2025 January(178) February(102) March(349) April(412) May(435) June(471) July(395) August(0) September(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
|
26.7.25 |
The Arctic Wolf® Labs team has identified a new campaign by cyber-espionage group Dropping Elephant targeting Turkish defense contractors, specifically a manufacturer of precision-guided missile systems. |
|||
|
26.7.25 |
Soco404: Multiplatform Cryptomining Campaign Uses Fake Error Pages to Hide Payload |
Wiz Research has identified a new iteration of a broader malicious cryptomining campaign, which we’ve dubbed Soco404 (based on the observed payload name, associated domain, and use of fake error pages). |
||
|
26.7.25 |
Recently, our team uncovered a particularly sneaky piece of malware tucked away in a place many WordPress users don’t even know exists: the mu-plugins folder. In fact, back in March, we saw a similar trend with hidden malware in this very directory, as detailed in our post Hidden Malware Strikes Again: MU-Plugins Under Attack. This current infection was designed to be quiet, persistent, and very hard to spot. |
|||
|
26.7.25 |
Beyond Mimo’lette: Tracking Mimo's Expansion to Magento CMS and Docker |
Through investigations into a string of workload compromises involving ecommerce sites, the Datadog Security Research team discovered that the Mimo threat actor (also known as Mimo'lette), previously known for targeting the Craft content management system (CMS), has evolved its tactics to compromise the Magento ecommerce CMS platform through exploitation of an undetermined PFP-FPM vulnerability. |
||
|
26.7.25 |
ToolShell: Critical SharePoint Zero-Day Exploited in the Wild |
Symantec products already block CVE-2025-53770 exploit attempts. |
||
|
26.7.25 |
|
Sophos X-Ops explores why larger isn’t always better when it comes to solving security challenges with AI |
||
|
26.7.25 |
SharePoint ‘ToolShell’ vulnerabilities being exploited in the wild |
Sophos X-Ops sees exploitation across multiple customer estates |
||
|
26.7.25 |
Detailed analysis of an obfuscated web shell used in a CNI attack. Explores its structure, traffic patterns, and Fortinet’s detection and protection. |
|||
|
26.7.25 |
FortiGuard Labs uncovers ToolShell, a sophisticated exploit chain targeting Microsoft SharePoint servers using a mix of patched and zero-day CVEs. Learn how attackers deploy GhostWebShell and KeySiphon for stealthy remote code execution and credential theft. |
|||
|
26.7.25 |
Following the Israel-Iran ceasefire, FortiGuard Labs uncovered a phishing campaign posing as a private jet evacuation service from Tel Aviv to New York. Learn how attackers used crisis-driven fear to steal personal and financial data. |
|||
|
26.7.25 |
Beyond Convenience: Exposing the Risks of VMware vSphere Active Directory Integration |
Broadcom's VMware vSphere product remains a popular choice for private cloud virtualization, underpinning critical infrastructure. Far from fading, organizations continue to rely heavily on vSphere for stability and control. |
||
|
26.7.25 |
|
*Updated July 24, 2025 with latest findings from Check Point Research* Key findings: A critical ... |
||
|
26.7.25 |
|
Phishing continues to be a powerful tool in the cyber criminal arsenal. In the second ... |
||
|
26.7.25 |
The Week in Vulnerabilities: Time to Exploit Continues to Fall |
Of more than 900 new vulnerabilities in the last week, nearly 200 already have public Proofs-of-Concept (POC). |
||
|
26.7.25 |
UK Identifies Russian GRU’s “AUTHENTIC ANTICS” Malware in Email Espionage Campaign |
The UK linked the AUTHENTIC ANTICS malware to APT 28 and sanctioned GRU units for cyber espionage targeting Microsoft email accounts and hybrid warfare. |
||
|
26.7.25 |
ACSC warns of active exploits targeting CVE-2025-53770 on on-premises Microsoft SharePoint and urges urgent patching to prevent remote code execution attacks. |
|||
|
26.7.25 |
Operation CargoTalon : UNG0901 Targets Russian Aerospace & Defense Sector using EAGLET implant. |
Contents Introduction Initial Findings Infection Chain. Technical Analysis Stage 0 – Malicious Email File. Stage 1 – Malicious LNK file. Stage 2 – Looking into the decoy file. Stage 3 – Malicious EAGLET implant. Hunting and Infrastructure. Infrastructural details.... |
||
|
26.7.25 |
EXECUTIVE SUMMARY Raven Stealer is a modern, lightweight, information-stealing malware developed primarily in Delphi and C++, designed to extract sensitive data from victim |
|||
|
26.7.25 |
ANDROID MALWARE POSING AS INDIAN BANK APPS EXECUTIVE SUMMARY At CYFIRMA, we are committed to delivering timely intelligence on emerging cyber threats and adversarial tactics |
|||
|
26.7.25 |
Takenaka Corporation has defined its vision for 2030 through digital transformation and is advancing reform activities that integrate its digital division with all business units. The |
|||
|
26.7.25 |
EdskManager RAT: Multi-Stage Malware with HVNC and Evasion Capabilities |
Executive Summary At CYFIRMA, we are dedicated to providing current insights into prevalent threats and the strategies employed by malicious entities targeting both organizations |
||
|
26.7.25 |
The adoption of bare metal cloud services for AI workloads has accelerated significantly, driven by performance requirements that virtualized environments struggle to meet. |
|||
|
26.7.25 |
NET RFQ: Request for Quote Scammers Casting Wide Net to Steal Real Goods |
In this report, Proofpoint threat researchers take a deep dive into a widespread Request for Quote (RFQ) scam that involves leveraging common Net financing options (Net 15, 30, 45) to steal a variety of high value electronics and goods. Net financing of 15-90 days is the most common payment terms used by businesses. |
||
|
26.7.25 |
Back to Business: Lumma Stealer Returns with Stealthier Methods |
Lumma Stealer has re-emerged shortly after its takedown. This time, the cybergroup behind this malware appears to be intent on employing more covert tactics while steadily expanding its reach. This article shares the latest methods used to propagate this threat. |
||
|
26.7.25 |
Proactive Security Insights for SharePoint Attacks (CVE-2025-53770 and CVE-2025-53771) |
CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through advanced deserialization and ViewState abuse. |
||
|
26.7.25 |
The SonicWall Capture Labs threat research team became aware of a pre-authentication memory leak vulnerability leading to information disclosure in Citrix NetScaler devices assessed its impact and developed mitigation measures. NetScaler ADC and NetScaler Gateway are both networking products from Citrix. NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) are primarily used for optimizing application delivery, enhancing security, and improving user experience across networks. |
|||
|
26.7.25 |
Muddled Libra Threat Assessment: Further-Reaching, Faster, More Impactful |
Unit 42 has tracked and responded to several waves of intrusion operations conducted by the cybercrime group we track as Muddled Libra (aka Scattered Spider, UNC3944) across different sectors in recent months. This article contains observations on Muddled Libra thus far in 2025 based on our incident response insights. We share defensive recommendations that we have seen organizations use successfully against the threat. We also include what’s likely next for this prolific adversary. |
||
|
26.7.25 |
Since the creation of the internet, email attacks have been the predominant attack vector for spreading malware and gaining initial access to systems and endpoints. One example of an effective email compromise technique is a homograph attack. Attackers use this content manipulation tactic to evade content analysis and trick users by replacing Latin characters with similar-looking characters from other Unicode blocks. |
|||
|
26.7.25 |
Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief (Updated July 25) |
Unit 42 is tracking high-impact, ongoing threat activity targeting self-hosted Microsoft SharePoint servers. While SaaS environments remain unaffected, self-hosted SharePoint deployments — particularly within government, schools, healthcare (including hospitals) and large enterprise companies — are at immediate risk. |
||
|
26.7.25 |
Cisco Talos Incident Response (Talos IR) recently observed attacks by Chaos, a relatively new ransomware-as-a-service (RaaS) group conducting big-game hunting and double extortion attacks. |
|||
|
26.7.25 |
Get to know the real people behind cybersecurity’s front lines. In this week’s newsletter, sci-fi meets reality, humanity powers technology and a few surprises are waiting to be discovered. |
|||
|
26.7.25 |
In the first Humans of Talos, Amy sits with Hazel Burton — storyteller, security advocate, and all-around Talos legend. Hazel shares her journey from small business entrepreneurship to leading content programs at Talos. |
|||
|
26.7.25 |
MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities |
Cisco Talos uncovered a stealthy Malware-as-a-Service (MaaS) operation that used fake GitHub accounts to distribute a variety of dangerous payloads and evade security defenses. |
||
|
26.7.25 |
Bloomberg Comdb2 null pointer dereference and denial-of-service vulnerabilities |
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Bloomberg Comdb2. Comdb2 is an open source, high-availability database developed by Bloomberg. It supports features such as clustering, transactions, snapshots, and isolation. T |
||
|
26.7.25 |
Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in the wild. These are path traversal vulnerabilities affecting SharePoint Server Subscription Edition, SharePoint Server 2016, and SharePoint Server 2019. |
|||
|
26.7.25 |
This week, Martin shows how stepping away from the screen can make you a stronger defender, alongside an inside scoop on emerging malware threats. |
|||
|
26.7.25 |
SharePoint under fire: ToolShell attacks hit organizations worldwide |
|||
|
26.7.25 |
||||
|
26.7.25 |
Rogue CAPTCHAs: Look out for phony verification pages spreading malware |
|||
|
26.7.25 |
Why is your data worth so much? | Unlocked 403 cybersecurity podcast (S2E4) |
|||
|
26.7.25 |
CVE-2025-53770 & CVE-2025-53771: Critical On-Prem SharePoint Vulnerabilities |
Two critical vulnerabilities, tracked as CVE-2025-53770 and CVE-2025-53771, have been discovered in on-premise Microsoft SharePoint. |
||
|
26.7.25 |
Critical SharePoint Vulnerabilities Under Active Exploitation |
On-premises Microsoft SharePoint servers are currently facing high-impact, ongoing threat activity due to a set of critical vulnerabilities, notably CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771. |
||
|
26.7.25 |
At Trellix, we think it's important we don’t make cybercriminals seem larger than life or hero-worship them. This roast is about showing the human side of cybercrime and how they mess up, just like anyone else. |
|||
|
26.7.25 |
U.S. Sanctions Firm Behind N. Korean IT Scheme; Arizona Woman Jailed for Running Laptop Farm |
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned a North Korean front company and three associated individuals for their |
||
|
25.7.25 |
Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files |
The threat actor known as Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic1 |
||
|
25.7.25 |
Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor |
Russian aerospace and defense industries have become the target of a cyber espionage campaign that delivers a backdoor called EAGLET to facilitate data |
||
|
25.7.25 |
Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks |
