |
||
|
17.8.25 |
Unmasking the SVG Threat: How Hackers Use Vector Graphics for Phishing Attacks |
Introduction In the ever-evolving cybersecurity landscape, attackers constantly seek new ways to bypass traditional defences. One of the latest and most insidious methods involves using Scalable Vector Graphics (SVG)—a file format typically associated with clean, scalable images for websites. |
||
|
17.8.25 |
Spear Phishing Campaign Delivers VIP Keylogger via EMAIL Attachment |
Introduction Earlier this year, we published a white paper detailing the VIP keylogger, a sophisticated malware strain leveraging spear-phishing and steganography to infiltrate victims’ systems. The keylogger is known for its data theft capabilities, particularly targeting web browsers and... |
||
|
17.8.25 |
Operation CargoTalon : UNG0901 Targets Russian Aerospace & Defense Sector using EAGLET implant. |
Contents Introduction Initial Findings Infection Chain. Technical Analysis Stage 0 – Malicious Email File. Stage 1 – Malicious LNK file. Stage 2 – Looking into the decoy file. Stage 3 – Malicious EAGLET implant. Hunting and Infrastructure. Infrastructural details.... |
||
|
17.8.25 |
Android Cryptojacker Disguised as Banking App Exploits Device Lock State |
The global craze around cryptocurrency has fueled both innovation and exploitation. While many legally chase digital gold, cybercriminals hijack devices to mine it covertly. Recently, we encountered a phishing website impersonating a well-known bank, hosting a fake Android app.... |
||
|
17.8.25 |
EXECUTIVE SUMMARY At CYFIRMA, we deliver actionable intelligence on emerging cyber threats impacting both individuals and organizations. This report analyzes a |
|||
|
17.8.25 |
REVENANT : EXECUTIONLESS, SELF-ASSEMBLING THREAT HIDDEN IN SYSTEM ENTROPY |
EXECUTIVE SUMMARY The REVENANT project exposes a multi-stage, execution less attack methodology capable of persisting not only within endpoint and network environments, |
||
|
17.8.25 |
The Lazarus Group is a highly sophisticated, state-sponsored cyber threat group attributed to the North Korean government. They are also known by many other names, including Hidden |
|||
|
17.8.25 |
GREY ZONE WARFARE IN CHINA’S STALLED SOUTH CHINA SEA AMBITIONS |
INTRODUCTION – A DECADE OF AGGRESSION For the past several years, an emboldened China has intensified its aggression in the South China Sea, zeroing in on the |
||
|
17.8.25 |
EXECUTIVE SUMMARY In July 2025, ransomware activity remained high, with major impacts on consumer services, professional services, and manufacturing. Qilin led in volume, |
|||
|
17.8.25 |
FAKE TELEGRAM PREMIUM SITE DISTRIBUTES NEW LUMMA STEALER VARIANT |
Executive Summary CYFIRMA Threat Intelligence has observed an ongoing malicious campaign leveraging the domain ‘telegrampremium[.]app’, which fraudulently mimics the |
||
|
17.8.25 |
APT36: A PHISHING CAMPAIGN TARGETING INDIAN GOVERNMENT ENTITIES |
EXECUTIVE SUMMARY A sophisticated phishing campaign, possibly attributed to Pakistan-linked APT36 (Transparent Tribe) is targeting Indian defense organizations and related |
||
|
17.8.25 |
Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks |
Crypto24 is a ransomware group that stealthily blends legitimate tools with custom malware, using advanced evasion techniques to bypass security and EDR technologies. |
||
|
17.8.25 |
New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises |
We uncovered a campaign that makes use of Charon, a new ransomware family, and advanced APT-style techniques to target organizations with customized ransom demands. |
||
|
17.8.25 |
A regionally targeted PowerShell-based campaign used phishing lures, obfuscation, and RAT delivery to infiltrate Israeli organizations. Learn how the attack chain worked—and how Fortinet blocked it. |
|||
|
17.8.25 |
FortiGuard Labs has uncovered a stealthy new variant of DarkCloud malware that leverages phishing emails, obfuscated JavaScript, PowerShell loaders, and process hollowing to exfiltrate credentials, payment data, and email contacts—all without dropping a file to disk. |
|||
|
17.8.25 |
Malicous Packages Across Open-Source Registries: Detection Statistics and Trends (Q2 2025) |
Malware threats continue to infiltrate open-source software registries. FortiGuard Labs’ Q2 2025 analysis reveals persistent tactics used in malicious NPM and PyPI packages, including credential theft, obfuscation, and install-time payloads. Learn how threat actors exploit OSS and how to stay protected. |
||
|
17.8.25 |
New DoD Cyber Supply Chain Security Guidance from GAO and Secretary of Defense |
The first half of 2025 has seen a flood of new cybersecurity guidance for the U.S. Federal government, and particularly the Department of Defense. |
