BLOG 2025 AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog 2024 2023
H January(21) February(46) March(44) April(33) May(35) June(67) July(84) August(73) September(57) October(0) November(59) December(60) 2025 January(29) February(72) March(67) April(108) May(118) June(159) July(98) August(131) September(24)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 30.8.25 | Loophole allows threat actors to claim VS Code extension names | RL has discovered a loophole on VS Code Marketplace that allows threat actors to reuse legitimate, removed package names for malicious purposes. | Hacking blog | REVERSINGLAB |
| 30.8.25 | Phishing Campaign Targeting Companies via UpCrypter | FortiGuard Labs uncovers a phishing campaign using fake emails and UpCrypter malware to deliver RATs like PureHVNC and DCRat across industries. | Phishing blog | FORTINET |
| 30.8.25 | Malicious Screen Connect Campaign Abuses AI-Themed Lures for Xworm Delivery | During a recent Advanced Continual Threat Hunt (ACTH) investigation, the Trustwave SpiderLabs Threat Hunt team identified a deceptive campaign that abused fake AI-themed content to lure users into executing a malicious, pre-configured ScreenConnect installer. | AI blog | TRUSTWAVE |
| 30.8.25 | Unraveling Phishing Campaigns Flagged by Trustwave’s URL Scanner | In recent months, Trustwave SpiderLabs, A LevelBlue Company, saw a significant increase in phishing URLs containing familiar patterns, similar phishing templates, and a resurgence in the use of email marketing platforms. | Phishing blog | TRUSTWAVE |
| 30.8.25 | A Tale of Two Ransomware-as-a-Service Threat Groups | Learn about INC and Lynx, two highly successful RaaS groups that share similar tactics and procedures, including a potential connection through shared code. | Ransom blog | TRUSTWAVE |
| 30.8.25 | An actor tracked as UNC6395 stole OAuth tokens from the Salesloft Drift app and leveraged them for widespread data theft. | APT blog | Google Threat Intelligence | |
| 30.8.25 | In March 2025, Google Threat Intelligence Group (GTIG) identified a complex, multifaceted campaign attributed to the PRC-nexus threat actor UNC6384. The campaign targeted diplomats in Southeast Asia and other entities globally. GTIG assesses this was likely in support of cyber espionage operations aligned with the strategic interests of the People's Republic of China (PRC). | APT blog | Google Threat Intelligence | |
| 30.8.25 | Australia and New Zealand Threat Landscape in H1 2025 is Worrying, but has a Silver-Lining | The ransomware threats “Down Under” doubled in the first six months of the year as compared to the last year. | Ransom blog | Cyble |
| 30.8.25 | SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh | Executive Summary Cyble Research and Intelligence Labs (CRIL) has uncovered an ongoing Android malware tracker named “SikkahBot,” active since July 2024 and explicitly targeting students in Bangladesh. | Malware blog | Cyble |
| 30.8.25 | The Silent Data Leak Crisis in Australia’s Supply Chains | Australia faces a surge in AI-driven cyberattacks and supply chain vulnerabilities, with one cyberattack per second and over 1,100 data breaches reported in 2024. | BigBrother blog | Cyble |
| 30.8.25 | The Week in Vulnerabilities: Threat Actors Claim Exploits, Zero Days | Cyble has detected new attack campaigns and threat actors claiming to offer vulnerability exploits and zero days for sale on the dark web. | Vulnerebility blog | Cyble |
| 30.8.25 | Operation HanKook Phantom: North Korean APT37 targeting South Korea | Table of Contents: Introduction Threat Profile Infection Chain Campaign-1 Analysis of Decoy: Technical Analysis Fingerprint of ROKRAT’s Malware Campaign-2 Analysis of Decoy Technical analysis Detailed analysis of Decoded tony31.dat Conclusion Seqrite Protections MITRE Att&ck | APT blog | Seqrite |
| 30.8.25 | WinRAR Directory Traversal & NTFS ADS Vulnerabilities (CVE-2025-6218 & CVE-2025-8088) | Executive Summary Two high-severity vulnerabilities in WinRAR for Windows — CVE-2025-6218 and CVE-2025-8088 — allow attackers to write files outside the intended extraction directory. CVE-2025-6218 involves traditional path traversal, while CVE-2025-8088 extends the attack using NTFS Alternate Data Streams.. | Vulnerebility blog | Seqrite |
| 30.8.25 | UNVEILING A PYTHON STEALER – INF0S3C STEALER | EXECUTIVE SUMMARY Cyfirma’s threat intelligence assessment reveals Inf0s3c Stealer, a Python-based grabber designed to collect system information and user data. The executable | Malware blog | Cyfirma |
| 30.8.25 | TINKYWINKEY KEYLOGGER | EXECUTIVE SUMMARY At CYFIRMA, we are dedicated to providing timely intelligence on emerging cyber threats and adversarial tactics that target both individuals and organizations. | Malware blog | Cyfirma |