Threat hunters have disclosed two different malware campaigns that have targeted vulnerabilities and misconfigurations across cloud environments to deliver |
||
|
25.7.25 |
Ukraine arrests suspected admin of XSS Russian hacking forum |
The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor's office. |
||
|
25.7.25 |
CISA warns of hackers exploiting SysAid vulnerabilities in attacks |
CISA has warned that attackers are actively exploiting two security vulnerabilities in the SysAid IT service management (ITSM) software to hijack administrator accounts. |
||
|
25.7.25 |
npm 'accidentally' removes Stylus package, breaks builds and pipelines |
npm has taken down all versions of the Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the package. |
||
|
25.7.25 |
Operator of Jetflicks illegal streaming service gets 7 years in prison |
The ringleader of the Jetflicks illegal paid streaming operation, a massive service with tens of thousands of subscribers, was sentenced to seven years in prison. |
||
|
25.7.25 |
Microsoft fixes bug behind incorrect Windows Firewall errors |
Microsoft has resolved a known issue that triggers invalid Windows Firewall errors after rebooting Windows 11 24H2 systems with the June 2025 preview update installed. |
||
|
25.7.25 |
Lumma infostealer malware returns after law enforcement disruption |
The Lumma infostealer malware operation is gradually resuming activities following a massive law enforcement operation in May, which resulted in the seizure of 2,300 domains and parts of its infrastructure. |
||
|
25.7.25 |
Windows 11 KB5062660 update brings new 'Windows Resilience' features |
Microsoft has released the KB5062660 preview cumulative update for Windows 11 24H2 with twenty-nine new features or changes, with many gradually rolling out, such as the new Black Screen of Death and Quick Machine Recovery tool. |
||
|
25.7.25 |
Windows 11 gets new Black Screen of Death, auto recovery tool |
Microsoft is rolling out significant changes to Windows 11 24H2 as part of the Windows Resilience Initiative, designed to reduce downtime and help devices recover from serious failures, as well as an overhaul of the all-too-familiar BSOD crash screens. |
||
|
25.7.25 |
Coyote malware abuses Windows accessibility framework for data theft |
A new variant of the banking trojan 'Coyote' has begun abusing a Windows accessibility feature, Microsoft's UI Automation framework, to identify which banking and cryptocurrency exchange sites are accessed on the device for potential credential theft. |
||
|
25.7.25 |
CISA and FBI warn of escalating Interlock ransomware attacks |
CISA and the FBI warned on Tuesday of increased Interlock ransomware activity targeting businesses and critical infrastructure organizations in double extortion attacks. |
||
|
25.7.25 |
AMEOS Group, an operator of a massive healthcare network in Central Europe, has announced it has suffered a security breach that may have exposed customer, employee, and partner information. |
|||
|
25.7.25 |
Cisco: Maximum-severity ISE RCE flaws now exploited in attacks |
Cisco is warning that three recently patched critical remote code execution vulnerabilities in Cisco Identity Services Engine (ISE) are now being actively exploited in attacks. |
||
|
25.7.25 |
The United Kingdom's government is planning to ban public sector and critical infrastructure organizations from paying ransoms after ransomware attacks. |
|||
|
25.7.25 |
Microsoft links Sharepoint ToolShell attacks to Chinese hackers |
Hackers with ties to the Chinese government have been linked to a recent wave of widespread attacks targeting a Microsoft SharePoint zero-day vulnerability chain. |
||
|
25.7.25 |
Microsoft: Windows Server KB5062557 causes cluster, VM issues |
Microsoft is asking businesses to reach out for support to mitigate a known issue causing Cluster service and VM restart issues after installing this month's Windows Server 2019 security updates. |
||
|
25.7.25 |
Intel announces end of Clear Linux OS project, archives GitHub repos |
The Clear Linux OS team has announced the shutdown of the project, marking the end of its 10-year existence in the open-source ecosystem. |
||
|
25.7.25 |
Ring is warning that a backend update bug is responsible for customers seeing a surge in unauthorized devices logged into their account on May 28th. |
|||
|
25.7.25 |
ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users' real IP addresses. |
|||
|
25.7.25 |
Dior begins sending data breach notifications to U.S. customers |
The House of Dior (Dior) is sending data breach notifications to U.S. customers informing them that a May cybersecurity incident compromised their personal information. |
||
|
25.7.25 |
Over 1,000 CrushFTP servers exposed to ongoing hijack attacks |
Over 1,000 CrushFTP instances currently exposed online are vulnerable to hijack attacks that exploit a critical security bug, providing admin access to the web interface. |
||
|
25.7.25 |
Dell confirms breach of test lab platform by World Leaks extortion group |
A newly rebranded extortion gang known as "World Leaks" breached one of Dell's product demonstration platforms earlier this month and is now trying to extort the company into paying a ransom. |
||
|
25.7.25 |
Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks |
Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks |
||
|
25.7.25 |
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available |
Critical zero-day vulnerabilities in Microsoft SharePoint, tracked as CVE-2025-53770 and CVE-2025-53771, have been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide. |
||
|
25.7.25 |
Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface. |
|||
|
25.7.25 |
Illusory Wishes: China-nexus APT Targets the Tibetan Community |
In June 2025, Zscaler ThreatLabz collaborated with TibCERT to investigate two cyberattack campaigns targeting the Tibetan community. |
||
|
25.7.25 |
Critical Mitel Flaw Lets Hackers Bypass Login, Gain Full Access to MiVoice MX-ONE Systems |
Mitel has released security updates to address a critical security flaw in MiVoice MX-ONE that could allow an attacker to bypass authentication protections. "An |
||
|
25.7.25 |
Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments |
Virtualization and networking infrastructure have been targeted by a threat actor codenamed Fire Ant as part of a prolonged cyber espionage campaign. The activity, |
||
|
25.7.25 |
CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing |
Cybersecurity researchers have shed light on a new versatile malware loader called CastleLoader that has been put to use in campaigns distributing various |
||
|
25.7.25 |
Sophos and SonicWall Patch Critical RCE Flaws Affecting Firewalls and SMA 100 Devices |
Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances that could be |
||
|
25.7.25 |
Watch This Webinar to Uncover Hidden Flaws in Login, AI, and Digital Trust — and Fix Them |
Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But |
||
|
25.7.25 |
China-Based APTs Deploy Fake Dalai Lama Apps to Spy on Tibetan Community |
The Tibetan community has been targeted by a China-nexus cyber espionage group as part of two campaigns conducted last month ahead of the Dalai Lama's 90th |
||
|
25.7.25 |
Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems |
Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targeted systems. The |
||
|
25.7.25 |
Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cybercrime Marketplace |
Europol on Monday announced the arrest of the suspected administrator of XSS.is (formerly DaMaGeLaB), a notorious Russian-speaking cybercrime platform. The |
||
|
24.7.25 |
Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access |
Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the "mu-plugins" directory in WordPress sites to grant threat actors persistent |
||
|
24.7.25 |
Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware |
The threat actor behind the exploitation of vulnerable Craft Content Management System (CMS) instances has shifted its tactics to target Magento CMS and |
||
|
24.7.25 |
New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials |
The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework called UI Automation (UIA) to |
||
|
24.7.25 |
Kerberoasting Detections: A New Approach to a Decade-Old Challenge |
Security experts have been talking about Kerberoasting for over a decade, yet this attack continues to evade typical defense methods. Why? It's because existing |
||
|
24.7.25 |
Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages |
Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply |
||
|
23.7.25 |
Disrupting active exploitation of on-premises SharePoint vulnerabilities |
On July 19, 2025, Microsoft Security Response Center (MSRC) published a blog addressing active attacks against on-premises SharePoint servers that exploit CVE-2025-49706, a spoofing vulnerability, and CVE-2025-49704, a remote code execution vulnerability. |
||
|
23.7.25 |
SharePoint Zero-Day CVE-2025-53770 Actively Exploited: What Security Teams Need to Know |
A critical zero-day vulnerability (CVE-2025-53770 ) in SharePoint on-prem is actively being exploited in the wild. |
||
|
23.7.25 |
CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws impacting SysAid IT support software to its Known Exploited |
||
|
23.7.25 |
CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its |
||
|
23.7.25 |
Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups |
Microsoft has formally tied the exploitation of security flaws in internet-facing SharePoint Server instances to two Chinese hacking groups called Linen Typhoon |
||
|
23.7.25 |
Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access |
Cisco on Monday updated its advisory of a set of recently disclosed security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) to acknowledge active exploitation. |
||
|
23.7.25 |
Credential Theft and Remote Access Surge as AllaKore, PureRAT, and Hijack Loader Proliferate |
Mexican organizations are still being targeted by threat actors to deliver a modified version of AllaKore RAT and SystemBC as part of a long-running campaign. The |
||
|
23.7.25 |
Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access |
The recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings from Check Point |
||
|
22.7.25 |
The SOC files: Rumble in the jungle or APT41’s new target in Africa |
Some time ago, Kaspersky MDR analysts detected a targeted attack against government IT services in the African region. |
||
|
22.7.25 |
Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents |
Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with the Iranian Ministry of Intelligence and Security (MOIS) and have |
||
|
22.7.25 |
China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure |
The China-linked cyber espionage group tracked as APT41 has been attributed to a new campaign targeting government IT services in the African region. "The |
||
|
22.7.25 |
PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse |
Cybersecurity researchers have disclosed a novel attack technique that allows threat actors to downgrade Fast IDentity Online ( FIDO ) key protections by |
||
|
22.7.25 |
Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks |
Microsoft on Sunday released security patches for an actively exploited security flaw in SharePoint and also disclosed details of another vulnerability that it said has |
||
|
22.7.25 |
Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access |
Hewlett-Packard Enterprise (HPE) has released security updates to address a critical security flaw affecting Instant On Access Points that could allow an attacker |
