2025 January(178) February(102) March(349) April(112) May(0) June(0) July(0) August(0) September(0)
DATE | NAME | Info |
CATEG. |
WEB |
| 28.2.25 | 5,000 Phishing PDFs on 260 Domains Distribute Lumma Stealer via Fake CAPTCHAs | ybersecurity researchers have uncovered a widespread phishing campaign that uses fake CAPTCHA images shared via PDF documents hosted on Webflow's | Phishing | The Hacker News |
| 28.2.25 | Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme | Microsoft on Thursday unmasked four of the individuals that it said were behind an Azure Abuse Enterprise scheme that involves leveraging unauthorized access | AI | The Hacker News |
| 28.2.25 | 12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training | A dataset used to train large language models (LLMs) has been found to contain nearly 12,000 live secrets, which allow for successful authentication. The findings | AI | The Hacker News |
| 28.2.25 | Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus | The threat actor known as Sticky Werewolf has been linked to targeted attacks primarily in Russia and Belarus with the aim of delivering the Lumma Stealer | Virus | The Hacker News |
| 27.2.25 | Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations | A new campaign is targeting companies in Taiwan with malware known as Winos 4.0 as part of phishing emails masquerading as the country's National Taxation | APT | The Hacker News |
| 27.2.25 | Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware | The threat actor known as Space Pirates has been linked to a malicious campaign targeting Russian information technology (IT) organizations with a previously | Virus | The Hacker News |
| 27.2.25 | 89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals | Organizations are either already adopting GenAI solutions, evaluating strategies for integrating these tools into their business plans, or both. To drive informed | AI | The Hacker News |
| 27.2.25 | New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades | Cybersecurity researchers have discovered an updated version of an Android malware called TgToxic (aka ToxicPanda), indicating that the threat actors behind it are continuously making changes in response to public reporting. "The | Virus | The Hacker News |
| 27.2.25 | PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices | A new malware campaign has been observed targeting edge devices from Cisco, ASUS, QNAP, and Synology to rope them into a botnet named PolarEdge since at | BotNet | The Hacker News |
| 27.2.25 | Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers | The U.S. Federal Bureau of Investigation (FBI) formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company's CEO Ben | Exploit | The Hacker News |
| 27.2.25 | Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites | A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of | Exploit | The Hacker News |
| 26.2.25 | Leaked Black Basta Ransomware Chat Logs Reveal Inner Workings and Internal Conflicts | More than a year's worth of internal chat logs from a ransomware gang known as Black Basta have been published online in a leak that provides unprecedented | Ransom | The Hacker News |
| 26.2.25 | New Linux Malware 'Auto-Color' Grants Hackers Full Remote Access to Compromised Systems | Universities and government organizations in North America and Asia have been targeted by a previously undocumented Linux malware called Auto-Color between | Virus | The Hacker News |
| 26.2.25 | CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries | The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday warned of renewed activity from an organized criminal group it tracks as UAC- | BigBrothers | The Hacker News |
| 26.2.25 | Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads | Cybersecurity researchers have flagged a malicious Python library on the Python Package Index (PyPI) repository that facilitates unauthorized music downloads | Virus | The Hacker News |
| 26.2.25 | CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra | Exploit | The Hacker News |
| 26.2.25 | LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile | Cybersecurity researchers have flagged an updated version of the LightSpy implant that comes equipped with an expanded set of data collection features to | Virus | The Hacker News |
| 26.2.25 | Belarus-Linked Ghostwriter Uses Macropack-Obfuscated Excel Macros to Deploy Malware | Opposition activists in Belarus as well as Ukrainian military and government organizations are the target of a new campaign that employs malware-laced | BigBrothers | The Hacker News |
| 25.2.25 | 2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT | A large-scale malware campaign has been found leveraging a vulnerable Windows driver associated with Adlice's product suite to sidestep detection efforts and deliver the Gh0st RAT malware . "To further evade detection, the attackers | Virus | The Hacker News |
| 25.2.25 | GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets | Cybersecurity researchers are calling attention to an ongoing campaign that's targeting gamers and cryptocurrency investors under the guise of open-source | Virus | The Hacker News |