| 30.8.25 | CVE-2025-8671 – HTTP/2 MadeYouReset Vulnerability DDoS Attack | EXECUTIVE SUMMARY CVE-2025-8671, dubbed "MadeYouReset", is a newly disclosed HTTP/2 denial-of-service (DoS) vulnerability identified by researchers at Tel Aviv University an | Vulnerebility blog | Cyfirma |
| 30.8.25 | New Salt Typhoon Defense Guidance from FBI and CISA | The FBI and CISA, along with a coalition of other international cybersecurity agencies, have released a new Cybersecurity Advisory, CSA AA25-239A, about Salt Typhoon and other Chinese State-Sponsored Advanced Persistent Threat (APT) groups. | APT blog | Eclypsium |
| 30.8.25 | FAQ: What Does the EU Cyber Resilience Act (CRA) Mean for Hardware and Firmware Supply Chain Security | The European Union’s Cyber Resilience Act (CRA), Regulation (EU), 2024/2847, “aims to safeguard consumers and businesses” from risks introduced through the digital supply chain. To satisfy this regulation, countless organizations will have to change how they operate. | BigBrother blog | Eclypsium |
| 30.8.25 | Cybersecurity Stop of the Month: BEC Attacks Targeting Government Agencies | Email-based threats against public sector organizations are rising in both scale and complexity. One of the most popular attacks that government finance and procurement teams are targeted with is business email compromise (BEC). | Spam blog | PROOFPOINT |
| 30.8.25 | LLM Security: Risks, Best Practices, Solutions | Large language models (LLMs), such as ChatGPT, Claude, and Gemini, are transforming industries by enabling faster workflows, deeper insights, and smarter tools. Their capabilities are reshaping how we work, communicate, and innovate. | AI blog | PROOFPOINT |
| 30.8.25 | Storm-0501’s evolving techniques lead to cloud-based ransomware | Financially motivated threat actor Storm-0501 has continuously evolved their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures (TTPs). | APT blog | Microsoft blog |
| 30.8.25 | Operation Serengeti 2.0: Trend Micro Helps Law Enforcement Fight Cybercrime in Africa | Operation Serengeti 2.0: With Trend Micro’s support, INTERPOL led a major crackdown across Africa, arresting cybercriminals, dismantling infrastructures, recovering illicit funds, and protecting tens of thousands of victims. | Cyber blog | Trend Micro |
| 30.8.25 | TAOTH Campaign Exploits End-of-Support Software to Target Traditional Chinese Users and Dissidents | The TAOTH campaign exploited abandoned software and spear-phishing to deploy multiple malware families, targeting dissidents and other high-value individuals across Eastern Asia. | Exploit blog | Trend Micro |
| 30.8.25 | Critical RCE Vulnerabilities in Commvault: CVE-2025-57791 & CVE-2025-57790 | The SonicWall Capture Labs threat research team became aware of a critical chain of remote code execution (RCE) vulnerabilities in Commvault CommServe. | Vulnerebility blog | SonicWall |
| 30.8.25 | Data Is the New Diamond: Heists in the Digital Age | Heists in the digital world may seem fundamentally different from heists in the physical world, but I see a common tie — financially motivated criminals of all types often use social engineering and intensive reconnaissance to achieve their goals. | Cyber blog | Palo Alto |
| 30.8.25 | ZipLine Campaign: A Sophisticated Phishing Attack Targeting US Companies | Check Point Research has been monitoring a sophisticated social-engineering campaign targeting supply chain–critical manufacturing companies, where attackers leverage legitimate-looking business interactions to stealthily deliver a custom malware implant. | Hacking blog | Checkpoint |
| 30.8.25 | Chasing the Silver Fox: Cat & Mouse in Kernel Shadows | Check Point Research (CPR) uncovered an ongoing in-the-wild campaign attributed to the Silver Fox APT which involves the abuse of a previously unknown vulnerable driver, amsdk.sys (WatchDog Antimalware, version 1.0.600). | Cyber blog | Checkpoint |
| 30.8.25 | This month in security with Tony Anscombe – August 2025 edition | From Meta shutting down millions of WhatsApp accounts linked to scam centers all the way to attacks at water facilities in Europe, August 2025 saw no shortage of impactful cybersecurity news | Cyber blog | Eset |
| 30.8.25 | Don’t let “back to school” become “back to (cyber)bullying” | Cyberbullying is a fact of life in our digital-centric society, but there are ways to push back | Cyber blog | Eset |
| 30.8.25 | First known AI-powered ransomware uncovered by ESET Research | The discovery of PromptLock shows how malicious use of AI models could supercharge ransomware and other threats | AI blog | Eset |
| 30.8.25 | The Bug Report – August 2025 Edition | August's bug report is here. We break down active threats from Fortinet, Apple, and SAP to help you patch critical zero-days before it's too late. | Vulnerebility blog | Trelix |
| 23.8.25 | The New Era of Cybercrime in Australia — AI-Powered Attacks and How to Stay Ahead | AI-driven cyberattacks are rising in Australia, with 50+ threat groups active in 2025 and a 13% spike in major incidents across key sectors. | Cyber blog | Cyble |