||
|
22.7.25 |
3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics |
A new attack campaign has compromised more than 3,500 websites worldwide with JavaScript cryptocurrency miners, marking the return of browser-based |
||
|
22.7.25 |
EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware |
The financially motivated threat actor known as EncryptHub (aka LARVA-208 and Water Gamayun) has been attributed to a new campaign that's targeting Web3 |
||
|
20.7.25 |
Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations |
A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign. The zero-day flaw, tracked |
||
|
20.7.25 |
Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack |
Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project |
||
|
20.7.25 |
Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers |
A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2025-54309 , the |
||
|
20.7.25 |
Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack |
A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals. |
||
|
20.7.25 |
Popular npm linter packages hijacked via phishing to drop malware |
Popular JavaScript libraries eslint-config-prettier and eslint-plugin-prettier were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. |
||
|
20.7.25 |
New CrushFTP zero-day exploited in attacks to hijack servers |
CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers. |
||
|
20.7.25 |
Arch Linux pulls AUR packages that installed Chaos RAT malware |
Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS remote access trojan (RAT) on Linux devices. |
||
|
20.7.25 |
UK ties GRU to stealthy Microsoft 365 credential-stealing malware |
The UK National Cyber Security Centre (NCSC) has formally attributed 'Authentic Antics' espionage malware attacks to APT28 (Fancy Bear), threat actor already linked to Russia's military intelligence service (GRU). |
||
|
20.7.25 |
Microsoft mistakenly tags Windows Firewall error log bug as fixed |
Microsoft has mistakenly tagged an ongoing Windows Firewall error message bug as fixed in recent updates, stating that they are still working on a resolution. |
||
|
20.7.25 |
Russian alcohol retailer WineLab closes stores after ransomware attack |
WineLab, the retail store of the largest alcohol company in Russia, has closed its stores following a cyberattack that is impacting its operations and causing purchase problems to its customers. |
||
|
20.7.25 |
New Phobos and 8base ransomware decryptor recover files for free |
The Japanese police have released a Phobos and 8-Base ransomware decryptor that lets victims recover their files for free, with BleepingComputer confirming that it successfully decrypts files. |
||
|
20.7.25 |
Hackers scanning for TeleMessage Signal clone flaw exposing passwords |
Researchers are seeing exploitation attempts for the CVE-2025-48927 vulnerability in the TeleMessage SGNL app, which allows retrieving usernames, passwords, and other sensitive data. |
||
|
20.7.25 |
Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks |
A critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed "CitrixBleed 2," was actively exploited nearly two weeks before proof-of-concept (PoC) exploits were made public, despite Citrix stating that there was no evidence of attacks. |
||
|
20.7.25 |
VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin |
VMware fixed four vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools that were exploited as zero-days during the Pwn2Own Berlin 2025 hacking contest in May 2025. |
||
|
20.7.25 |
Microsoft Teams voice calls abused to push Matanbuchus malware |
The Matanbuchus malware loader has been seen being distributed through social engineering over Microsoft Teams calls impersonating IT helpdesk. |
||
|
20.7.25 |
Google sues to disrupt BadBox 2.0 botnet infecting 10 million devices |
Google has filed a lawsuit against the anonymous operators of the Android BadBox 2.0 malware botnet, accusing them of running a global ad fraud scheme against the company's advertising platforms. |
||
|
20.7.25 |
LameHug malware uses AI LLM to craft Windows data-theft commands in real-time |
A novel malware family named LameHug is using a large language model (LLM) to generate commands to be executed on compromised Windows systems. |
||
|
20.7.25 |
Cryptocurrency exchange BigONE announced that it suffered a security breach, in which hackers stole various digital assets valued at $27 million. |
|||
|
20.7.25 |
Chinese hackers breached National Guard to steal network configurations |
The Chinese state-sponsored hacking group known as Salt Typhoon breached and remained undetected in a U.S. Army National Guard network for nine months in 2024, stealing network configuration files and administrator credentials that could be used to compromise other government networks. |
||
|
20.7.25 |
Max severity Cisco ISE bug allows pre-auth command execution, patch now |
A critical vulnerability (CVE-2025-20337) in Cisco's Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root privileges on vulnerable devices. |
||
|
20.7.25 |
Co-op confirms data of 6.5 million members stolen in cyberattack |
UK retailer Co-op has confirmed that personal data of 6.5 million members was stolen in the massive cyberattack in April that shut down systems and caused food shortages in its grocery stores. |
||
|
20.7.25 |
U.S. Army soldier pleads guilty to extorting 10 tech, telecom firms |
A 21-year old former U.S. Army soldier pleaded guilty to charges of hacking and extorting at least ten telecommunications and technology companies in the country. |
||
|
20.7.25 |
Louis Vuitton says regional data breaches tied to same cyberattack |
Luxury fashion giant Louis Vuitton confirmed that breaches impacting customers in the UK, South Korea, and Turkey stem from the same security incident, which is believed to be linked to the ShinyHunters extortion group. |
||
|
20.7.25 |
Cloudflare says 1.1.1.1 outage not caused by attack or BGP hijack |
To quash speculation of a cyberattack or BGP hijack incident causing the recent 1.1.1.1 Resolver service outage, Cloudflare explains in a post mortem that the incident was caused by an internal misconfiguration. |
||
|
20.7.25 |
SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomware |
A threat actor has been deploying a previously unseen malware called OVERSTEP that modifies the boot process of fully-patched but no longer supported SonicWall Secure Mobile Access appliances. |
||
|
20.7.25 |
New Fortinet FortiWeb hacks likely linked to public RCE exploits |
Multiple Fortinet FortiWeb instances recently infected with web shells are believed to have been compromised using public exploits for a recently patched remote code execution (RCE) flaw tracked as CVE-2025-25257. |
||
|
19.7.25 |
SophosAI at Black Hat USA ’25: Anomaly detection betrayed us, so we gave it |
Sophos’ Ben Gelman and Sean Bergeron will present their research on enhancing command line classification with benign anomalous data at Las Vegas |
||
|
19.7.25 |
FortiGuard Labs analyzes NailaoLocker ransomware, a unique variant using SM2 encryption and a built-in decryption function. Learn how it works, why it matters, and how Fortinet protects against it. |
|||
|
19.7.25 |
Improving Cloud Intrusion Detection and Triage with FortiCNAPP Composite |
FortiCNAPP Composite Alerts link weak signals into clear timelines—helping security teams detect cloud-native threats earlier and triage them faster. |
||
|
19.7.25 |
FortiCNAPP Labs uncovers Lcrypt0rx, a likely AI-generated ransomware variant used in updated H2Miner campaigns targeting cloud resources for Monero mining. |
|||
|
19.7.25 |
How FortiSandbox 5.0 Detects Dark 101 Ransomware Despite Evasion Techniques |
Discover how FortiSandbox 5.0 detects Dark 101 ransomware, even with sandbox evasion tactics. Learn how advanced behavioral analysis blocks file encryption, system tampering, and ransom note deployment. |
||
|
19.7.25 |
|
Check Point Research identifies how the new social engineering technique, FileFix, is being actively tested ... |
||
|
19.7.25 |
|
Global Attacks Continued to Rise, But the Details Tell a Bigger Story Every quarter, Check ... |
||
|
19.7.25 |
CSA Issues Alert on Critical VMware Vulnerabilities: Patch Now, Experts Warn |
Singapore’s Cyber Security Agency alerts critical VMware flaws risking code execution and data leaks. |
||
|
19.7.25 |
Cyble analyzes "Scanception", an ongoing quishing campaign using QR codes in PDFs to bypass security, harvest credentials, and evade detection systems. |
|||
|
19.7.25 |
Australia adopts AS IEC 62443 to secure OT systems and critical infrastructure, aligning with its national cyber strategy and six-shield cybersecurity framework. |
|||
|
19.7.25 |
Cyble’s weekly report reveals 17 critical vulnerabilities, rising IoT attacks, and active malware campaigns targeting global IT infrastructure. |
|||
|
19.7.25 |
Fancy Bear, also known as APT28, is a notorious Russian cyberespionage group with a long history of targeting governments, military entities, and other high-value |
|||
|
19.7.25 |
CVE-2025-5777 – Pre-Auth Memory Leak in Citrix NetScaler (CitrixBleed 2) |
EXECUTIVE SUMMARY CVE‑2025‑5777 is a critical information disclosure vulnerability in Citrix NetScaler ADC and Gateway appliances, caused by unsafe memory handling in the |
||
|
19.7.25 |
Android Cryptojacker Disguised as Banking App Exploits Device Lock State |
The global craze around cryptocurrency has fueled both innovation and exploitation. While many legally chase digital gold, cybercriminals hijack devices to mine it covertly. Recently, we encountered a phishing website impersonating a well-known bank, hosting a fake Android app.... |
||
|
19.7.25 |
Vulnerabilities in Netgear Firmware-Based IoT Devices In The Enterprise |
Netgear (and similar) devices, such as IoT routers, have remained a significant target for vulnerability research and exploitation. This is due to their widespread use in both consumer and enterprise environments, their role as network edge devices, and the persistent challenge of securing firmware and managing patches. With over 500 security advisories released by Netgear, the scale of the problem is undeniable. |
||
|
19.7.25 |
Securing Tomorrow: An Interview with Trend Micro VP of Product Management Michael Habibi |
Proactive security in a rapidly evolving threat landscape |
||
|
19.7.25 |
CISA's NIMBUS 2000 Initiative: Understanding Key Findings and Strengthening Cloud Identity Security |
This blog explores key findings from CISA’s NIMBUS 2000 Cloud Identity Security Technical Exchange and how Trend Vision One™ Cloud Security aligns with these priorities. It highlights critical challenges in token validation, secrets management, and logging visibility—offering insights into how integrated security solutions can help organizations strengthen their cloud identity defenses and meet evolving federal standards. |
||
|
19.7.25 |
A zero-click exploit called EchoLeak reveals how AI assistants like Microsoft 365 Copilot can be manipulated to leak sensitive data without user interaction. This entry breaks down how the attack works, why it matters, and what defenses are available to proactively mitigate this emerging AI-native threat. |
|||
|
19.7.25 |
The SonicWall Capture Labs threat research team became aware of an open redirect vulnerability in Wing FTP Server, assessed its impact and developed mitigation measures. Wing FTP Server is a cross-platform FTP server software available for Windows, Linux, and macOS. It supports a range of protocols, including FTP, FTPS, HTTP, HTTPS, and SFTP, making it a flexible choice for secure file transfers. |