||
|
17.8.25 |
Eclypsium researchers have discovered vulnerabilities in USB webcams that allow attackers to turn them into BadUSB attack tools. This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system. |
|||
|
17.8.25 |
What the White House’s AI Action Plan Means for Infrastructure and Cybersecurity Leaders |
The White House’s AI Action Plan, titled “Winning the AI Race”, marks a strategic shift in how the U.S. government aims to lead in artificial intelligence while securing its technological foundations. |
||
|
17.8.25 |
GPUHammer Vulnerability: The Security Growing Pains of AI Infrastructure |
The recent disclosure of GPUHammer vulnerabilities targeting NVIDIA GPU memory represents more than just another security flaw—it’s a clear signal that AI infrastructure faces fundamental security challenges that demand immediate attention. |
||
|
17.8.25 |
Project AK47: Uncovering a Link to the SharePoint Vulnerability Attacks |
Unit 42 observed notable overlaps between Microsoft’s reporting on ToolShell activity (an exploit chain affecting SharePoint vulnerabilities) and activity that we have been separately tracking. The activity, which we track as CL-CRI-1040, caught our attention by deploying a tool set that we call Project AK47, which includes a backdoor, ransomware and loaders. |
||
|
17.8.25 |
When Good Accounts Go Bad: Exploiting Delegated Managed Service Accounts in Active Directory |
BadSuccessor is a critical attack vector that emerged following the release of Windows Server 2025. Under certain conditions, this server version enables users to leverage delegated Managed Service Accounts (dMSAs) to elevate privileges within Active Directory environments running Windows Server 2025. At the time of writing this article, no patch exists for this issue. |
||
|
17.8.25 |
New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer |
Unit 42 researchers recently observed a shift in the delivery method in the distribution of DarkCloud Stealer and the obfuscation techniques used to complicate analysis. |
||
|
17.8.25 |
Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild |
This article presents our observations of exploit attempts targeting CVE-2025-32433. This vulnerability allows unauthenticated remote code execution (RCE) in the Secure Shell (SSH) daemon (sshd) from certain versions of the Erlang programming language's Open Telecom Platform (OTP). |
||
|
17.8.25 |
A Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode |
We created an in-depth malware analysis tutorial featuring shellcode generated by a tool named Donut. The tutorial walks through a single infection chain from end to end, starting with a sample, and assuming no prior knowledge of the malware in question. |
||
|
17.8.25 |
Microsoft’s August 2025 Patch Tuesday has 109 vulnerabilities, of which 44 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of August 2025 and has produced coverage for seven of the reported vulnerabilities |
|||
|
17.8.25 |
Android Malware Campaign Mimics Indian Banks to Harvest Financial Credentials |
The SonicWall Capture Labs threat research team has identified an ongoing Android banking malware campaign targeting users of Indian banks. The malware authors are leveraging phishing pages that closely resemble legitimate banking app interfaces by mimicking elements such as logos, layouts and design features to trick users into installing a malicious application. |
||
|
17.8.25 |
Critical Unauthenticated RCE Vulnerability in Cisco ISE (CVE-2025-20281) |
The SonicWall Capture Labs threat research team became aware of a critical remote code execution (RCE) vulnerability in Cisco Identity Services Engine (ISE). |
||
|
17.8.25 |
Docassemble Path-Traversal + SSTI Enables RCE (CVE-2024-27292) |
SonicWall Capture Labs threat research team became aware of the threat CVE-2024-27292, assessed its impact, and developed mitigation measures for this vulnerability. |
||
|
17.8.25 |
ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure |
Cybersecurity researchers have detailed the inner workings of an Android banking trojan called ERMAC 3.0, uncovering serious shortcomings in the operators' |
||
|
17.8.25 |
Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware |
The threat actor known as EncryptHub is continuing to exploit a now-patched security flaw impacting Microsoft Windows to deliver malicious payloads. |
||
|
17.8.25 |
Taiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking Tools |
A Chinese-speaking advanced persistent threat (APT) actor has been observed targeting web infrastructure entities in Taiwan using customized versions of open- |
||
|
16.8.25 |
CVE-2025-54136 – MCPoison Cursor IDE: Persistent Code Execution via MCP Trust Bypass |
