AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog
2025 January(29) February(72) March(67) April(108) May(118) June(159) July(143) August(131) September(170) October(145) November(166) December(126)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 27.12.25 | RTO Scam Wave Continues: A Surge in Browser-Based e-Challan Phishing and Shared Fraud Infrastructure | CRIL Uncovers a New Wave of Browser-Based e-Challan Phishing Powered by Shared Fraud Infrastructure. | Spam blog | |
| 27.12.25 | The Week in Vulnerabilities: More Than 2,000 New Flaws Emerge | Vulnerabilities from Microsoft, Adobe and Fortinet are among those getting attention during a record week for new flaws. | Vulnerebility blog | |
| 27.12.25 | UNG0801: Tracking Threat Clusters obsessed with AV Icon Spoofing targeting Israel | Key Targets. Industries Affected. Geographical Focus. Infection Chain – Operation IconCat. Infection Chain – I. Infection Chain – II. Campaign-Analysis – Operation IconCat. Campaign-I Initial Findings. Looking into the malicious PDF File. Technical Analysis. Malicious PyInstaller implant – PYTRIC... | Vulnerebility blog | Seqrite |
| 27.12.25 | Indian Income Tax-Themed Phishing Campaign Targets Local Businesses | Introduction Over the past few months, tax-themed phishing and malware campaigns have surged, particularly during and after the Income Tax Return (ITR) filing season. With ongoing public discussions around refund timelines, these scams appear more credible, giving attackers the... | Phishing blog | Seqrite |
| 27.12.25 | PLAUSIBLE DENIABILITY IN CYBERSPACE : THE STRATEGIC USE OF HACKTIVIST PROXIES | EXECUTIVE SUMMARY Hacktivist Proxy Operations describe a class of deniable cyber pressure activities in which ideologically aligned, non-state cyber groups conduct | Hacking blog | Cyfirma |
| 27.12.25 | 2025: The Year of Network Device Exploitation Adds Three More | 2025 has been the year of network exploitation, with numerous CISA Emergency Directives issued about Cisco products, the F5 data breach, and an 8x increase in network device exploitation as reported by Verizon. | Hacking blog | Eclypsium |
| 27.12.25 | A brush with online fraud: What are brushing scams and how do I stay safe? | Have you ever received a package you never ordered? It could be a warning sign that your data has been compromised, with more fraud to follow. | Spam blog | |
| 27.12.25 | Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component | A comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of mass exploitation | Vulnerebility blog | |
| 25.12.25 | GuardDuty Extended Threat Detection uncovers cryptomining campaign on Amazon EC2 and Amazon ECS | Amazon GuardDuty and our automated security monitoring systems identified an ongoing cryptocurrency (crypto) mining campaign beginning on November 2, 2025. The operation uses compromised AWS Identity and Access Management (IAM) credentials to target Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Compute Cloud (Amazon EC2). | Cryptocurrency blog | AWS Security Blog |
| 25.12.25 | Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure | As we conclude 2025, Amazon Threat Intelligence is sharing insights about a years-long Russian state-sponsored campaign that represents a significant evolution in critical infrastructure targeting: a tactical pivot where what appear to be misconfigured customer network edge devices became the primary initial access vector, while vulnerability exploitation activity declined. | BigBrother blog | AWS Security Blog |
| 20.12.25 | I am not a robot: ClickFix used to deploy StealC and Qilin | The fake human verification process led to infostealer and ransomware infections | Ransom blog | SOPHOS |
| 20.12.25 | Game of clones: Sophos and the MITRE ATT&CK Enterprise 2025 Evaluations | Winter is coming – so it must be time for Sophos X-Ops’ report on this year’s MITRE ATT&CK Enterprise Evaluations | Cyber blog | SOPHOS |
| 20.12.25 | Uncovering Hidden Forensic Evidence in Windows: The Mystery of AutoLogger-Diagtrack-Listener.etl | FortiGuard IR uncovers forensic insights in Windows AutoLogger-Diagtrack-Listener.etl, a telemetry artefact with untapped investigative value. | Malware blog | FORTINET |
| 20.12.25 | Key Insights Insider recruitment is a growing cyber threat across banks, telecoms, and tech firms. ... | Cyber blog | CHECKPOINT | |
| 20.12.25 | Executive Summary Ink Dragon, a Chinese espionage group, has expanded from Asia and South America . | APT blog | CHECKPOINT | |