|||
|
19.7.25 |
Ransomware Delivered Through GitHub: A PowerShell-Powered Attack |
Recently, the SonicWall Capture Labs threat research team identified a PowerShell-based ransomware variant that is abusing GitHub for its distribution. The malware authors are misusing raw.githubusercontent[.]com, a GitHub domain used to host raw content of unprocessed file versions. |
||
|
19.7.25 |
This week, the SonicWall Capture Labs threat research team analyzed a sample of RisePro malware. This is a Malware-as-a-Service family that excels in stealing data, especially related to cryptocurrency wallets. It is a multi-stage executable with layers of obfuscation, indirect API calls and extensive evasion capabilities in the form of dynamically built file types and process monitoring. |
|||
|
19.7.25 |
Since late 2024, Unit 42 researchers have been tracking a cluster of suspicious activity as CL-STA-1020, targeting governmental entities in Southeast Asia. The threat actors behind this cluster of activity have been collecting sensitive information from government agencies, including information about recent tariffs and trade disputes. |
|||
|
19.7.25 |
Talos IR ransomware engagements and the significance of timeliness in incident response |
The decision between immediate action and delayed response made the difference between ransomware prevention and complete encryption in these two real-world Talos IR engagements. |
||
|
19.7.25 |
This week, Martin shows how stepping away from the screen can make you a stronger defender, alongside an inside scoop on emerging malware threats. |
|||
|
19.7.25 |
MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities |
Cisco Talos uncovered a stealthy Malware-as-a-Service (MaaS) operation that used fake GitHub accounts to distribute a variety of dangerous payloads and evade security defenses. |
||
|
19.7.25 |
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities each in Asus Armoury Crate and Adobe Acrobat products. |
|||
|
19.7.25 |
ESET researchers map out the labyrinthine relationships among the vast hierarchy of AsyncRAT variants |
|||
|
19.7.25 |
This month we dig into the CVE targeting volumes and trending observed in June 2025. We present a breakdown of the exploits targeting this month’s CVE with the largest upswing in activity: CVE-2023-1389 (TP-Link AX21). |
|||
|
19.7.25 |
BlackSuit: A Hybrid Approach with Data Exfiltration and Encryption |
In this Threat Analysis Report, Cybereason investigates a recently observed BlackSuit ransomware attack and the tools and techniques the threat actors used. |
||
|
19.7.25 |
Detecting and Visualizing Lateral Movement Attacks with Trellix Helix Connect |
This blog marks the third installment in our series on detecting and visualizing lateral movement attacks with Trellix Helix Connect. |
||
|
19.7.25 |
Threat Analysis: SquidLoader - Still Swimming Under the Radar |
A new wave of SquidLoader malware samples are actively targeting financial services institutions in Hong Kong. This sophisticated malware exhibits significant evasion capabilities, achieving near-zero detection rates on VirusTotal at the time of analysis. |
||
|
19.7.25 |
China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones |
Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that's used by law enforcement authorities in China to gather |
||
|
19.7.25 |
UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns |
Multiple sectors in China, Hong Kong, and Pakistan have become the target of a threat activity cluster tracked as UNG0002 (aka Unknown Group 0002) as part of a |
||
|
19.7.25 |
Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks |
Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting |
||
|
18..25 |
Europol disrupts pro-Russian NoName057(16) DDoS hacktivist group |
An international law enforcement operation dubbed "Operation Eastwood" has targeted the infrastructure of the pro-Russian hacktivist group NoName057(16), responsible for distributed denial-of-service (DDoS) attacks across Europe and the US. |
||
|
18.7.25 |
Google fixes actively exploited sandbox escape zero day in Chrome |
Google has released a security update for Chrome to address half a dozen vulnerabilities, one of them actively exploited by attackers to escape the browser's sandbox protection. |
||
|
18.7.25 |
Abacus dark web drug market goes offline in suspected exit scam |
Abacus Market, the largest Western darknet marketplace supporting Bitcoin payments, has shut down its public infrastructure in a move suspected to be an exit scam. |
||
|
18.7.25 |
Windows KB5064489 emergency update fixes Azure VM launch issues |
Microsoft has released an emergency update to fix a bug that prevents Azure virtual machines from launching when the Trusted Launch setting is disabled and Virtualization-Based Security (VBS) is enabled. |
||
|
18.7.25 |
North Korean XORIndex malware hidden in 67 malicious npm packages |
North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems. |
||
|
18.7.25 |
Police disrupt “Diskstation” ransomware gang attacking NAS devices |
Police disrupt “Diskstation” ransomware gang attacking NAS devices |
||
|
18.7.25 |
Android malware Konfety uses malformed APKs to evade detection |
A new variant of the Konfety Android malware emerged with a malformed ZIP structure along with other obfuscation methods that allow it to evade analysis and detection. |
||
|
18.7.25 |
UK launches vulnerability research program for external experts |
UK's National Cyber Security Centre (NCSC) has announced a new Vulnerability Research Initiative (VRI) that aims to strengthen relations with external cybersecurity experts. |
||
|
18.7.25 |
Interlock ransomware adopts new FileFix attack to push malware |
Hackers have adopted the new technique called 'FileFix' in Interlock ransomware attacks to drop a remote access trojan (RAT) on targeted systems. |
||
|
18.7.25 |
Gigabyte motherboards vulnerable to UEFI malware bypassing Secure Boot |
Dozens of Gigabyte motherboard models run on UEFI firmware vulnerable to security issues that allow planting bootkit malware that is invisible to the operating system and can survive reinstalls. |
||
|
18.7.25 |
Malicious VSCode extension in Cursor IDE led to $500K crypto theft |
A fake extension for the Cursor AI IDE code editor infected devices with remote access tools and infostealers, which, in one case, led to the theft of $500,000 in cryptocurrency from a Russian crypto developer. |
||
|
18.7.25 |
Windows 10 KB5062554 update breaks emoji panel search feature |
The search feature for the Windows 10 emoji panel is broken after installing the KB5062554 cumulative update released Tuesday, making it not possible to look up emojis by name or keyword |
||
|
18.7.25 |
Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links. |
|||
|
18.7.25 |
Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services |
Cybersecurity researchers have disclosed a critical container escape vulnerability in the NVIDIA Container Toolkit that could pose a severe threat to managed AI cloud |
||
|
18.7.25 |
CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign |
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a phishing campaign that's designed to deliver a malware codenamed |
||
|
18.7.25 |
Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices |
Google on Thursday revealed it's pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX |
||
|
18.7.25 |
From Backup to Cyber Resilience: Why IT Leaders Must Rethink Backup in the Age of Ransomware |
With IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing up data to maintaining operations during an incident. One of the key |
||
|
18.7.25 |
Hackers Use GitHub Repositories to Host Amadey Malware and Data Stealers, Bypassing Filters |
Threat actors are leveraging public GitHub repositories to host malicious payloads and distribute them via Amadey as part of a campaign observed in April 2025. "The |
||
|
18.7.25 |
Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner |
Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryptocurrency miner |
||
|
17.7.25 |
Phish and Chips: China-Aligned Espionage Actors Ramp Up Taiwan Semiconductor Industry Targeting |
Between March and June 2025, Proofpoint Threat Research observed three Chinese state-sponsored threat actors conduct targeted phishing campaigns against the Taiwanese semiconductor industry. In all cases, the motive was most likely espionage. |
||
|
17.7.25 |
From a Teams Call to a Ransomware Threat: Matanbuchus 3.0 MaaS Levels Up |
Matanbuchus is a malware loader that has been available as a Malware-as-a-Service (MaaS) since 2021. |
||
|
17.7.25 |
Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor |
Google Threat Intelligence Group (GTIG) has identified an ongoing campaign by a suspected financially-motivated threat actor we track as UNC6148, targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances |
||
|
17.7.25 |
Semperis Security Researcher Adi Malyanker found a critical design flaw in delegated Managed Service Accounts (dMSAs) introduced in Windows Server 2025. |
|||
|
17.7.25 |
Konfety Returns: Classic Mobile Threat with New Evasion Techniques |
As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team has been actively tracking a new, sophisticated variant of a well-known malware previously reported by Human. |
||
|
17.7.25 |
Europol Disrupts NoName057(16) Hacktivist Group Linked to DDoS Attacks Against Ukraine |
An international operation coordinated by Europol has disrupted the infrastructure of a pro-Russian hacktivist group known as NoName057(16) that has been linked to |
||
|
17.7.25 |
Chinese Hackers Target Taiwan's Semiconductor Sector with Cobalt Strike, Custom Backdoors |
The Taiwanese semiconductor industry has become the target of spear-phishing campaigns undertaken by three Chinese state-sponsored threat actors. "Targets of |
||
|
17.7.25 |
Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code |
Cisco has disclosed a new maximum-severity security vulnerability impacting Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) |
||
|
17.7.25 |
Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms |
Cybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to enhance its stealth and |
||
|
17.7.25 |
UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit |
A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances as part of a |
||
|
17.7.25 |
Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access |
Cybersecurity researchers have disclosed what they say is a "critical design flaw" in delegated Managed Service Accounts (dMSAs) introduced in Windows Server 2025. |
||
|
17.7.25 |
New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code |
Cybersecurity researchers have discovered a new, sophisticated variant of a known Android malware referred to as Konfety that leverages the evil twin technique to |
||
|
17.7.25 |
Deepfakes. Fake Recruiters. Cloned CFOs — Learn How to Stop AI-Driven Attacks in Real Time |
Social engineering attacks have entered a new era—and they're coming fast, smart, and deeply personalized. It's no longer just suspicious emails in your spam folder. |
||
|
17.7.25 |
Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild |
Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild. The high-severity |
||
|
17.7.25 |
Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act |
Google on Tuesday revealed that its large language model (LLM)-assisted vulnerability discovery framework discovered a security flaw in the SQLite open- |
||
|
16.7.25 |