Cursor is a developer-focused AI IDE that combines local code editing with large language model (LLM) integrations. Due to its flexibility and deep LLM integration, Cursor is increasingly adopted by startups, research teams, and individual developers looking to integrate AI tooling directly into their development workflow. |
||
|
16.8.25 |
Sealed Chain of Deception: Actors leveraging Node.JS to Launch JSCeal |
Check Point Research (CPR) is closely tracking the malicious execution of compiled Javascript files, which led to the discovery of JSCEAL, a campaign targeting crypto app users. |
||
|
16.8.25 |
Several prominent RaaS groups, including RansomHub, Babuk-Bjorka, FunkSec, BianLIan, 8Base, Cactus, Hunters International, and Lockbit, stopped publishing new victims. Though the reasons for their disappearances vary, the net effect is a fragmented ransomware ecosystem no longer dominated by one or two major players. |
|||
|
16.8.25 |
Before ToolShell: Exploring Storm-2603’s Previous Ransomware Operations |
Check Point Research (CPR) conducted a focused analysis of Storm-2603, a threat actor associated with recent ToolShell exploitations, together with other Chinese APT groups. |
||
|
16.8.25 |
Cisco Talos discovered UAT-7237, a Chinese-speaking advanced persistent threat (APT) group active since at least 2022, which has significant overlaps with UAT-5918. |
|||
|
16.8.25 |
What happened in Vegas (that you actually want to know about) |
Hazel braves Vegas, overpriced water and the Black Hat maze to bring you Talos’ latest research — including a deep dive into the PS1Bot malware campaign. |
||
|
16.8.25 |
Malvertising campaign leads to PS1Bot, a multi-stage malware framework |
Cisco Talos has observed an ongoing malware campaign that seeks to infect victims with a multi-stage malware framework, implemented in PowerShell and C#, which we are referring to as “PS1Bot.” |
||
|
16.8.25 |
Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities |
Microsoft has released its monthly security update for August 2025, which includes 111 vulnerabilities affecting a range of products, including 13 that Microsoft marked as “critical”. In this month's release, Microsoft observed none of the included vulnerabilities being ac |
||
|
16.8.25 |
Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. |
|||
|
16.8.25 |
Can AI really write safer code? Martin dusts off his software engineer skills to put it it to the test. Find out what AI code failed at, and what it was surprisingly good at. Also, we discuss new research on how AI LLM models can be used to assist in the reverse engineering of malware. |
|||
|
16.8.25 |
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed seven vulnerabilities in WWBN AVideo, four in MedDream, and one in an Eclipse ThreadX module. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adheren |
|||
|
16.8.25 |
Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. |
|||
|
16.8.25 |
Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks |
In 2023, Cisco Talos and partners created a special Backdoors & Breaches card deck to help NGOs improve their cybersecurity skills with practical, easy-to-use training tailored to their needs. |
||
|
16.8.25 |
CVE-2025-53770 & CVE-2025-53771: Critical On-Prem SharePoint Vulnerabilities |
Two critical vulnerabilities, tracked as CVE-2025-53770 and CVE-2025-53771, have been discovered in on-premise Microsoft SharePoint. |
||
|
16.8.25 |
BlackSuit: A Hybrid Approach with Data Exfiltration and Encryption |
In this Threat Analysis Report, Cybereason investigates a recently observed BlackSuit ransomware attack and the tools and techniques the threat actors used. |
||
|
16.8.25 |
||||
|
16.8.25 |
How the always-on generation can level up its cybersecurity game |
|||
|
16.8.25 |
WinRAR zero-day exploited in espionage attacks against high-value targets |
|||
|
16.8.25 |
Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability |
|||
|
16.8.25 |
Black Hat USA 2025: Is a high cyber insurance premium about your risk, or your insurer’s? |
A sky-high premium may not always reflect your company’s security posture |
||
|
16.8.25 |
Android adware: What is it, and how do I get it off my device? |
|||
|
16.8.25 |
Black Hat USA 2025: Policy compliance and the myth of the silver bullet |
|||
|
16.8.25 |
Black Hat USA 2025: Does successful cybersecurity today increase cyber-risk tomorrow? |
|||
|
16.8.25 |
ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch |
|||
|
16.8.25 |
Is your phone spying on you? | Unlocked 403 cybersecurity podcast (S2E5) |
|||
|
16.8.25 |
Why the tech industry needs to stand firm on preserving end-to-end encryption |
|||
|
16.8.25 |
This month in security with Tony Anscombe – July 2025 edition |