| 23.8.25 | Inside the Australian Dark Web: What Hackers Are Selling About Your Business Right Now | The Australian dark web has evolved into a booming underground economy, with rising ransomware attacks and stolen data traded openly, Cyble reports. | Cyber blog | Cyble |
| 23.8.25 | The Week in Vulnerabilities: Patch Tuesday Yields Hundreds of Vendor Fixes | Monthly fixes from IT vendors led to hundreds of newly disclosed vulnerabilities in the past week. Here are over a dozen to prioritize | Vulnerebility blog | Cyble |
| 23.8.25 | Ransomware Landscape July 2025: Qilin Stays on Top as New Threats Emerge | Qilin was the top ransomware group for the third time in four months – but INC and other rivals aren’t standing still. | Ransom blog | Cyble |
| 23.8.25 | The Week in Vulnerabilities: 717 New Cybersecurity Flaws Reported! | Cyble found 717 new vulnerabilities, including 222 with PoCs and 17 in EOL products, exposing systems to growing cyberattack risks. | Vulnerebility blog | Cyble |
| 23.8.25 | Who are the Top Ransomware Threat Actors of H1 2025 | Ransomware surged in H1 2025. Meet CL0P, Akira, and Qilin — the top threat actors behind over 1,000 global attacks reshaping the cybercrime landscape. | Ransom blog | Cyble |
| 23.8.25 | APT36: Targets Indian BOSS Linux Systems with Weaponized AutoStart Files | Executive Summary CYFIRMA has identified an ongoing cyber-espionage campaign orchestrated by APT36 (Transparent Tribe), a Pakistan-based threat actor with a sustained focus on Indian Government entities. This operation reflects the… | APT blog | Cyfirma |
| 23.8.25 | EXECUTIVE THREAT LANDSCAPE REPORT : SAUDI ARABIA | Why Do Cyber Threat Actors Target Saudi Arabia? Energy Superpower: As the world's largest oil exporter, any disruption to Saudi energy assets can ripple across global markets, | BigBrother blog | Cyfirma |
| 23.8.25 | Building the Ultimate Cyberdeck: My Custom Hackberry PI | There are many examples online of DIY cyberdecks. These compact, modular builds push the boundaries of portable computing. The goal, at least for me, is to have something portable to run penetration testing hardware and software tools from. | Hacking blog | Eclypsium |
| 23.8.25 | Cybercriminals Abuse AI Website Creation App For Phishing | We are often asked about the impact of AI on the threat landscape. While we have observed that large language model (LLM) generated emails or scripts have so far had little impact, some AI tools are lowering the barrier for entry for digital crime. Take, for example, services that can create websites in minutes with the help of AI. | AI blog | PROOFPOINT |
| 23.8.25 | Proofpoint’s Next Human Factor Report Uncovers New Insights on Phishing and URL-Based Threats | Proofpoint’s new Human Factor report series is a fresh take on how we share insights about the threat landscape. Instead of long, technical reports, this year we’ve shortened them to make them more actionable. Each volume focuses on a specific threat tactic along with key trends and cybercriminal behaviors, which are observed across Proofpoint’s global threat intelligence and backed by data from more than 3.5 billion emails analyzed daily. | Phishing blog | PROOFPOINT |
| 23.8.25 | Think before you Click(Fix): Analyzing the ClickFix social engineering technique | The ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily. | Social blog | Microsoft blog |
| 23.8.25 | New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises | We uncovered a campaign that makes use of Charon, a new ransomware family, and advanced APT-style techniques to target organizations with customized ransom demands. | Ransom blog | Trend Micro |
| 23.8.25 | Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware | Warlock ransomware exploits unpatched Microsoft SharePoint vulnerabilities to gain access, escalate privileges, steal credentials, move laterally, and deploy ransomware with data exfiltration across enterprise environments. | Ransom blog | Trend Micro |
| 23.8.25 | Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks | Crypto24 is a ransomware group that stealthily blends legitimate tools with custom malware, using advanced evasion techniques to bypass security and EDR technologies. | Ransom blog | Trend Micro |
| 23.8.25 | Chihuahua Stealer: Disguising Data Theft in Plain Lyrics | A newly identified .NET-based infostealer, called Chihuahua Stealer, was first observed in April 2025. It has been distributed via malicious documents, often hosted on cloud storage platforms such as Google Drive or OneDrive. | Malware blog | SonicWall |
| 23.8.25 | Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth | We have detected a campaign aimed at gaining access to victims’ machines and monetizing access to their bandwidth. It functions by exploiting the CVE-2024-36401 vulnerability in the GeoServer geospatial database. This Critical-severity remote code execution vulnerability has a CVSS score of 9.8. Criminals have used the vulnerability to deploy legitimate software development kits (SDKs) or modified apps to gain passive income via network sharing or residential proxies. | Vulnerebility blog | Palo Alto |