On June 2, 2025, EclecticIQ analysts observed the emergence of GLOBAL GROUP, a new Ransomware-as-a-Service (RaaS) brand promoted on the Ramp4u forum by the threat actor known as “$$$”. |
|||
|
16.7.25 |
ESET researchers map out the labyrinthine relationships among the vast hierarchy of AsyncRAT variants |
|||
|
16.7.25 |
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader |
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader. |
||
|
16.7.25 |
Safety’s malicious package detection identified a malicious npm package today named express-exp. This package was brand new, and had only one version, 1.0.1. |
|||
|
16.7.25 |
Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors |
Cloudflare on Tuesday said it mitigated 7.3 million distributed denial-of-service (DDoS) attacks in the second quarter of 2025, a significant drop from 20.5 million |
||
|
16.7.25 |
Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools |
Cybersecurity researchers have shed light on a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP that has targeted a wide range of sectors |
||
|
16.7.25 |
State-Backed HazyBeacon Malware Uses AWS Lambda to Steal Data from SE Asian Governments |
Governmental organizations in Southeast Asia are the target of a new campaign that aims to collect sensitive information by means of a previously undocumented |
||
|
16.7.25 |
AsyncRAT's Open-Source Code Sparks Surge in Dangerous Malware Variants Across the Globe |
Cybersecurity researchers have charted the evolution of a widely used remote access trojan called AsyncRAT , which was first released on GitHub in January 2019 and has since served as the foundation for several other variants. |
||
|
16.7.25 |
North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign |
The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, |
||
|
15.7.25 |
New PHP-Based Interlock RAT Variant Uses FileFix Delivery Mechanism to Target Multiple Industries |
Threat actors behind the Interlock ransomware group have unleashed a new PHP variant of its bespoke remote access trojan (RAT) as part of a widespread |
||
|
15.7.25 |
CBI Shuts Down £390K U.K. Tech Support Scam, Arrests Key Operatives in Noida Call Center |
India's Central Bureau of Investigation (CBI) has announced that it has taken steps to dismantle what it said was a transnational cybercrime syndicate that carried out |
||
|
15.7.25 |
eSIM Vulnerability in Kigen's eUICC Cards Exposes Billions of IoT Devices to Malicious Attacks |
Cybersecurity researchers have discovered a new hacking technique that exploits weaknesses in the eSIM technology used in modern smartphones, exposing users |
||
|
13.7.25 |
Hackers have started to exploit a critical remote code execution vulnerability in Wing FTP Server just one day after technical details on the flaw became public. |
|||
|
13.7.25 |
'123456' password exposed chats for 64 million McDonald’s job chatbot applications |
Cybersecurity researchers discovered a vulnerability in McHire, McDonald's chatbot job application platform, that exposed the chats of more than 64 million job applications across the United States. |
||
|
13.7.25 |
Exploits for pre-auth Fortinet FortiWeb RCE flaw released, patch now |
Proof-of-concept exploits have been released for a critical SQLi vulnerability in Fortinet FortiWeb that can be used to achieve pre-authenticated remote code execution on vulnerable servers. |
||
|
13.7.25 |
WordPress Gravity Forms developer hacked to push backdoored plugins |
The popular WordPress plugin Gravity Forms has been compromised in what seems a supply-chain attack where manual installers from the official website were infected with a backdoor. |
||
|
13.7.25 |
NVIDIA shares guidance to defend GDDR6 GPUs against Rowhammer attacks |
NVIDIA is warning users to activate System Level Error-Correcting Code mitigation to protect against Rowhammer attacks on graphical processors with GDDR6 memory. |
||
|
13.7.25 |
The zero-day that could've compromised every Cursor and Windsurf user |
Learn how one overlooked flaw in OpenVSX discovered by Koi Secureity could've let attackers hijack millions of dev machines via an extension supply chain attack. The zero-day threat's been patched—but the wake-up call is clear: extensions are a new, massive supply chain risk. |
||
|
13.7.25 |
CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch |
The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes. |
||
|
13.7.25 |
Windows 11 now uses JScript9Legacy engine for improved security |
Microsoft announced that it has replaced the default scripting engine JScript with the newer and more secure JScript9Legacy on Windows 11 version 24H2 and later. |
||
|
13.7.25 |
Russian pro basketball player arrested for alleged role in ransomware attacks |
Russian professional basketball player Daniil Kasatkin was arrested in France at the request of the United States for allegedly acting as a negotiator for a ransomware gang. |
||
|
13.7.25 |
PerfektBlue Bluetooth flaws impact Mercedes, Volkswagen, Skoda cars |
Four vulnerabilities dubbed PerfektBlue and affecting the BlueSDK Bluetooth stack from OpenSynergy can be exploited to achieve remote code execution and potentially allow access to critical elements in vehicles from multiple vendors, including Mercedes-Benz AG, Volkswagen, and Skoda. |
||
|
13.7.25 |
FBI's CJIS demystified: Best practices for passwords, MFA & access control |
FBI's Criminal Justice Information Services (CJIS) compliance isn't optional when handling law enforcement data. From MFA to password hygiene, see how Specops Software helps meet FBI standards while also securing your Windows Active Directory. |
||
|
13.7.25 |
The UK's National Crime Agency (NCA) arrested four people suspected of being involved in cyberattacks on major retailers in the country, including Marks & Spencer, Co-op, and Harrods. |
|||
|
13.7.25 |
Microsoft Authenticator on iOS moves backups fully to iCloud |
Microsoft is rolling out a new backup system in September for its Authenticator app on iOS, removing the requirement to use a Microsoft personal account to back up TOTP secrets and account names. |
||
|
13.7.25 |
Microsoft confirms Windows Server Update Services (WSUS) sync is broken |
Microsoft has confirmed a widespread issue in Windows Server Update Services (WSUS) that prevents organizations from syncing with Microsoft Update and deploying the latest Windows updates. |
||
|
13.7.25 |
Australian airline Qantas has confirmed that 5.7 million people have been impacted by a recent data breach, in which threat actors stole customers' data. |
|||
|
13.7.25 |
Google reveals details on Android’s Advanced Protection for Chrome |
Google is sharing more information on how Chrome operates when Android mobile users enable Advanced Protection, highlighting strong security improvements. |
||
|
13.7.25 |
Bitcoin Depot breach exposes data of nearly 27,000 crypto users |
Bitcoin Depot, an operator of Bitcoin ATMs, is notifying customers of a data breach incident that has exposed their sensitive information. |
||
|
13.7.25 |
Ruckus Networks leaves severe flaws unpatched in management devices |
Multiple vulnerabilities that remain unpatched in Ruckus Wireless management products could be exploited to fully compromise the network environment they serve. |
||
|
13.7.25 |
Ingram Micro starts restoring systems after ransomware attack |
Ingram Micro has begun restoring systems and business services after suffering a massive SafePay ransomware attack right before the July 4th holiday. |
||
|
13.7.25 |
Treasury sanctions North Korean over IT worker malware scheme |
The U.S. Department of the Treasury sanctioned cyber actor Song Kum Hyok for his association with North Korea's hacking group Andariel and for facilitating IT worker schemes that generated revenue for the Pyongyang regime. |
||
|
13.7.25 |
New ServiceNow flaw lets attackers enumerate restricted data |
A new vulnerability in ServiceNow, dubbed Count(er) Strike, allows low-privileged users to extract sensitive data from tables to which they should not have access. |
||
|
13.7.25 |
Samsung announces major security enhancements coming to One UI 8 |
Samsung has announced multiple data security and privacy enhancements for its upcoming Galaxy smartphones running One UI 8, its custom user interface on top of Android. |
||
|
12.7.25 |
Exploiting Public APP_KEY Leaks to Achieve RCE in Hundreds of Laravel Applications |
Laravel APP_KEY leaks enable RCE via deserialization attacks. Collaboration with Synacktiv scaled findings to 600 vulnerable applications using 260K exposed keys from GitHub. Analysis reveals 35% of exposures coincide with other critical secrets including database, cloud tokens, and API credentials. |
||
|
12.7.25 |
GPUHammer: New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs |
NVIDIA is urging customers to enable System-level Error Correction Codes (ECC) as a defense against a variant of a RowHammer attack demonstrated against its |
||
|
12.7.25 |
Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub |
Cybersecurity researchers have discovered a serious security issue that allows leaked Laravel APP_KEYs to be weaponized to gain remote code execution |
||
|
12.7.25 |
Since early June 2025, Arctic Wolf has observed a search engine optimisation (SEO) poisoning and malvertising campaign promoting malicious websites hosting Trojanized versions of legitimate IT tools such as PuTTY and WinSCP. |
|||
|
12.7.25 |
Black Hat SEO Poisoning Search Engine Results For AI | ThreatLabz |
Zscaler ThreatLabz researchers recently uncovered AI-themed websites designed to spread malware. The threat actors behind these attacks are exploiting the popularity of AI tools like ChatGPT and Luma AI. |
||
|
12.7.25 |
Analysis of TAG-140 Campaign and DRAT V2 Development Targeting Indian Government Organizations |
During an investigation into a recent TAG-140 campaign targeting Indian government organizations, Insikt Group identified a modified variant of the DRAT remote access trojan (RAT), which we designated as DRAT V2. |
||
|
12.7.25 |
Crypto Wallets Continue to be Drained in Elaborate Social Media Scam |
Darktrace’s latest research reveals that an evolving social engineering campaign continues to target cryptocurrency users through fake startup companies. |
||
|
12.7.25 |
Count(er) Strike – Data Inference Vulnerability in ServiceNow |
Varonis Threat Labs discovered a high severity vulnerability in ServiceNow’s platform that can lead to significant data exposure and exfiltration. |
||
|
12.7.25 |
GoldMelody’s Hidden Chords: Initial Access Broker In-Memory IIS Modules Revealed |
Unit 42 researchers uncovered a campaign by an initial access broker (IAB) to exploit leaked Machine Keys — cryptographic keys used on ASP.NET sites — to gain access to targeted organizations. IABs breach organizations and then sell that access to other threat actors. |
||
|
12.7.25 |
Pay2Key’s Resurgence: Iranian Cyber Warfare Targets the West |
In the volatile aftermath of the Israel-Iran-USA conflict, a sophisticated cyber threat has re-emerged, targeting organizations across the West. |
||
|
12.7.25 |
ETHcode, a VS Code extension for Ethereum smart contract development, was compromised following a GitHub pull request. |
|||
|
12.7.25 |
As clashes continue in the Middle East, who are the cyber actors to be aware of? |
|||
|
12.7.25 |
Hacktivist Attacks on Critical Infrastructure Grow as New Groups Emerge |
Hacktivists are increasingly targeting critical infrastructure, data breaches, and other more sophisticated attack types. |
||
|
12.7.25 |
Phishing, Pivots, and Persistence: A Look into Japan’s Q1 2025 Cyber Threat Landscape |