|||
|
16.8.25 |
SparkRAT: Exploiting Architectural Weaknesses in Open-Source Offensive Tools |
SparkRAT is an open-source, freely available, and widely used Remote Access Trojan and C2 server, all of which led us to want to explore it further. |
||
|
16.8.25 |
In early June, I was reviewing a new Linux kernel feature when I learned about the MSG_OOB feature supported by stream-oriented UNIX domain sockets |
|||
|
16.8.25 |
A Comprehensive Analysis of HijackLoader and its Infection Chain |
HijackLoader, a stealthy loader which delivers a wide variety of payloads, has been found to be spreading using fake download links on various piracy websites as well as SEO poisoning using legitimate websites. I |
||
|
16.8.25 |
This blog explores how attackers used Distributed Component Object Model (DCOM) as a lateral movement technique to distribute PathWiper, and how Trellix Network Detection and Response (NDR) detects and visualizes such activities. |
|||
|
16.8.25 |
Beat the heat and the hackers! Our July 2025 Bug Report details unauthenticated RCEs & critical flaws in SharePoint, Git, FTP, and FortiWeb. Patch immediately! |
|||
|
16.8.25 |
Over the past few years, the Ransomware-as-a-Service (RaaS) model rose to dominance, structured like criminal empires, complete with brands, affiliate programs, and professional operations. What once looked like organized crime, now more closely resembles a paranoid, fractured ecosystem where loyalty is temporary and betrayal is expected. Today, we’re watching the RaaS model unravel. |
|||
|
15.8.25 |
U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions |
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Thursday renewed sanctions against Russian cryptocurrency exchange platform |
||
|
15.8.25 |
Cisco has released security updates to address a maximum-severity security flaw in Secure Firewall Management Center (FMC) Software that could allow an attacker to |
|||
|
15.8.25 |
Multiple HTTP/2 implementations have been found susceptible to a new attack technique called MadeYouReset that could be explored to conduct powerful denial- |
|||
|
14.8.25 |
Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon's Reach to Linux and macOS |
Japan's CERT coordination center (JPCERT/CC) on Thursday revealed it observed incidents that involved the use of a command-and-control (C2) framework called |
||
|
14.8.25 |
New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits |
Cybersecurity researchers have disclosed a new Android trojan called PhantomCard that abuses near-field communication (NFC) to conduct relay attacks for facilitating |
||
|
14.8.25 |
Google Requires Crypto App Licenses in 15 Regions as FBI Warns of $9.9M Scam Losses |
Google said it's implementing a new policy requiring developers of cryptocurrency exchanges and wallets to obtain government licenses before publishing apps in 15 |
||
|
14.8.25 |
CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting N-able N-central to its Known Exploited |
||
|
14.8.25 |
New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks |
Cybersecurity researchers have discovered a new malvertising campaign that's designed to infect victims with a multi-stage malware framework called PS1Bot . |
||
|
14.8.25 |
Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws |
Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code |
||
|
14.8.25 |
Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code |
Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild. The vulnerability, tracked as CVE-2025-25256 , |
||
|
13.8.25 |
Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws |
Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been disclosed as publicly known |
||
|
13.8.25 |
Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics |
Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle |
||
|
13.8.25 |
Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks |
New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident. |
||
|
13.8.25 |
Fortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManager |
Cybersecurity researchers are warning of a "significant spike" in brute-force traffic aimed at Fortinet SSL VPN devices. The coordinated activity, per threat intelligence |
||
|
13.8.25 |
Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses |
An ongoing data extortion campaign targeting Salesforce customers may soon turn its attention to financial services and technology service providers, as ShinyHunters |
||
|
12.8.25 |
New 'Curly COMrades' APT Using NGEN COM Hijacking in Georgia, Moldova Attacks |
A previously undocumented threat actor dubbed Curly COMrades has been observed targeting entities in Georgia and Moldova as part of a cyber espionage |
||
|
12.8.25 |