| 25.2.25 | FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services | Various industrial organizations in the Asia-Pacific (APAC) region have been targeted as part of phishing attacks designed to deliver a known malware called | Virus | The Hacker News |
| 25.2.25 | Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle | Exploit | The Hacker News |
|
24.2.25 | New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer | Cybersecurity researchers are warning of a new campaign that leverages cracked versions of software as a lure to distribute information stealers like Lumma and | Virus | The Hacker News |
|
24.2.25 | Google Cloud KMS Adds Quantum-Safe Digital Signatures to Defend Against Future Threats | Google Cloud has announced quantum-safe digital signatures in Google Cloud Key Management Service ( Cloud KMS ) for software-based keys as a way to | Safety | The Hacker News |
|
24.2.25 | Australia Bans Kaspersky Software Over National Security and Espionage Concerns | Australia has become the latest country to ban the installation of security software from Russian company Kaspersky, citing national security concerns. "After | BigBrothers | The Hacker News |
|
22.2.25 | Updated Shadowpad Malware Leads to Ransomware Deployment | In this blog entry, we discuss how Shadowpad is being used to deploy a new undetected ransomware family. Attackers deploy the malware by exploiting weak passwords and bypassing multi-factor authentication. | Malware blog | |
|
22.2.25 | Chinese-Speaking Group Manipulates SEO with BadIIS | This blog post details our analysis of an SEO manipulation campaign targeting Asia. We also share recommendations that can help enterprises proactively secure their environment. | APT blog | |
|
22.2.25 | Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection | Our Threat Hunting team discusses Earth Preta’s latest technique, in which the APT group leverages MAVInject and Setup Factory to deploy payloads, and maintain control over compromised systems. | APT blog | |
|
22.2.25 | Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit | Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware. | Vulnerebility blog | |
|
22.2.25 | Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response | The Managed XDR team investigated a sophisticated campaign distributing Lumma Stealer through GitHub, where attackers leveraged the platform's release infrastructure to deliver malware such as SectopRAT, Vidar, and Cobeacon. | Malware blog | |
|
22.2.25 | CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks | The Trend ZDI team offers an analysis on how CVE-2025-0411, a zero-day vulnerability in 7-Zip, was actively exploited to target Ukrainian organizations in a SmokeLoader campaign involving homoglyph attacks. | Vulnerebility blog | |
|
22.2.25 | Remcos RAT Targets Europe: New AMSI and ETW Evasion Tactics Uncovered | This loader was seen distributing Async RAT in the past but now it has extended its functionality to Remcos RAT and other malware families. From our analysis, it seems to be targeting European institutions. | Malware blog | |
|
22.2.25 | Russian Threat Group CryptoBytes is Still Active in the Wild with UxCryptor | The SonicWall Capture Labs threat research team has recently been analyzing malware from the CryptoBytes hacker group. UxCryptor is a ransomware strain associated with the CryptoBytes group, a financially motivated Russian cybercriminal organization. It has been active since at least 2023. The group is known for leveraging leaked ransomware builders to create and distribute their malware. | Cryptocurrency blog | |
|
22.2.25 | NIS2: Cybersecurity Becomes Law in Europe | NIS2 builds on the original directive to strengthen cybersecurity standards, ensuring greater protection for EU networks and increased accountability for organizations. | Cyber blog | |
|
22.2.25 | GCleaner is Packed and Ready to Go | This week, the SonicWall Capture Labs threat research team investigated a sample of GCleaner, a Themida-packed malware variant that downloads and drops additional malware, has C2, heavy anti-analysis/anti-VM, and evasion capabilities. GCleaner will also attempt to infect removable drives by encryption or to spread to other systems. | Malware blog | |
|
22.2.25 | Critical Wazuh RCE Vulnerability (CVE-2025-24016): Risks, Exploits and Remediation | SonicWall Capture Labs threat research team has become aware of a critical remote code execution (RCE) vulnerability in Wazuh Server (CVE-2025-24016) and has implemented mitigating measures | Vulnerebility blog | |
|
22.2.25 | Microsoft Security Bulletin Coverage for February 2025 | Microsoft’s February 2025 Patch Tuesday has 57 vulnerabilities, of which 21 are Remote Code Execution. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of February 2025 and has produced coverage for six of the reported vulnerabilities. | Vulnerebility blog | |
|
22.2.25 | Critical WordPress File Upload Vulnerability (CVE-2024-8856): Threat Analysis and SonicWall Protections | The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-8856, assessed its impact, and developed mitigation measures for this vulnerability. Since it is tied to CWE-434 (“Unrestricted Upload of File with Dangerous Type”) and listed in CISA bulletins, it signals a strong likelihood of active exploitation. | Vulnerebility blog | |