JPCERT’s Q1 2025 report reveals a 10% rise in cyber incidents, with phishing making up 87% of confirmed cases. |
||
|
12.7.25 |
Ongoing Phishing Campaign Utilizes LogoKit for Credential Harvesting |
CRIL analyzes an ongoing LogoKit phishing campaign that pulls brand assets from Clearbit and Google Favicon. |
||
|
12.7.25 |
Recently, we encountered continuous integration (CI) build failures in two of our microservices, caused by Java unit tests. |
|||
|
12.7.25 |
Explore how AI is changing the cat-and-mouse dynamic of cybersecurity, from cracking obfuscation and legacy languages to challenging new malware built with Flutter, Rust, and Delphi. |
|||
|
12.7.25 |
EXECUTIVE SUMMARY In June 2025, ransomware attacks targeted critical industries such as professional services, healthcare, and information technology, exploiting their |
|||
|
12.7.25 |
EXECUTIVE SUMMARY RenderShock is a comprehensive zero-click attack strategy that targets passive file preview, indexing, and automation behaviours in modern operating systems and enterprise environments. It leverages built-in trust |
|||
|
12.7.25 |
EXECUTIVE SUMMARY At CYFIRMA, we continuously monitor and investigate emerging cyber threats targeting both organizations and individuals. In this report, we analysed a |
|||
|
12.7.25 |
Microsoft’s July 2025 Patch Tuesday has 127 vulnerabilities, 53 of which are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2025 and has produced coverage for 12 of the reported vulnerabilities. |
|||
|
12.7.25 |
Unauthenticated File Upload-to-RCE in VvvebJs (CVE-2024-29272) |
The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-29272, assessed its impact and developed mitigation measures for this vulnerability. |
||
|
12.7.25 |
Ransomware Delivered Through GitHub: A PowerShell-Powered Attack |
Recently, the SonicWall Capture Labs threat research team identified a PowerShell-based ransomware variant that is abusing GitHub for its distribution. |
||
|
12.7.25 |
Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques |
In late 2024, we discovered a malware variant related to the SLOW#TEMPEST campaign. In this research article, we explore the obfuscation techniques employed by the malware authors. We deep dive into these malware samples and highlight methods and code that can be used to detect and defeat the obfuscation techniques. |
||
|
12.7.25 |
GoldMelody’s Hidden Chords: Initial Access Broker In-Memory IIS Modules Revealed |
Unit 42 researchers uncovered a campaign by an initial access broker (IAB) to exploit leaked Machine Keys — cryptographic keys used on ASP.NET sites — to gain access to targeted organizations. IABs breach organizations and then sell that access to other threat actors. |
||
|
12.7.25 |
In this article, we share hunting tips and mitigation strategies for ClickFix campaigns and provide an inside view of some of the most prominent ClickFix campaigns we have seen so far in 2025: |
|||
|
11.7.25 |
BERT Ransomware Group Targets Asia and Europe on Multiple Platforms |
BERT is a newly emerged ransomware group that pairs simple code with effective execution—carrying out attacks across Europe and Asia. In this entry, we examine the group’s tactics, how their variants have evolved, and the tools they use to get past defenses and speed up encryption across platforms. |
||
|
11.7.25 |
Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack |
In March 2025, Apache disclosed CVE-2025-24813, a vulnerability impacting Apache Tomcat. This is a widely used platform that allows Apache web servers to run Java-based web applications. The flaw allows remote code execution, affecting Apache Tomcat versions 9.0.0.M1 to 9.0.98, 10.1.0-M1 to 10.1.34 and 11.0.0-M1 to 11.0.2. |
||
|
11.7.25 |
BlackSuit: A Hybrid Approach with Data Exfiltration and Encryption |
In this Threat Analysis Report, Cybereason investigates a recently observed BlackSuit ransomware attack and the tools and techniques the threat actors used. |
||
|
11.7.25 |
The DoNot APT group, also identified by various security vendors as APT-C-35, Mint Tempest, Origami Elephant, SECTOR02, and Viceroy Tiger, has been active since at least 2016, and has been attributed by several vendors to have links to India. |
|||
|
11.7.25 |
M&S confirms social engineering led to massive ransomware attack |
M&S confirmed today that the retail outlet's network was initially breached in a "sophisticated impersonation attack" that ultimately led to a DragonForce ransomware attack. |
||
|
11.7.25 |
New Android TapTrap attack fools users with invisible UI trick |
A novel tapjacking technique can exploit user interface animations to bypass Android's permission system and allow access to sensitive data or trick users into performing destructive actions, such as wiping the device. |
||
|
11.7.25 |
Windows 10 KB5062554 cumulative update released with 13 changes, fixes |
Microsoft has released the KB5062554 cumulative update for Windows 10 22H2 and Windows 10 21H2, with thirteen new fixes or changes. |
||
|
11.7.25 |
Windows 11 KB5062553 & KB5062552 cumulative updates released |
Microsoft has released Windows 11 KB5062553 and KB5062552 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. |
||
|
11.7.25 |
Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws |
Today is Microsoft's July 2025 Patch Tuesday, which includes security updates for 137 flaws, including one publicly disclosed zero-day vulnerability in Microsoft SQL Server. |
||
|
11.7.25 |
Android malware Anatsa infiltrates Google Play to target US banks |
The Anatsa banking trojan has sneaked into Google Play once more via an app posing as a PDF viewer that counted more than 50,000 downloads. |
||
|
11.7.25 |
Overcoming Technical Barriers in Desktop and Application Virtualization |
Exposed RDP ports are an open door for attackers. TruGrid SecureRDP enforces Zero Trust and MFA, blocks lateral movement, and secures remote access—no open firewall ports required. Learn more and get a free trial. |
||
|
11.7.25 |
Malicious Chrome extensions with 1.7M installs found on Web Store |
Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. |
||
|
11.7.25 |
Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage |
A Chinese national was arrested in Milan, Italy, last week for allegedly being linked to the state-sponsored Silk Typhoon hacking group, which responsible for cyberattacks against American organizations and government agencies. |
||
|
11.7.25 |
Public exploits released for Citrix Bleed 2 NetScaler flaw, patch now |
Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens. |
||
|
11.7.25 |
Employee gets $920 for credentials used in $140 million bank heist |
Hackers stole nearly $140 million from six banks in Brazil by using an employee's credentials from C&M, a company that offers financial connectivity solutions. |
||
|
11.7.25 |
Atomic macOS infostealer adds backdoor for persistent attacks |
Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as 'AMOS') that comes with a backdoor, to attackers persistent access to compromised systems. |
||
|
11.7.25 |
Qantas has confirmed that it is now being extorted by threat actors following a cyberattack that potentially exposed the data for 6 million customers. |
|||
|
11.7.25 |
'Batavia' Windows spyware campaign targets dozens of Russian orgs |
A previously undocumented spyware called 'Batavia' has been targeting large industrial enterprises in Russia in a phishing email campaign that uses contract-related lures. |
||
|
11.7.25 |
Hackers abuse leaked Shellter red team tool to deploy infostealers |
Shellter Project, the vendor of a commercial AV/EDR evasion loader for penetration testing, confirmed that hackers used its Shellter Elite product in attacks after a customer leaked a copy of the software. |
||
|
11.7.25 |
Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257) |
Fortinet has released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on |
||
|
11.7.25 |
PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution |
Cybersecurity researchers have discovered a set of four security flaws in OpenSynergy's BlueSDK Bluetooth stack that, if successfully exploited, could allow |
||
|
11.7.25 |
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild |
A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress. The |
||
|
11.7.25 |
Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals |
An Iranian-backed ransomware-as-a-service (RaaS) named Pay2Key has resurfaced in the wake of the Israel-Iran-U.S. conflict last month, offering bigger payouts to |
||
|
11.7.25 |
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its |
||
|
11.7.25 |
Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads |
Cybersecurity researchers have discovered a critical vulnerability in the open-source mcp-remote project that could result in the execution of arbitrary operating system |
||
|
10.7.25 |
Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord |
Cryptocurrency users are the target of an ongoing social engineering campaign that employs fake startup companies to trick users into downloading malware that can |
||
|
10.7.25 |
Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods |
The U.K. National Crime Agency (NCA) on Thursday announced that four people have been arrested in connection with cyber attacks targeting major retailers Marks |
||
|
10.7.25 |
New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App |
Cybersecurity researchers have discovered new artifacts associated with an Apple macOS malware called ZuRu, which is known to propagate via trojanized versions |
||
|
10.7.25 |
AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs |
Semiconductor company AMD is warning of a new set of vulnerabilities affecting a broad range of chipsets that could lead to information disclosure. The flaws, |
||
|
10.7.25 |
ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs |
A high-severity security flaw has been disclosed in ServiceNow's platform that, if successfully exploited, could result in data exposure and exfiltration. The |
||
|
10.7.25 |
Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets |
The Initial Access Broker (IAB) known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized |
||
|
10.7.25 |
DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware |
A threat actor with suspected ties to India has been observed targeting a European foreign affairs ministry with malware capable of harvesting sensitive data from |
||
|
9.7.25 |
U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme |
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for |
||
|
9.7.25 |
Chinese Hacker Xu Zewei Arrested for Ties to Silk Typhoon Group and U.S. Cyber Attacks |
A Chinese national has been arrested in Milan, Italy, for his alleged links to a state-sponsored hacking group known as Silk Typhoon and for carrying out cyber attacks |
||
|
9.7.25 |
Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server |
For the first time in 2025, Microsoft's Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but the company acknowledged one of the |
||
|
9.7.25 |
Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware |
In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming |
||
|
9.7.25 |
Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play |
Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using |
||
|
8.7.25 |
Malicious Pull Request Infects 6,000+ Developers via Vulnerable Ethcode VS Code Extension |
Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a |
||
|
8.7.25 |
RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks |
Cybersecurity researchers are calling attention to a malware campaign that's targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers |
||
|
8.7.25 |
Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms |
Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia. The activity, |
||
|
8.7.25 |
CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, citing |
||
|
8.7.25 |
SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools |
Cybersecurity researchers have disclosed a malicious campaign that leverages search engine optimization ( SEO ) poisoning techniques to deliver a known |
||
|
8.7.25 |
TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors |
A hacking group with ties other than Pakistan has been found targeting Indian government organizations with a modified variant of a remote access trojan (RAT) |
||
|
6.7.25 |
An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned. |
|||
|
6.7.25 |
Ingram Micro suffers global outage as internal systems inaccessible |
IT giant Ingram Micro is experiencing a global outage that is impacting its websites and internal systems, with customers concerned that it may be a cyberattack after the company remains silent on the cause of the issues. |
||
|
6.7.25 |
Hacker leaks Telefónica data allegedly stolen in a new breach |
A hacker is threatening to leak 106GB of data allegedly stolen from Spanish telecommunications company Telefónica in a breach that the company did not acknowledge. |
||
|
6.7.25 |
Police dismantles investment fraud ring stealing €10 million |
The Spanish police have dismantled a large-scale investment fraud operation based in the country, which has caused cumulative damages exceeding €10 million ($11.8M). |
||
|
6.7.25 |
Grafana releases critical security update for Image Renderer plugin |
Grafana Labs has addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent. |
||
|
5.7.25 |
IdeaLab is notifying individuals impacted by a data breach incident last October when hackers accessed sensitive information. |
|||
|
5.7.25 |
Microsoft investigates ongoing SharePoint Online access issues |
Microsoft is investigating an ongoing incident causing intermittent issues for users attempting to access SharePoint Online sites. |
||
|
5.7.25 |
Microsoft: Exchange Server Subscription Edition now available |
Microsoft has announced that the Exchange Server Subscription Edition (SE) is now available to all customers of its enterprise email service. |
||
|
5.7.25 |
Hunters International ransomware shuts down, releases free decryptors |
The Hunters International Ransomware-as-a-Service (RaaS) operation announced today that it has officially closed down its operations and will offer free decryptors to help victims recover their data without paying a ransom. |
||
|
5.7.25 |
Microsoft asks users to ignore Windows Firewall config errors |
Microsoft asked customers this week to disregard incorrect Windows Firewall errors that appear after rebooting their systems following the installation of the June 2025 preview update. |
||
|
5.7.25 |
NimDoor crypto-theft macOS malware revives itself when killed |
NimDoor crypto-theft macOS malware revives itself when killed |
||
|
5.7.25 |
DOJ investigates ex-ransomware negotiator over extortion kickbacks |
An ex-ransomware negotiator is under criminal investigation by the Department of Justice for allegedly working with ransomware gangs to profit from extortion payment deals. |
||
|
5.7.25 |
Spain arrests hackers who targeted politicians and journalists |
The Spanish police have arrested two individuals in the province of Las Palmas for their alleged involvement in cybercriminal activity, including data theft from the country's government. |
||
|
5.7.25 |
Cisco warns that Unified CM has hardcoded root SSH credentials |
Cisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices with root privileges. |
||
|
5.7.25 |
Citrix warns of login issues after NetScaler auth bypass patch |
Citrix warns that patching recently disclosed vulnerabilities that can be exploited to bypass authentication and launch denial-of-service attacks may also break login pages on NetScaler ADC and Gateway appliances. |
||
|
5.7.25 |
Forminator plugin flaw exposes WordPress sites to takeover attacks |
The Forminator plugin for WordPress is vulnerable to an unauthenticated arbitrary file deletion flaw that could enable full site takeover attacks. |
||
|
5.7.25 |
NSB Alerts the Significant Cybersecurity Risks in China-Made Mobile Applications |
In recent years, the international community has shown growing concerns over cybersecurity issues deriving from China-developed mobile applications (apps). |
||
|
5.7.25 |
Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open |
During routine monitoring, the Wiz Research Team observed an exploitation attempt targeting one of our honeypot servers running TeamCity, a popular CI/CD tool. |
||
|
5.7.25 |
Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties |
Taiwan's National Security Bureau (NSB) has warned that China-developed applications like RedNote (aka Xiaohongshu), Weibo, TikTok, WeChat, and Baidu |
||
|
5.7.25 |
Alert: Exposed JDWP Interfaces Lead to Crypto Mining, Hpingbot Targets SSH for DDoS |
Threat actors are weaponizing exposed Java Debug Wire Protocol ( JDWP ) interfaces to obtain code execution capabilities and deploy cryptocurrency miners |
||
|
5.7.25 |
NightEagle APT Exploits Microsoft Exchange Flaw to Target China's Military and Tech Sectors |
Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been observed targeting Microsoft |
||
|
5.7.25 |
Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros |
Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local |
||
|
5.7.25 |
Microsoft fixes ‘Print to PDF’ feature broken by Windows update |
Microsoft has fixed a known bug that breaks the 'Print to PDF' feature on Windows 11 24H2 systems after installing the April 2025 preview update. |
||
|
5.7.25 |
Dozens of fake wallet add-ons flood Firefox store to drain crypto |
More than 40 fake extensions in Firefox's official add-ons store are impersonating popular cryptocurrency wallets from trusted providers to steal wallet credentials and sensitive data. |
||
|
5.7.25 |
Microsoft: DNS issue blocks delivery of Exchange Online OTP codes |
Microsoft is working to fix a DNS misconfiguration that is causing one-time passcode (OTP) message delivery failures in Exchange Online for some users. |
||
|
5.7.25 |
Qantas discloses cyberattack amid Scattered Spider aviation breaches |
Australian airline Qantas disclosed that it detected a cyberattack on Monday after threat actors gained access to a third-party platform containing customer data. |
||
|
5.7.25 |
AT&T rolls out "Wireless Lock" feature to block SIM swap attacks |
AT&T has launched a new security feature called "Wireless Lock" that protects customers from SIM swapping attacks by preventing changes to their account information and the porting of phone numbers while the feature is enabled. |
||
|
5.7.25 |
Microsoft open-sources VS Code Copilot Chat extension on GitHub |
Microsoft has released the source code for the GitHub Copilot Chat extension for VS Code under the MIT license. |
||
|
5.7.25 |
Kelly Benefits says 2024 data breach impacts 550,000 customers |
Kelly & Associates Insurance Group (dba Kelly Benefits) is informing more than half a million people of a data breach that compromised their personal information. |
||
|
5.7.25 |
Aeza Group sanctioned for hosting ransomware, infostealer servers |
The U.S. Department of the Treasury has sanctioned Russian hosting company Aeza Group and four operators for allegedly acting as a bulletproof hosting company for ransomware gangs, infostealer operations, darknet drug markets, and Russian disinformation campaigns. |
||
|
5.7.25 |
New FileFix attack runs JScript while bypassing Windows MoTW alerts |
A new FileFix attack allows executing malicious scripts while bypassing the Mark of the Web (MoTW) protection in Windows by exploiting how browsers handle saved HTML webpages. |
||
|
5.7.25 |
International Criminal Court hit by new 'sophisticated' cyberattack |
On Monday, the International Criminal Court (ICC) announced that it's investigating a new "sophisticated" cyberattack that targeted its systems last week. |
||
|
5.7.25 |
US disrupts North Korean IT worker "laptop farm" scheme in 16 states |
The U.S. Department of Justice (DoJ) announced coordinated law enforcement actions against North Korean government's fund raising operations using remote IT workers. |
||
|
5.7.25 |
Esse Health says recent data breach affects over 263,000 patients |
Esse Health, a healthcare provider based in St. Louis, Missouri, is notifying over 263,000 patients that their personal and health information was stolen in an April cyberattack. |
||
|
5.7.25 |
Johnson Controls starts notifying people affected by 2023 breach |
Building automation giant Johnson Controls is notifying individuals whose data was stolen in a massive ransomware attack that impacted the company's operations worldwide in September 2023. |
||
|
5.7.25 |
FortiGuard Labs analyzes RondoDox, a stealthy new botnet targeting TBK DVRs and Four-Faith routers via CVE-2024-3721 and CVE-2024-12856. Learn how it evades detection, establishes persistence, and mimics gaming and VPN traffic to launch DDoS attacks. |
|||
|
5.7.25 |
Threat actor impersonates Colombian government to deliver DCRAT via phishing email, using obfuscation, steganography, and PowerShell payload chains. |
|||
|
5.7.25 |
Silent Push Threat Analysts have been mapping the scope of the FUNNULL content delivery network (CDN) and its use of Infrastructure Laundering to hide its infrastructure among major Western cloud providers, such as Amazon and Microsoft, burdening defenders to remain constantly alert to respond and block its accounts. We labeled the threat actor network, “Triad Nexus.” |
|||
|
5.7.25 |
Silent Push Threat Analysts followed a tip from Mexican journalist Ignacio Gómez Villaseñor about a threat actor targeting “Hot Sale 2025,” an annual sales event similar to “Black Friday” in the U.S. |
|||
|
5.7.25 |
A look at the top ransomware groups, incidents and developments in June 2025. |
|||
|
5.7.25 |
The Week in Vulnerabilities: High-Risk IT and ICS Flaws Flagged by Cyble |
Cyble threat intelligence researchers identified several high-risk IT and ICS flaws this week, including some under active exploitation. |
||
|
5.7.25 |
Phishing Attack : Deploying Malware on Indian Defense BOSS Linux |
Executive Summary CYFIRMA has identified a sophisticated cyber-espionage campaign orchestrated by APT36 (also known as Transparent Tribe), a threat actor based in Pakistan. |
||
|
5.7.25 |
Why Cyber Threat Actors Target Australia?Why Cyber Threat Actors Target Australia?Why Cyber Threat Actors Target Australia?Why Cyber Threat Actors Target Australia?Why Cyber |
|||
|
5.7.25 |
Fortnightly Vulnerability Summary CHECK OUT THESE FAST FACTS ON FORTNIGHTLY OBSERVED VULNERABILITIES. Fortnight's Most Impacted Products D-Link | Teamcity | Netbox Fortnightly |
|||
|
5.7.25 |
Eclypsium Releases Tools for Detecting AMI MegaRAC BMC Vulnerabilities |
An attacker armed with the latest knowledge of BMC vulnerabilities and exploits is poised to take control of your server(s). Given that one of these vulnerabilities, CVE-2024-54085, was recently added to the CISA KEV, we now know exploitation is happening in the wild. Organizations must inventory IT assets and then determine if a given vulnerability is present. |
||
|
5.7.25 |
As AI adoption accelerates, businesses face mounting cyber threats—and urgent choices about secure implementation |
|||
|
5.7.25 |