| 23.8.25 | Fashionable Phishing Bait: GenAI on the Hook | The rapid expansion of generative AI (GenAI) has led to a diverse set of web-based platforms offering capabilities such as code assistance, natural language generation, chatbot interaction and automated website creation. This article uses insights from our telemetry to show trends in how the GenAI web is evolving. | Phishing blog | Palo Alto |
| 23.8.25 | A Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode | We created an in-depth malware analysis tutorial featuring shellcode generated by a tool named Donut. The tutorial walks through a single infection chain from end to end, starting with a sample, and assuming no prior knowledge of the malware in question. | Malware blog | Palo Alto |
| 23.8.25 | New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer | Unit 42 researchers recently observed a shift in the delivery method in the distribution of DarkCloud Stealer and the obfuscation techniques used to complicate analysis. First seen in early April 2025, these new methods and techniques include an additional infection chain for DarkCloud Stealer. This chain involves obfuscation by ConfuserEx and a final payload written in Visual Basic 6 (VB6). | Malware blog | Palo Alto |
| 23.8.25 | Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild | This article presents our observations of exploit attempts targeting CVE-2025-32433. This vulnerability allows unauthenticated remote code execution (RCE) in the Secure Shell (SSH) daemon (sshd) from certain versions of the Erlang programming language's Open Telecom Platform (OTP). | Exploit blog | Palo Alto |
| 23.8.25 | When Good Accounts Go Bad: Exploiting Delegated Managed Service Accounts in Active Directory | BadSuccessor is a critical attack vector that emerged following the release of Windows Server 2025. Under certain conditions, this server version enables users to leverage delegated Managed Service Accounts (dMSAs) to elevate privileges within Active Directory environments running Windows Server 2025. At the time of writing this article, no patch exists for this issue. | Exploit blog | Palo Alto |
| 23.8.25 | Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices | A Russian state-sponsored group, Static Tundra, is exploiting an old Cisco IOS vulnerability to compromise unpatched network devices worldwide, targeting key sectors for intelligence gathering. | APT blog | CISCO TALOS |
| 23.8.25 | Cherry pie, Douglas firs and the last trip of the summer | Amy (ahem, Special Agent Dale Cooper) shares lessons from their trip to the Olympic Peninsula and cybersecurity travel tips for your last-minute adventures. | Cyber blog | CISCO TALOS |
| 23.8.25 | Ransomware incidents in Japan during the first half of 2025 | Ransomware attackers continue to primarily target small and medium-sized manufacturing businesses in Japan. | Ransom blog | CISCO TALOS |
| 23.8.25 | JJ Cummings: The art of controlling information | Get an inside look at how JJ Cummings helped build and lead one of Cisco Talos’ most impactful security teams, and discover what drives him to stay at the forefront of threat intelligence. | Cyber blog | CISCO TALOS |
| 23.8.25 | "What happens online stays online" and other cyberbullying myths, debunked | Separating truth from fiction is the first step towards making better parenting decisions. Let’s puncture some of the most common misconceptions about online harassment. | Cyber blog | Eset |
| 23.8.25 | The need for speed: Why organizations are turning to rapid, trustworthy MDR | How top-tier managed detection and response (MDR) can help organizations stay ahead of increasingly agile and determined adversaries | Safety blog | Eset |
| 23.8.25 | Investors beware: AI-powered financial scams swamp social media | Can you tell the difference between legitimate marketing and deepfake scam ads? It’s not always as easy as you may think. | AI blog | Eset |
| 23.8.25 | The Silent, Fileless Threat of VShell | Malicious filename in a RAR archive to silently trigger Bash commands and drop a memory-only Vshell backdoor | Malware blog | Trelix |
| 23.8.25 | Dark Web Roast - July 2025 Edition | From ransomware gangs having public meltdowns over affiliate drama to AI-powered malware that needs to phone home for basic instructions, this month's underground activities showcased the perfect blend of criminal ambition and spectacular incompetence that keeps cybersecurity professionals both entertained and employed. | Ransom blog | Trelix |