| 20.12.25 | Key Insights AI and automation have made holiday scams smarter and harder to detect. Over ... | Phishing blog | CHECKPOINT | |
| 20.12.25 | Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns | CRIL has identified a commodity loader being leveraged by various threat actors in targeted email campaigns. | Malware blog | |
| 20.12.25 | India Criminalizes Tampering with Telecommunication Identifiers and Unauthorized Radio Equipment Under the Telecommunications Act | India’s Telecommunications Act punishes SIM tampering and possession of unauthorized equipment, boosting accountability and telecom cybersecurity. | BigBrother blog | |
| 20.12.25 | Australia’s ACSC Releases Quantum Technology Primer for Cybersecurity Leaders | ACSC’s Technology Primer explains how Quantum Technology will impact cybersecurity, encryption, and long-term risk planning for organizations. | Cyber blog | |
| 20.12.25 | The Week in Vulnerabilities: Cyble Tracks New ICS Threats, Zero-Days, and Active Exploitation | CRIL reports this week’s IT vulnerabilities, highlighting zero-days, active exploits, and trending threats across IT and industrial networks. | Vulnerebility blog | |
| 20.12.25 | APT36 LNK-BASED MALWARE CAMPAIGN LEVERAGING MSI PAYLOAD DELIVERY | EXECUTIVE SUMMARY CYFIRMA is dedicated to providing advanced warning and strategic analysis of the evolving cyber threat landscape. Our latest report analyzes a targeted malware campaign attributed to APT-36, which… | APT blog | |
| 20.12.25 | Quishing Campaigns : Advanced QR-Code Phishing Evaluation and Insights | EXECUTIVE SUMMARY CYFIRMA examines a sophisticated phishing campaign that leverages QR-code-based delivery, commonly referred to as “quishing,” to target employees with | Phishing blog | |
| 20.12.25 | The Hitch-hacker’s Guide to the Galaxy’s Edge: 2025 in Cyber Stats | We’re big fans of The Hitchhiker’s Guide to the Galaxy here at Eclypsium. We know as well as you that 42 is the answer to the question of the meaning of life, the universe, and everything. So in honor of the release of version 4.2 of our Supply Chain Security Platform, we pulled together a recap of some of the biggest cyber stats of the year from our own R&D and the broader cybersecurity research community. We made this video so you can see what we see. Think of it as a Spotify Wrapped for the cyber risk universe in 2025. | Cyber blog | Eclypsium |
| 20.12.25 | How to Operationalize NSA Guidance on UEFI Secure Boot at Scale | The NSA’s newly released Guidance for Managing UEFI Secure Boot signals a long-overdue but critical shift: firmware-level security is no longer a footnote in cybersecurity policy; it’s front and center. For those of us who’ve spent years addressing firmware risks across the enterprise, the guidance is welcome and timely, as malware that bypasses Secure Boot has grown increasingly common. The NSA’s guidance adds visibility and credibility to an issue that is reaching a tipping point in urgency. | BigBrother blog | Eclypsium |
| 20.12.25 | Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components | CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components and related frameworks. | Vulnerebility blog | Microsoft blog |
| 20.12.25 | React2Shell (CVE-2025-55182) Critical Unauthenticated RCE | SonicWall Capture Labs’ threat research team became aware of CVE-2025-55182 (React2Shell), assessed its impact and developed mitigation measures. React2Shell is a critical, unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) in React 19.0.0 through 19.2.0. | Vulnerebility blog | SonicWall |
| 20.12.25 | Fake ChatGPT delivers Real Cryptominer | ChatGPT (OpenAI) remains widely considered the most popular and visited AI tool. Due to this immense popularity, it is common for cybercriminals to create fake applications that mimic the official OpenAI interface to trick users into installing malware. This week, SonicWall Capture Labs Threat Research Team analyzed a trojanized .NET Webview2 ChatGPT wrapper that is used to silently deliver a cryptomining software. | AI blog | SonicWall |
| 20.12.25 | From Linear to Complex: An Upgrade in RansomHouse Encryption | RansomHouse is a ransomware-as-a-service (RaaS) operation run by a group that we track as Jolly Scorpius. Recent samples of the associated binaries used in RansomHouse operations reveal a significant upgrade in encryption. This article explores the upgrade of RansomHouse encryption and the potential impact for defenders. | Ransom blog | Palo Alto |