Dutch NCSC Confirms Active Exploitation of Citrix NetScaler CVE-2025-6543 in Critical Sectors |
The Dutch National Cyber Security Centre (NCSC-NL) has warned of cyber attacks exploiting a recently disclosed critical security flaw impacting Citrix NetScaler ADC |
||
|
12.8.25 |
New TETRA Radio Encryption Flaws Expose Law Enforcement Communications |
Cybersecurity researchers have discovered
a fresh set of security issues in the Terrestrial Trunked Radio (TETRA)
communications protocol, including in its proprietary end-to-end
encryption |
||
|
12.8.25 |
Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls |
Malicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform (OTP) SSH as early as beginning of May |
||
|
12.8.25 |
WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately |
The maintainers of the WinRAR file archiving utility have released an update to address an actively exploited zero-day vulnerability. Tracked as CVE-2025-8088 |
||
|
12.8.25 |
New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP |
A novel attack technique could be weaponized to rope thousands of public domain controllers (DCs) around the world to create a malicious botnet and use it to |
||
|
12.8.25 |
Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation |
Cybersecurity researchers have presented new findings related to a now-patched security issue in Microsoft's Windows Remote Procedure Call (RPC) communication |
||
|
12.8.25 |
Linux-Based Lenovo Webcams' Flaw Can Be Remotely Exploited for BadUSB Attacks |
Cybersecurity researchers have disclosed vulnerabilities in select model webcams from Lenovo that could turn them into BadUSB attack devices. "This allows remote |
||
|
12.8.25 |
Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models |
Cybersecurity researchers have uncovered multiple security flaws in Dell's ControlVault3 firmware and its associated Windows APIs that could have been |
||
|
12.8.25 |
Researchers Uncover GPT-5 Jailbreak and Zero-Click AI Agent Attacks Exposing Cloud and IoT Systems |
Cybersecurity researchers have uncovered a jailbreak technique to bypass ethical guardrails erected by OpenAI in its latest large language model (LLM) GPT-5 and |
||
|
12.8.25 |
CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials |
Cybersecurity researchers have discovered over a dozen vulnerabilities in enterprise secure vaults from CyberArk and HashiCorp that, if successfully exploited, can allow |
||
|
12.8.25 |
AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims |
Cybersecurity researchers are drawing attention to a new campaign that's using legitimate generative artificial intelligence (AI)-powered website building tools like |
||
|
12.8.25 |
RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes |
A fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by posing as seemingly innocuous automation tools for social media, |
||
|
12.8.25 |
GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensions |
A newly discovered campaign dubbed GreedyBear has leveraged over 150 malicious extensions to the Firefox marketplace that are designed to impersonate |
||
|
12.8.25 |
SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others |
The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to filter and |
||
|
12.8.25 |
Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes |
Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute |
||
|
12.8.25 |
Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups |
Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated |
||
|
12.8.25 |
6,500 Axis Servers Expose Remoting Protocol; 4,000 in U.S. Vulnerable to Exploits |
Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, |
||
|
12.8.25 |
SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day |
SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug and |
||
|
12.8.25 |
Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft |
Cybersecurity researchers have demonstrated an "end-to-end privilege escalation chain" in Amazon Elastic Container Service ( ECS ) that could be exploited by an |
||
|
12.8.25 |
Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams |
The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google's |
||
|
8.8.25 |
Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools |
Microsoft on Tuesday announced an autonomous artificial intelligence (AI) agent that can analyze and classify software without assistance in an effort to advance |
||
|
8.8.25 |
Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams |
The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google's |
||
|
8.8.25 |
Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft |
Cybersecurity researchers have demonstrated an "end-to-end privilege escalation chain" in Amazon Elastic Container Service ( ECS ) that could be exploited by an |