|
22.2.25 |
Explore January 2025’s top CVEs, from RTF exploits to command injection chaos. Stay ahead with insights, PoCs, and patch recommendations. Protect your systems now! | |||
|
22.2.25 |
Cyber Threat Landscape Q&A with Trellix Head of Threat Intelligence John Fokker |
We sat down with Trellix Head of Threat Intelligence John Fokker to get his thoughts on the most pressing cyber threats of 2025 and biggest takeaways from 2024. | ||
|
22.2.25 |
Windows Bug Class: Accessing Trapped COM Objects with IDispatch |
Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy to develop an object-orientated interface to a service which can cross process and security boundaries. |
||
|
22.2.25 |
Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update) |
Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows. |
||
|
22.2.25 |
In this Threat Analysis report, Cybereason investigates the the Phorpiex botnet that delivers LockBit Black Ransomware (aka LockBit 3.0). |
|||
|
22.2.25 |
CVE-2025-23006: Critical Vulnerability Discovered in SonicWall SMA 1000 Series |
A critical vulnerability, tracked as CVE-2025-23006, has been discovered in SonicWall SMA 1000 Series. | ||
|
22.2.25 |
Fake job offers target software developers with infostealers |
|||
|
22.2.25 |
ESET researchers analyzed a campaign delivering malware bundled with job interview challenges |
|||
|
22.2.25 | ||||
|
22.2.25 |
Katharine Hayhoe: The most important climate equation | Starmus highlights |
|||
|
22.2.25 | ||||
|
22.2.25 |
What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10) |
|||
|
22.2.25 | ||||
|
22.2.25 |
Neil Lawrence: What makes us unique in the age of AI | Starmus highlights |
|||
|
22.2.25 |
Patch or perish: How organizations can master vulnerability management |
|||
|
22.2.25 |
Roeland Nusselder: AI will eat all our energy, unless we make it tiny | Starmus highlights | |||
|
22.2.25 | ||||
|
22.2.25 |
This month in security with Tony Anscombe – January 2025 edition |
|||
|
22.2.25 | ||||
|
22.2.25 | ||||
|
22.2.25 |
Going (for) broke: 6 common online betting scams and how to avoid them |
|||
|
22.2.25 |
The evolving landscape of data privacy: Key trends to shape 2025 |
|||
|
22.2.25 | ||||
|
22.2.25 |
Under lock and key: Protecting corporate data from cyberthreats in 2025 |
|||
|
22.2.25 | ||||
|
22.2.25 |
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344 |
|||
|
22.2.25 | ||||
|
22.2.25 |
Protecting children online: Where Florida’s new law falls short |
Some of the state’s new child safety law can be easily circumvented. Should it have gone further? |
||
|
22.2.25 |
Crypto is soaring, but so are threats: Here’s how to keep your wallet safe |
|||
|
22.2.25 |
State-aligned actors are increasingly deploying ransomware – and that’s bad news for everyone |
|||
|
22.2.25 |
Investigating LLM Jailbreaking of Popular Generative AI Web Products |
This article summarizes our investigation into jailbreaking 17 of the most popular generative AI (GenAI) web products that offer text generation or chatbot services. | ||
|
22.2.25 |
Stately Taurus Activity in Southeast Asia Links to Bookworm Malware |
While analyzing infrastructure related to Stately Taurus activity targeting organizations in countries affiliated with the Association of Southeast Asian Nations (ASEAN), Unit 42 researchers observed overlaps with infrastructure used by a variant of the Bookworm malware. |
||
|
22.2.25 |
This article reviews nine vulnerabilities we recently discovered in two utilities called cuobjdump and nvdisasm, both from NVIDIA's Compute Unified Device Architecture (CUDA) Toolkit. |
|||
|
22.2.25 |
Stealers on the Rise: A Closer Look at a Growing macOS Threat |
We recently identified a growing number of attacks targeting macOS users across multiple regions and industries. Our research has identified three particularly prevalent macOS infostealers in the wild, which we will explore in depth: Poseidon, Atomic and Cthulhu. We’ll show how they operate and how we detect their malicious activity. |
||
|
22.2.25 |
Recent Jailbreaks Demonstrate Emerging Threat to DeepSeek |
Unit 42 researchers recently revealed two novel and effective jailbreaking techniques we call Deceptive Delight and Bad Likert Judge. |
||
|
22.2.25 |
CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia |
We identified a cluster of activity that we track as CL-STA-0048. This cluster targeted high-value targets in South Asia, including a telecommunications organization. |
||
|
22.2.25 |
The Cat and Mouse Game: Exploiting Statistical Weaknesses in Human Interaction Anti-Evasions |
We describe, in very general terms, how we were able to evade detection by taking advantage of statistical anomalies in the human interaction modules of several sandbox solutions. | ||
|
22.2.25 |
Talos IR trends Q4 2024: Web shell usage and exploitation of public-facing applications spike |
This new report from Cisco Talos Incident Response explores how threat actors increasingly deployed web shells against vulnerable web applications, and exploited vulnerable or unpatched public-facing applications to gain initial access. |
||
|
22.2.25 |
Efficiency? Security? When the quest for one grants neither. |