| 20.12.25 | Inside Ink Dragon: Revealing the Relay Network and Inner Workings of a Stealthy Offensive Operation | In recent months, Check Point Research has identified a new wave of attacks attributed to the Chinese threat actor Ink Dragon. Ink Dragon overlaps with threat clusters publicly reported as Earth Alux, Jewelbug, REF7707, CL-STA-0049, among others. | APT blog | CHECKPOINT |
| 20.12.25 | GachiLoader: Defeating Node.js Malware with API Tracing | The YouTube Ghost Network is a malware distribution network that uses compromised accounts to promote malicious videos and spread malware, such as infostealers. | Malware blog | CHECKPOINT |
| 20.12.25 | UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager | Cisco Talos is tracking the active targeting of Cisco AsyncOS Software for Cisco Secure Email Gateway, formerly known as Cisco Email Security Appliance (ESA), and Cisco Secure Email and Web Manager, formerly known as Cisco Content Security Management Appliance (SMA). | APT blog | |
| 20.12.25 | Adios 2025, you won’t be missed | This week, Joe laments on 2025, and what we can think of in 2026 in the wild world of cybersecurity. | Cyber blog | |
| 20.12.25 | Lexi DiScola’s guide to global teamwork and overflowing TBRs | Lexi DiScola shares how her unconventional path led her to global cyber threat analysis and highlights the power of diverse backgrounds on an international team | Cyber blog | |
| 20.12.25 | LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan | ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage tools across networks of governmental institutions | APT blog | |
| 20.12.25 | ESET Threat Report H2 2025 | A view of the H2 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts | Cyber blog | |
| 20.12.25 | Amadey Exploiting Self-Hosted GitLab to Distribute StealC | Discover how Amadey loader abuses compromised self-hosted GitLab infrastructure to distribute StealC infostealer, evading security controls through trusted platforms. | Malware blog | Trelix |
| 20.12.25 | The Fake Domain Controller You Didn’t See Coming: Detecting DCShadow Attacks Using Trellix NDR | Understanding how DCShadow works and how to detect it is critical for protecting your identity infrastructure, whether you're a SOC analyst, Active Directory administrator, or member of a red team or incident response function. | Malware blog | Trelix |
| 13.12.25 | Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary | Throughout 2025, CrowdStrike has identified multiple intrusions targeting VMware vCenter environments at U.S.-based entities, in which newly identified China-nexus adversary WARP PANDA deployed BRICKSTORM malware. WARP PANDA exhibits a high level of technical sophistication, advanced operations security (OPSEC) skills, and extensive knowledge of cloud and virtual machine (VM) environments. | APT blog | CROWDTRIKE |
| 13.12.25 | Falcon Shield Evolves with AI Agent Visibility and Falcon Next-Gen SIEM Integration | CrowdStrike Falcon Shield will provide a centralized view of AI agents across applications and now integrates first-party SaaS telemetry into Falcon Next-Gen SIEM. | AI blog | CROWDTRIKE |
| 13.12.25 | A month with no Critical-severity Windows bugs is overshadowed by a mass of Mariner mop-up | Vulnerebility blog | SOPHOS | |
| 13.12.25 | React2Shell flaw (CVE-2025-55182) exploited for remote code execution | The availability of exploit code will likely lead to more widespread opportunistic attacks | Vulnerebility blog | SOPHOS |
| 13.12.25 | GOLD SALEM tradecraft for deploying Warlock ransomware | Analysis of the tradecraft evolution across 6 months and 11 incidents | Ransom blog | SOPHOS |
| 13.12.25 | Inside Shanya, a packer-as-a-service fueling modern attacks | The ransomware scene gains another would-be EDR killer | Ransom blog | SOPHOS |
| 13.12.25 | Sharpening the knife: GOLD BLADE’s strategic evolution | Updates include novel abuse of recruitment platforms, modified infection chains, and expansion into a | APT blog | SOPHOS |
| 13.12.25 | Uncovering Hidden Forensic Evidence in Windows: The Mystery of AutoLogger-Diagtrack-Listener.etl | FortiGuard IR uncovers forensic insights in Windows AutoLogger-Diagtrack-Listener.etl, a telemetry artefact with untapped investigative value. | Cyber blog | FORTINET |
| 13.12.25 | Cyber attacks against the United States are no longer isolated events or technical headaches. They ... | Cyber blog | CHECKPOINT | |