| 23.8.25 | The Coordinated Embassy Hunt: Unmasking the DPRK-linked GitHub C2 Espionage Campaign | The Trellix Advanced Research Center uncovered a sophisticated espionage operation targeting diplomatic missions across several regions in South Korea during early 2025. | BigBrother blog | Trelix |
| 17.8.25 | Check Point Research uncovered six fresh vulnerabilities in Microsoft Windows, including one critical flaw with ... | Vulnerebility blog | Checkpoint | |
| 17.8.25 | From critical infrastructure to classrooms, no sector is being spared. In July 2025, cyber attacks ... | Ransom blog | Checkpoint | |
| 17.8.25 | One of the most pressing cyber threats businesses face today is the rampant rise in ... | Cyber blog | Checkpoint | |
| 17.8.25 | CVE-2025-54136 – MCPoison Key Insights Critical RCE Flaw in Popular AI-powered IDE Check Point Research ... | Vulnerebility blog | Checkpoint | |
| 17.8.25 | A Region-Wise Breakdown of Cyber Threats: What H1 2025 Data Reveals | The Global Threat Landscape H1 2025 shows rising cyberattacks, with ransomware targeting regions like the U.S., UK, APAC, and MEA based on sectoral weaknesses. | Cyber blog | Cyble |
| 17.8.25 | Ransomware Landscape July 2025: Qilin Stays on Top as New Threats Emerge | Qilin was the top ransomware group for the third time in four months – but INC and other rivals aren’t standing still. | Ransom blog | Cyble |
| 17.8.25 | Unmasking the SVG Threat: How Hackers Use Vector Graphics for Phishing Attacks | Introduction In the ever-evolving cybersecurity landscape, attackers constantly seek new ways to bypass traditional defences. One of the latest and most insidious methods involves using Scalable Vector Graphics (SVG)—a file format typically associated with clean, scalable images for websites. | Phishing blog | Seqrite |
| 17.8.25 | Spear Phishing Campaign Delivers VIP Keylogger via EMAIL Attachment | Introduction Earlier this year, we published a white paper detailing the VIP keylogger, a sophisticated malware strain leveraging spear-phishing and steganography to infiltrate victims’ systems. The keylogger is known for its data theft capabilities, particularly targeting web browsers and... | Phishing blog | Seqrite |
| 17.8.25 | Operation CargoTalon : UNG0901 Targets Russian Aerospace & Defense Sector using EAGLET implant. | Contents Introduction Initial Findings Infection Chain. Technical Analysis Stage 0 – Malicious Email File. Stage 1 – Malicious LNK file. Stage 2 – Looking into the decoy file. Stage 3 – Malicious EAGLET implant. Hunting and Infrastructure. Infrastructural details.... | BigBrother blog | Seqrite |
| 17.8.25 | Android Cryptojacker Disguised as Banking App Exploits Device Lock State | The global craze around cryptocurrency has fueled both innovation and exploitation. While many legally chase digital gold, cybercriminals hijack devices to mine it covertly. Recently, we encountered a phishing website impersonating a well-known bank, hosting a fake Android app.... | Cryptocurrency blog | Seqrite |
| 17.8.25 | Lazarus Stealer : Android Malware for Russian Bank Credential Theft Through Overlay and SMS Manipulation | EXECUTIVE SUMMARY At CYFIRMA, we deliver actionable intelligence on emerging cyber threats impacting both individuals and organizations. This report analyzes a | Malware blog | Cyfirma |
| 17.8.25 | REVENANT : EXECUTIONLESS, SELF-ASSEMBLING THREAT HIDDEN IN SYSTEM ENTROPY | EXECUTIVE SUMMARY The REVENANT project exposes a multi-stage, execution less attack methodology capable of persisting not only within endpoint and network environments, | Cyber blog | Cyfirma |
| 17.8.25 | APT PROFILE – LAZARUS GROUP | The Lazarus Group is a highly sophisticated, state-sponsored cyber threat group attributed to the North Korean government. They are also known by many other names, including Hidden | APT blog | Cyfirma |
| 17.8.25 | GREY ZONE WARFARE IN CHINA’S STALLED SOUTH CHINA SEA AMBITIONS | INTRODUCTION – A DECADE OF AGGRESSION For the past several years, an emboldened China has intensified its aggression in the South China Sea, zeroing in on the | BigBrother blog | Cyfirma |
| 17.8.25 | TRACKING RANSOMWARE : JULY 2025 | EXECUTIVE SUMMARY In July 2025, ransomware activity remained high, with major impacts on consumer services, professional services, and manufacturing. Qilin led in volume, | Ransom blog | Cyfirma |
| 17.8.25 | FAKE TELEGRAM PREMIUM SITE DISTRIBUTES NEW LUMMA STEALER VARIANT | Executive Summary CYFIRMA Threat Intelligence has observed an ongoing malicious campaign leveraging the domain ‘telegrampremium[.]app’, which fraudulently mimics the | Malware blog | Cyfirma |
| 17.8.25 | APT36: A PHISHING CAMPAIGN TARGETING INDIAN GOVERNMENT ENTITIES | EXECUTIVE SUMMARY A sophisticated phishing campaign, possibly attributed to Pakistan-linked APT36 (Transparent Tribe) is targeting Indian defense organizations and related | APT blog | Cyfirma |
| 17.8.25 | Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks | Crypto24 is a ransomware group that stealthily blends legitimate tools with custom malware, using advanced evasion techniques to bypass security and EDR technologies. | Ransom blog | Trend Micro |