||
|
8.8.25 |
SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day |
SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug and |
||
|
8.8.25 |
6,500 Axis Servers Expose Remoting Protocol; 4,000 in U.S. Vulnerable to Exploits |
Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, |
||
|
8.8.25 |
Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups |
Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated |
||
|
8.8.25 |
Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes |
Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute |
||
|
8.8.25 |
SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others |
The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to filter and |
||
|
8.8.25 |
GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensions |
A newly discovered campaign dubbed GreedyBear has leveraged over 150 malicious extensions to the Firefox marketplace that are designed to impersonate |
||
|
8.8.25 |
RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes |
A fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by posing as seemingly innocuous automation tools for social media, |
||
|
6.8.25 |
ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections |
A combination of propagation methods, narrative sophistication, and evasion techniques enabled the social engineering tactic known as ClickFix to take off the |
||
|
6.8.25 |
CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link Wi-Fi cameras and video recorders to its |
||
|
6.8.25 |
CERT-UA Warns of HTA-Delivered C# Malware Attacks Using Court Summons Lures |
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks carried out by a threat actor called UAC-0099 targeting government |
||
|
6.8.25 |
Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems |
Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been |
||
|
5.8.25 |
PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads |
Cybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices, primarily |
||
|
5.8.25 |
New 'Plague' PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft |
Cybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year. "The implant is built |
||
|
5.8.25 |
Vietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords Globally |
Cybersecurity researchers are calling attention to a new wave of campaigns distributing a Python-based information stealer called PXA Stealer. The malicious |
||
|
5.8.25 |
NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers |
A newly disclosed set of security flaws in NVIDIA's Triton Inference Server for Windows and Linux, an open-source platform for running artificial intelligence (AI) |
||
|
5.8.25 |
SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported |
SonicWall said it's actively investigating reports to determine if there is a new zero-day vulnerability following reports of a spike in Akira ransomware actors in late July |
||
|
5.8.25 |
15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign |
Cybersecurity researchers have lifted the veil on a widespread malicious campaign that's targeting TikTok Shop users globally with an aim to steal credentials and |
||
|
5.8.25 |
Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks |
In SaaS security conversations, "misconfiguration" and "vulnerability" are often used interchangeably. But they're not the same thing. And misunderstanding that |
||
|
5.8.25 |
Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval |
Cybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence (AI)-powered code editor Cursor that could result in remote |
||
|
5.8.25 |
Google Fixes 3 Android Vulnerabilities Exploited in the Wild, Urges Immediate Patching |
Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as actively exploited in |
||
|
3.8.25 |
New 'Plague' PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft |
Cybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year. "The implant is built |
||
|
3.8.25 |
CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign |
Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over |
||
|
2.8.25 |
Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices |
SonicWall SSL VPN devices have become the target of Akira ransomware attacks as part of a newfound surge in activity observed in late July 2025. "In the intrusions |
||
|
1.8.25 |
AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown |
Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wallet |
||
|
1.8.25 |
Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts |
Cybersecurity researchers have detailed a new cluster of activity where threat actors are impersonating enterprises with fake Microsoft OAuth applications to |