| 13.12.25 | The hyperconnected world has made it easier than ever for businesses and consumers to exchange | Phishing blog | CHECKPOINT | |
| 13.12.25 | In November 2025, global cyber activity continued its upward trend, with organizations experiencing an average ... | Ransom blog | CHECKPOINT | |
| 13.12.25 | New NIS-2 Law in Germany Expands Cybersecurity Oversight and Introduces Heavy Fines | The NIS-2 Implementation Act in Germany increases oversight, executive accountability, and penalties while organizations prepare for compliance. | BigBrother blog | |
| 13.12.25 | The Week in Vulnerabilities: Cyble Urges D-Link, React Server Fixes | This week’s report looks at 12 IT and 6 ICS vulnerabilities at high risk of exploitation, affecting both consumer and enterprise environments. | Vulnerebility blog | |
| 13.12.25 | Zero-Day to Zero-Hour: React2Shell (CVE-2025-55182) Becomes One of the Most Rapidly Weaponized RSC Vulnerability | React2Shell (CVE-2025-55182) was exploited within minutes by China-nexus groups, exposing critical weaknesses in React Server Components. | Vulnerebility blog | |
| 13.12.25 | Deceptive Layoff-Themed HR Email Distributes Remcos RAT Malware | Over the past few months, job economy has been marked by uncertainty, with constant news about layoffs, restructuring, hiring freezes, and aggressive cost-cutting measures. This atmosphere has created widespread anxiety among both employees and organizations, and cybercriminals have quickly... | Malware blog | |
| 13.12.25 | Operation MoneyMount-ISO — Deploying Phantom Stealer via ISO-Mounted Executables | Table of Contents: Introduction: Targeted sectors: Initial Findings about Campaign: Analysis of Phishing Mail: Infection Chain: Technical Analysis: Stage-1: Analysis of Malicious ISO file. Stage-2: Analysis of Executable. Analysis of 1st Payload Analysis of 2nd Payload (Phantom Stealer) Conclusion:... | APT blog | Seqrite |
| 13.12.25 | Operation FrostBeacon: Multi-Cluster Cobalt Strike Campaign Targets Russia | Operation FrostBeacon: Multi-Cluster Cobalt Strike Campaign Targets Russia Contents Introduction Key Targets Geographical Focus Industries Affected LNK Cluster Initial Access: Archive Delivery Phishing Email and Decoys Malicious LNK and HTA Loader Obfuscated PowerShell Payload CVE Cluster Phishing Emails Chaining... | APT blog | Seqrite |
| 13.12.25 | NexusRoute: Attempting to Disrupt an Indian Government Ministry | EXECUTIVE SUMMARY At CYFIRMA, we are committed to offering up-to-date insights into prevalent threats and tactics employed by malicious actors, targeting both organizations | Malware blog | |
| 13.12.25 | RTO Challan Fraud: A Technical Report on APK-Based Financial and Identity Theft | EXECUTIVE SUMMARY CYFRIMA’s research team uncovered a sophisticated mobile-based fraud operation distributing a malicious “RTO Challan / e-Challan” Android application | APT blog | |
| 13.12.25 | APT PROFILE – GROUP 123 | Group123 is a North Korean state-sponsored advanced persistent threat (APT) group active since at least 2012. It is also tracked under other names such as APT37, Reaper, and | APT blog | |
| 13.12.25 | Holiday Hardware Hacking Gift Guide | Small, portable, and customizable hardware used for a wide variety of hacking tasks has become increasingly popular in the past few years. Since the release of the FlipperZero in 2022, many projects have been created to enable the same features available on the FlipperZero using less expensive hacking devices that support a wide range of functionality. | Hacking blog | Eclypsium |
| 13.12.25 | Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack | The Shai‑Hulud 2.0 supply chain attack represents one of the most significant cloud-native ecosystem compromises observed recently. | Hacking blog | Microsoft blog |
| 13.12.25 | Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know | CVE-2025-55182 is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks (see the context section for a more exhaustive list of affected frameworks). | Vulnerebility blog | |
| 13.12.25 | AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows | In this blog entry, Trend™ Research provides a comprehensive breakdown of GhostPenguin, a previously undocumented Linux backdoor with low detection rates that was discovered through AI-powered threat hunting and in-depth malware analysis. | AI blog | |