| 17.8.25 | New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises | We uncovered a campaign that makes use of Charon, a new ransomware family, and advanced APT-style techniques to target organizations with customized ransom demands. | Ransom blog | Trend Micro |
| 17.8.25 | From ClickFix to Command: A Full PowerShell Attack Chain | A regionally targeted PowerShell-based campaign used phishing lures, obfuscation, and RAT delivery to infiltrate Israeli organizations. Learn how the attack chain worked—and how Fortinet blocked it. | Attack blog | FORTINET |
| 17.8.25 | Unveiling a New Variant of the DarkCloud Campaign | FortiGuard Labs has uncovered a stealthy new variant of DarkCloud malware that leverages phishing emails, obfuscated JavaScript, PowerShell loaders, and process hollowing to exfiltrate credentials, payment data, and email contacts—all without dropping a file to disk. | Hacking blog | FORTINET |
| 17.8.25 | Malicous Packages Across Open-Source Registries: Detection Statistics and Trends (Q2 2025) | Malware threats continue to infiltrate open-source software registries. FortiGuard Labs’ Q2 2025 analysis reveals persistent tactics used in malicious NPM and PyPI packages, including credential theft, obfuscation, and install-time payloads. Learn how threat actors exploit OSS and how to stay protected. | Malware blog | FORTINET |
| 17.8.25 | New DoD Cyber Supply Chain Security Guidance from GAO and Secretary of Defense | The first half of 2025 has seen a flood of new cybersecurity guidance for the U.S. Federal government, and particularly the Department of Defense. | BigBrother blog | Eclypsium |
| 17.8.25 | BadCam: Now Weaponizing Linux Webcams | Eclypsium researchers have discovered vulnerabilities in USB webcams that allow attackers to turn them into BadUSB attack tools. This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system. | Attack blog | Eclypsium |
| 17.8.25 | What the White House’s AI Action Plan Means for Infrastructure and Cybersecurity Leaders | The White House’s AI Action Plan, titled “Winning the AI Race”, marks a strategic shift in how the U.S. government aims to lead in artificial intelligence while securing its technological foundations. | AI blog | Eclypsium |
| 17.8.25 | GPUHammer Vulnerability: The Security Growing Pains of AI Infrastructure | The recent disclosure of GPUHammer vulnerabilities targeting NVIDIA GPU memory represents more than just another security flaw—it’s a clear signal that AI infrastructure faces fundamental security challenges that demand immediate attention. | Attack blog | Eclypsium |
| 17.8.25 | Project AK47: Uncovering a Link to the SharePoint Vulnerability Attacks | Unit 42 observed notable overlaps between Microsoft’s reporting on ToolShell activity (an exploit chain affecting SharePoint vulnerabilities) and activity that we have been separately tracking. The activity, which we track as CL-CRI-1040, caught our attention by deploying a tool set that we call Project AK47, which includes a backdoor, ransomware and loaders. | Hacking blog | Palo Alto |
| 17.8.25 | When Good Accounts Go Bad: Exploiting Delegated Managed Service Accounts in Active Directory | BadSuccessor is a critical attack vector that emerged following the release of Windows Server 2025. Under certain conditions, this server version enables users to leverage delegated Managed Service Accounts (dMSAs) to elevate privileges within Active Directory environments running Windows Server 2025. At the time of writing this article, no patch exists for this issue. | Exploit blog | Palo Alto |
| 17.8.25 | New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer | Unit 42 researchers recently observed a shift in the delivery method in the distribution of DarkCloud Stealer and the obfuscation techniques used to complicate analysis. | Malware blog | Palo Alto |
| 17.8.25 | Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild | This article presents our observations of exploit attempts targeting CVE-2025-32433. This vulnerability allows unauthenticated remote code execution (RCE) in the Secure Shell (SSH) daemon (sshd) from certain versions of the Erlang programming language's Open Telecom Platform (OTP). | Vulnerebility blog | Palo Alto |
| 17.8.25 | A Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode | We created an in-depth malware analysis tutorial featuring shellcode generated by a tool named Donut. The tutorial walks through a single infection chain from end to end, starting with a sample, and assuming no prior knowledge of the malware in question. | Malware blog | Palo Alto |
| 17.8.25 | Microsoft Security Bulletin Coverage for August 2025 | Microsoft’s August 2025 Patch Tuesday has 109 vulnerabilities, of which 44 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of August 2025 and has produced coverage for seven of the reported vulnerabilities | Vulnerebility blog | SonicWall |