The SonicWall Capture Labs threat research team has observed the latest variant of DBatLoader performing a dual injection of Remcos RAT, utilizing two distinct injection techniques. The malware is mainly known for delivering Remcos RAT, but also delivers other malware. |
|||
|
5.7.25 |
Pay2Key: First Ransomware Utilizing I2P Network Instead of Tor |
Pay2Key first emerged in late 2020 and primarily targeted Israeli businesses. It gained attention for its alleged links to Iranian threat actors. Today’s sample, however, is an obvious pivot to a ransomware-as-a-service model, welcoming even the most novice users. What sets it apart is its use of I2P, an anonymous network similar to Tor. |
||
|
5.7.25 |
Attackers are increasingly exploiting Windows shortcut (LNK) files for malware delivery. Our telemetry revealed 21,098 malicious LNK samples in 2023, which surged to 68,392 in 2024. In this article, we present an in-depth investigation of LNK malware, based on analysis of 30,000 recent samples. |
|||
|
5.7.25 |
Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack |
In March 2025, Apache disclosed CVE-2025-24813, a vulnerability impacting Apache Tomcat. This is a widely used platform that allows Apache web servers to run Java-based web applications. The flaw allows remote code execution, affecting Apache Tomcat versions 9.0.0.M1 to 9.0.98, 10.1.0-M1 to 10.1.34 and 11.0.0-M1 to 11.0.2. |
||
|
5.7.25 |
This Fourth of July, Bruce, the 25-foot mechanical shark from Jaws, shares how his saltwater struggles mirror the need for real-world cybersecurity stress testing. |
|||
|
5.7.25 |
How to get into cybersecurity | Unlocked 403 cybersecurity podcast (S2E3) |
|||
|
5.7.25 |
||||
|
5.7.25 |
||||
|
5.7.25 |
Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset |
|||
|
5.7.25 |
Overall, the required time to analyze a binary goes down with this approach, as a lot of manual tasks have been automated. Being able to run these scripts headless allows you to integrate them into your workflow of choice, making the methodology as flexible as possible. |
|||
|
5.7.25 |
Stay cool this summer with June 2025’s top 4 CVEs: RCEs, NTLM exploits, router worms & a Google supply chain flaw. Read now to patch fast and stay safe. |
|||
|
5.7.25 |
The Democratization of Phishing: Popularity of PhaaS platforms on the rise |
PhaaS platforms are democratizing sophisticated phishing attacks, making them cheaper, easier, and more effective for cybercriminals, with AI amplifying their scale. |
||
|
4.7.25 |
Discovered by Group-IB in mid-2024, the Qwizzserial, which was initially not very active, began to spread strongly in Uzbekistan, masquerading as legitimate applications. The malware steals banking information and intercepts 2FA sms, transmitting it to fraudsters via Telegram bots. |
|||
|
4.7.25 |
How IAS is Fighting Back Against the Shape-Shifting Kaleidoscope Scheme |
The IAS Threat Lab has uncovered a sophisticated new threat dubbed Kaleidoscope — a deceptive Android ad fraud operation that’s as dynamic as it is dangerous. This scheme hides behind seemingly legitimate apps available on Google Play, while malicious lookalike versions are quietly distributed through third-party app stores. |
||
|
4.7.25 |
Satori Threat Intelligence Alert: IconAds Conceals Source of Ad Fraud from Users |
HUMAN’s Satori Threat Intelligence and Research Team has uncovered and disrupted an operation dubbed IconAds. This scheme centered on a collection of 352 apps which load out-of-context ads on a user’s screen and hide the app icons, making it difficult for a user to identify the culprit app and remove it. |
||
|
4.7.25 |
A large-scale malicious campaign has been uncovered involving dozens of fake Firefox extensions designed to steal cryptocurrency wallet credentials. |
|||
|
4.7.25 |
Google Ordered to Pay $314M for Misusing Android Users' Cellular Data Without Permission |
Google has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused Android device users' cellular data when they |
||
|
4.7.25 |
Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams |
A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN. The identified apps |
||
|
4.7.25 |
Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets |
Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting |
||
|
3.7.25 |
Google fixes fourth actively exploited Chrome zero-day of 2025 |
Google has released emergency updates to patch another Chrome zero-day vulnerability exploited in attacks, marking the fourth such flaw fixed since the start of the year. |
||
|
3.7.25 |
U.S. warns of Iranian cyber threats on critical infrastructure |
U.S. cyber agencies, the FBI, and NSA issued an urgent warning today about potential cyberattacks from Iranian-affiliated hackers targeting U.S. critical infrastructure. |
||
|
3.7.25 |
Germany asks Google, Apple to remove DeepSeek AI from app stores |
The Berlin Commissioner for Data Protection has formally requested Google and Apple to remove the DeepSeek AI application from the application stores due to GDPR violations. |
||
|
3.7.25 |
Microsoft Defender for Office 365 now blocks email bombing attacks |
Microsoft says its Defender for Office 365 cloud-based email security suite will now automatically detect and block email bombing attacks. |
||
|
3.7.25 |
Switzerland says government data stolen in ransomware attack |
The government in Switzerland is informing that sensitive information from various federal offices has been impacted by a ransomware attack at the third-party organization Radix. |
||
|
3.7.25 |
Hikvision Canada ordered to cease operations over security risks |
The Canadian government has ordered Hikvision's subsidiary in the country to cease all operations following a review that determined them to pose a national security risk. |
||
|
3.7.25 |
Microsoft warns of Windows update delays due to wrong timestamp |
Microsoft has confirmed a new known issue causing delivery delays for June 2025 Windows security updates due to an incorrect metadata timestamp. |
||
|
3.7.25 |
Europol helps disrupt $540 million crypto investment fraud ring |
Spanish authorities have arrested five individuals in Madrid and the Canary Islands, suspected of laundering $540 million (€460 million) from illegal cryptocurrency investment schemes and defrauding more than 5,000 victims. |
||
|
3.7.25 |
FBI: Cybercriminals steal health data posing as fraud investigators |
The Federal Bureau of Investigation (FBI) has warned Americans of cybercriminals impersonating health fraud investigators to steal their sensitive information. |
||
|
3.7.25 |
Over 1,200 Citrix servers unpatched against critical auth bypass flaw |
Over 1,200 Citrix NetScaler ADC and NetScaler Gateway appliances exposed online are unpatched against a critical vulnerability believed to be actively exploited, allowing threat actors to bypass authentication by hijacking user sessions. |
||
|
3.7.25 |
Further insights into Ivanti CSA 4.6 vulnerabilities exploitation |
Between October 2024 and late January 2025, public reports described the exploitation of Ivanti CSA vulnerabilities which started Q4 2024. We share analysis results confirming a worldwide exploitation, that lead to Webshells deployments in September and October 2024. |
||
|
3.7.25 |
Cisco recently developed and released an update to its brand impersonation detection engine for emails. This new update enhances detection coverage and includes a wider range of brands that are delivered using PDF payloads (or attachments). |
|||
|
3.7.25 |
Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms |
The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors |
||
|
3.7.25 |
Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials |
Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications |
||
|
3.7.25 |
North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign |
Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming |
||
|
3.7.25 |
Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns |
Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated |
||
|
2.7.25 |
U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware |
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH) service provider |
||
|
2.7.25 |
Okta Threat Intelligence has observed threat actors abusing v0, a breakthrough Generative Artificial Intelligence (GenAI) tool created by Vercelopens in a new tab, to develop phishing sites that impersonate legitimate sign-in webpages. |
|||
|
2.7.25 |
10 Things I Hate About Attribution: RomCom vs. TransferLoader |
Most of the time, delineating activities from distinct clusters and separating cybercrime from espionage can be done based on differing tactics, techniques, and procedures (TTPs), tooling, volume/scale, and targeting. |
||
|
2.7.25 |
Vercel's v0 AI Tool Weaponized by Cybercriminals to Rapidly Create Fake Login Pages at Scale |
Unknown threat actors have been observed weaponizing v0 , a generative artificial intelligence (AI) tool from Vercel, to design fake sign-in pages that impersonate |
||
|
2.7.25 |
Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits |
Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic's Model Context Protocol ( MCP ) Inspector |
||
|
2.7.25 |
TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns |
Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a |
||
|
1.7.25 |
Can You Trust that Verified Symbol? Exploiting IDE Extensions is Easier Than it Should Be |
OX Security researchers uncover how easy it is for malicious extensions to bypass trust checks and execute code on developer machines. |
||
|
1.7.25 |
New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status |
A new study of integrated development environments (IDEs) like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in |
||
|
1.7.25 |
Google Patches Critical Zero-Day Flaw in Chrome's V8 Engine After Active Exploitation |
Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as |
||
|
1.7.25 |
U.S. Arrests Facilitator in North Korean IT Worker Scheme; Seizes 29 Domains and Raids 21 Laptop Farms |
The U.S. Department of Justice (DoJ) on Monday announced sweeping actions targeting the North Korean information technology (IT) worker scheme, leading to |
||
|
1.7.25 |
Microsoft Removes Password Management from Authenticator App Starting August 2025 |
Microsoft has said that it's ending support for passwords in its Authenticator app starting August 1, 2025. Microsoft's move is part of a much larger shift away from |
||
|
1.7.25 |
Patch and Persist: Darktrace’s Detection of Blind Eagle (APT-C-36) |
Since 2018, Blind Eagle has targeted Latin American organizations using phishing and RATs. Darktrace detected Blind Eagle activity on a customer network involving C2 connectivity, malicious payload downloads and data exfiltration. |
||
|
1.7.25 |
Trustwave SpiderLabs has assessed with high confidence that the threat group Blind Eagle, aka APT-C-36, is associated with the Russian bulletproof hosting service provider Proton66. |
|||
|
1.7.25 |
U.S. Agencies Warn of Rising Iranian Cyberattacks on Defense, OT Networks, and Critical Infrastructure |
U.S. cybersecurity and intelligence agencies have issued a joint advisory warning of potential cyber-attacks from Iranian state-sponsored or affiliated threat actors. |
||
|
1.7.25 |
Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects |
Europol on Monday announced the takedown of a cryptocurrency investment fraud ring that laundered €460 million ($540 million) from more than 5,000 victims across |
||
|
1.7.25 |
Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks |
The threat actor known as Blind Eagle has been attributed with high confidence to the use of the Russian bulletproof hosting service Proton66 . Trustwave SpiderLabs, |
||