William discusses what happens when security is an afterthought rather than baked into processes and highlights the latest of Talos' security research. |
||
|
22.2.25 |
Cisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies, by a threat actor dubbed Salt Typhoon. This blog highlights our observations on this campaign and identifies recommendations for detection and prevention. |
|||
|
22.2.25 |
Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities |
Microsoft has released its monthly security update for January of 2025 which includes 58 vulnerabilities, including 3 that Microsoft marked as “critical” and one marked as "moderate". The remaining vulnerabilities listed are classified as “important.” | ||
|
22.2.25 |
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party |
|||
|
22.2.25 |
Hazel discusses Interpol’s push to rename pig butchering scams as ‘romance baiting’. Plus, catch up on the latest vulnerability research from Talos, and why a recent discovery is a “rare industry win”. |
|||
|
22.2.25 |
Small praise for modern compilers - A case of Ubuntu printing vulnerability that wasn’t |
During an earlier investigation of the macOS printing subsystem, IPP-USB protocol caught our attention. We decided to take a look at how other operating systems handle the same functionality. | ||
|
22.2.25 |
Thorsten examines last year’s CVE list and compares it to recent Talos Incident Response trends. Plus, get all the details on the new vulnerabilities disclosed by Talos’ Vulnerability Research Team. |
|||
|
22.2.25 |
A technical overview of Cisco Talos' investigations into Google Cloud Platform Cloud Build, and the threat surface posed by the storage permission family. |
|||
| 22.2.25 | Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack | Cryptocurrency exchange Bybit on Friday revealed that a "sophisticated" attack led to the theft of over $1.46 billion worth of cryptocurrency from one of its Ethereum | Cryptocurrency | The Hacker News |
| 22.2.25 | OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns | OpenAI on Friday revealed that it banned a set of accounts that used its ChatGPT tool to develop a suspected artificial intelligence (AI)-powered surveillance tool. | AI | The Hacker News |
| 22.2.25 | Apple Drops iCloud's Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands | Apple is removing its Advanced Data Protection (ADP) feature for iCloud from the United Kingdom with immediate effect following government demands for | Virus | The Hacker News |
| 22.2.25 | Data Leak Exposes TopSec's Role in China's Censorship-as-a-Service Operations | An analysis of a data leak from a Chinese cybersecurity company TopSec has revealed that it likely offers censorship-as-a-service solutions to prospective | APT | The Hacker News |
| 22.2.25 | Cybercriminals Can Now Clone Any Brand's Site in Minutes Using Darcula PhaaS v3 | The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform appear to be readying a new version that allows prospective customers and cyber | Phishing | The Hacker News |
| 22.2.25 | Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks | Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171 , and by | Vulnerebility | The Hacker News |
| 22.2.25 | CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks | A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security | Vulnerebility | The Hacker News |
| 22.2.25 | North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware | Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail and InvisibleFerret. The activity, linked to North Korea, has | APT | The Hacker News |
| 22.2.25 | China-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware | A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, | Ransom | The Hacker News |
| 22.2.25 | Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives | A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application | Virus | The Hacker News |
| 22.2.25 | Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability | Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead | Virus | The Hacker News |
| 22.2.25 | Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability | Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active | OS | The Hacker News |
| 22.2.25 | Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes | Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized | Exploit | The Hacker News |
| 22.2.25 | New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection | A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain. Fortinet | Virus | The Hacker News |
| 22.2.25 | Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack | Users who are on the lookout for popular games were lured into downloading trojanized installers that led to the deployment of a cryptocurrency miner on | Cryptocurrency | The Hacker News |
| 22.2.25 | CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall | Vulnerebility | The Hacker News |
| 22.2.25 | New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now | Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active | Vulnerebility | The Hacker News |
| 22.2.25 | Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks | The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control | APT | The Hacker News |