| 17.8.25 | Android Malware Campaign Mimics Indian Banks to Harvest Financial Credentials | The SonicWall Capture Labs threat research team has identified an ongoing Android banking malware campaign targeting users of Indian banks. The malware authors are leveraging phishing pages that closely resemble legitimate banking app interfaces by mimicking elements such as logos, layouts and design features to trick users into installing a malicious application. | Malware blog | SonicWall |
| 17.8.25 | Critical Unauthenticated RCE Vulnerability in Cisco ISE (CVE-2025-20281) | The SonicWall Capture Labs threat research team became aware of a critical remote code execution (RCE) vulnerability in Cisco Identity Services Engine (ISE). | Vulnerebility blog | SonicWall |
| 17.8.25 | Docassemble Path-Traversal + SSTI Enables RCE (CVE-2024-27292) | SonicWall Capture Labs threat research team became aware of the threat CVE-2024-27292, assessed its impact, and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
| 16.8.25 | CVE-2025-54136 – MCPoison Cursor IDE: Persistent Code Execution via MCP Trust Bypass | Cursor is a developer-focused AI IDE that combines local code editing with large language model (LLM) integrations. Due to its flexibility and deep LLM integration, Cursor is increasingly adopted by startups, research teams, and individual developers looking to integrate AI tooling directly into their development workflow. | Vulnerebility blog | Checkpoint |
| 16.8.25 | Sealed Chain of Deception: Actors leveraging Node.JS to Launch JSCeal | Check Point Research (CPR) is closely tracking the malicious execution of compiled Javascript files, which led to the discovery of JSCEAL, a campaign targeting crypto app users. | Cryptocurrency blog | Checkpoint |
| 16.8.25 | The State of Ransomware – Q2 2025 | Several prominent RaaS groups, including RansomHub, Babuk-Bjorka, FunkSec, BianLIan, 8Base, Cactus, Hunters International, and Lockbit, stopped publishing new victims. Though the reasons for their disappearances vary, the net effect is a fragmented ransomware ecosystem no longer dominated by one or two major players. | Ransom blog | Checkpoint |
| 16.8.25 | Before ToolShell: Exploring Storm-2603’s Previous Ransomware Operations | Check Point Research (CPR) conducted a focused analysis of Storm-2603, a threat actor associated with recent ToolShell exploitations, together with other Chinese APT groups. | Ransom blog | Checkpoint |
| 16.8.25 | UAT-7237 targets Taiwanese web hosting infrastructure | Cisco Talos discovered UAT-7237, a Chinese-speaking advanced persistent threat (APT) group active since at least 2022, which has significant overlaps with UAT-5918. | APT blog | CISCO TALOS |
| 16.8.25 | What happened in Vegas (that you actually want to know about) | Hazel braves Vegas, overpriced water and the Black Hat maze to bring you Talos’ latest research — including a deep dive into the PS1Bot malware campaign. | Malware blog | CISCO TALOS |
| 16.8.25 | Malvertising campaign leads to PS1Bot, a multi-stage malware framework | Cisco Talos has observed an ongoing malware campaign that seeks to infect victims with a multi-stage malware framework, implemented in PowerShell and C#, which we are referring to as “PS1Bot.” | Malware blog | CISCO TALOS |
| 16.8.25 | Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for August 2025, which includes 111 vulnerabilities affecting a range of products, including 13 that Microsoft marked as “critical”. In this month's release, Microsoft observed none of the included vulnerabilities being ac | Vulnerebility blog | CISCO TALOS |
| 16.8.25 | ReVault! When your SoC turns against you… deep dive edition | Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. | Vulnerebility blog | CISCO TALOS |
| 16.8.25 | AI wrote my code and all I got was this broken prototype | Can AI really write safer code? Martin dusts off his software engineer skills to put it it to the test. Find out what AI code failed at, and what it was surprisingly good at. Also, we discuss new research on how AI LLM models can be used to assist in the reverse engineering of malware. | AI blog | CISCO TALOS |
| 16.8.25 | WWBN, MedDream, Eclipse vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed seven vulnerabilities in WWBN AVideo, four in MedDream, and one in an Eclipse ThreadX module. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adheren | Vulnerebility blog | CISCO TALOS |
| 16.8.25 | ReVault! When your SoC turns against you… | Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. | Vulnerebility blog | CISCO TALOS |
| 16.8.25 | Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks | In 2023, Cisco Talos and partners created a special Backdoors & Breaches card deck to help NGOs improve their cybersecurity skills with practical, easy-to-use training tailored to their needs. | Malware blog | CISCO TALOS |
| 16.8.25 | CVE-2025-53770 & CVE-2025-53771: Critical On-Prem SharePoint Vulnerabilities | Two critical vulnerabilities, tracked as CVE-2025-53770 and CVE-2025-53771, have been discovered in on-premise Microsoft SharePoint. | Ransom blog | Cybereason |
| 16.8.25 | BlackSuit: A Hybrid Approach with Data Exfiltration and Encryption | In this Threat Analysis Report, Cybereason investigates a recently observed BlackSuit ransomware attack and the tools and techniques the threat actors used. | Vulnerebility blog | Cybereason |
| 16.8.25 | Supply-chain dependencies: Check your resilience blind spot | Does your business truly understand its dependencies, and how to mitigate the risks posed by an attack on them? | Cyber blog | Eset |
| 16.8.25 | How the always-on generation can level up its cybersecurity game | Digital natives are comfortable with technology, but may be more exposed to online scams and other threats than they think | Cyber blog | Eset |
| 16.8.25 | WinRAR zero-day exploited in espionage attacks against high-value targets | The attacks used spearphishing campaigns to target financial, manufacturing, defense, and logistics companies in Europe and Canada, ESET research finds | Exploit blog | Eset |
| 16.8.25 | Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability | ESET Research discovered a zero-day vulnerability in WinRAR being exploited in the wild in the guise of job application documents; the weaponized archives exploited a path traversal flaw to compromise their targets | Vulnerebility blog | Eset |
| 16.8.25 | Black Hat USA 2025: Is a high cyber insurance premium about your risk, or your insurer’s? | A sky-high premium may not always reflect your company’s security posture | Cyber blog | Eset |
| 16.8.25 | Android adware: What is it, and how do I get it off my device? | Is your phone suddenly flooded with aggressive ads, slowing down performance or leading to unusual app behavior? Here’s what to do. | Malware blog | Eset |
| 16.8.25 | Black Hat USA 2025: Policy compliance and the myth of the silver bullet | Cyber blog | Eset | |
| 16.8.25 | Black Hat USA 2025: Does successful cybersecurity today increase cyber-risk tomorrow? | Cyber blog | Eset | |
| 16.8.25 | ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch | Ransom blog | Eset | |
| 16.8.25 | Is your phone spying on you? | Unlocked 403 cybersecurity podcast (S2E5) | Here's what you need to know about the inner workings of modern spyware and how to stay away from apps that know too much | Cyber blog | Eset |
| 16.8.25 | Why the tech industry needs to stand firm on preserving end-to-end encryption | Restricting end-to-end encryption on a single-country basis would not only be absurdly difficult to enforce, but it would also fail to deter criminal activity | Cyber blog | Eset |
| 16.8.25 | This month in security with Tony Anscombe – July 2025 edition | Here's a look at cybersecurity stories that moved the needle, raised the alarm, or offered vital lessons in July 2025 | Cyber blog | Eset |
| 16.8.25 | SparkRAT: Exploiting Architectural Weaknesses in Open-Source Offensive Tools | SparkRAT is an open-source, freely available, and widely used Remote Access Trojan and C2 server, all of which led us to want to explore it further. | Malware blog | F5 |
| 16.8.25 | From Chrome renderer code exec to kernel with MSG_OOB | In early June, I was reviewing a new Linux kernel feature when I learned about the MSG_OOB feature supported by stream-oriented UNIX domain sockets | Hacking blog | Project Zero |
| 16.8.25 | A Comprehensive Analysis of HijackLoader and its Infection Chain | HijackLoader, a stealthy loader which delivers a wide variety of payloads, has been found to be spreading using fake download links on various piracy websites as well as SEO poisoning using legitimate websites. I | Malware blog | Trelix |
| 16.8.25 | Exposing PathWiper: DCOM Abuse and Network Erasure | This blog explores how attackers used Distributed Component Object Model (DCOM) as a lateral movement technique to distribute PathWiper, and how Trellix Network Detection and Response (NDR) detects and visualizes such activities. | Malware blog | Trelix |
| 16.8.25 | The Bug Report - July 2025 Edition | Beat the heat and the hackers! Our July 2025 Bug Report details unauthenticated RCEs & critical flaws in SharePoint, Git, FTP, and FortiWeb. Patch immediately! | Vulnerebility blog | Trelix |
| 16.8.25 | Gang Wars: Breaking Trust Among Cyber Criminals | Over the past few years, the Ransomware-as-a-Service (RaaS) model rose to dominance, structured like criminal empires, complete with brands, affiliate programs, and professional operations. What once looked like organized crime, now more closely resembles a paranoid, fractured ecosystem where loyalty is temporary and betrayal is expected. Today, we’re watching the RaaS model unravel. | Ransom blog | Trelix |