| 13.12.25 | Trend Vision One™ Stacks Up Against Scattered Spider and Mustang Panda in 2025 MITRE ATT&CK® Evaluations | Enterprise 2025 introduces the first full cloud adversary emulation and expanded multi-platform testing, focusing on two advanced threat areas: Scattered Spider’s cloud-centric attacks and Mustang Panda’s long-term espionage operations. | APT blog | |
| 13.12.25 | Trend Vision One™ Integration with AWS Security Hub CSPM: Unifying Cloud Security | The integration between Trend Vision One and Security Hub CSPM is exactly that, two powerful platforms enhancing each other to keep your AWS infrastructure protected. | Cyber blog | |
| 13.12.25 | SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics | In November, a targeted spear-phishing campaign was observed using Trend Micro-themed lures against various industries, but this was quickly detected and thwarted by the Trend Vision One™ platform. | Phishing blog | |
| 13.12.25 | CVE-2025-55182: React2Shell Analysis, Proof-of-Concept Chaos, and In-the-Wild Exploitation | CVE-2025-55182 is a CVSS 10.0 pre-authentication RCE affecting React Server Components. Amid the flood of fake proof-of-concept exploits, scanners, exploits, and widespread misconceptions, this technical analysis intends to cut through the noise. | Vulnerebility blog | |
| 13.12.25 | Understanding SalatStealer: A Threat Actor’s Golang Stealer Toolset | This week, SonicWall Capture Labs Threat Research Team analyzed a sample of SalatStealer. This is a Golang malware capable of infiltrating a system and enumerating through browsers, files, cryptowallets and systems while embedding a complete array of monitoring tools to push and pull any data on disk. | Malware blog | SonicWall |
| 13.12.25 | Microsoft Security Bulletin Coverage for December 2025 | Microsoft’s December 2025 Patch Tuesday has 55 vulnerabilities, of which 27 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of December 2025 and has produced coverage for 7 of the reported vulnerabilities. | Vulnerebility blog | SonicWall |
| 13.12.25 | Underground Sharp Infostealer Dev Sells Modded Gremlin Source Code | The SonicWall Capture Labs Threat Research Team has recently been tracking infostealer malware stemming from the Sharp malware family. While analyzing a variant of Sharp infostealer, we came across a reference to a Telegram channel that leads to a person claiming to be the developer of this malware. | Malware blog | SonicWall |
| 13.12.25 | React2Shell (CVE-2025-55182) Critical Unauthenticated RCE | SonicWall Capture Labs’ threat research team became aware of CVE-2025-55182 (React2Shell), assessed its impact and developed mitigation measures. React2Shell is a critical, unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) in React 19.0.0 through 19.2.0 | Vulnerebility blog | SonicWall |
| 13.12.25 | Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite | In recent months, we have been analyzing the activity of an advanced persistent threat (APT) known for its espionage activities against Arabic-speaking government entities. We track this Middle Eastern threat actor as Ashen Lepus (aka WIRTE). | Malware blog | Palo Alto |
| 13.12.25 | 01flip: Multi-Platform Ransomware Written in Rust | In June 2025, we observed a new ransomware family named 01flip targeting a limited set of victims in the Asia-Pacific region. 01flip ransomware is fully written in the Rust programming language and supports multi-platform architectures by leveraging the cross-compilation feature of Rust. | Ransom blog | |
| 13.12.25 | New Prompt Injection Attack Vectors Through MCP Sampling | This article examines the security implications of the Model Context Protocol (MCP) sampling feature in the context of a widely used coding copilot application. MCP is a standard for connecting large language model (LLM) applications to external data sources and tools. | AI blog | |
| 13.12.25 | Exploitation of Critical Vulnerability in React Server Components | Unit 42 has identified activity that reportedly shares overlap with North Korean (DPRK) Contagious Interview tooling, though no formal attribution has occurred at this time. Contagious Interview is a campaign where threat actors associated with the DPRK pose as recruiters to install malware on the devices of job seekers in the tech industry. | APT blog | |
| 13.12.25 | Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits | Check Point Research (CPR) presents a full dissection of the widely used ValleyRAT backdoor, also known as Winos/Winos4.0, covering its modular architecture and plugin system. | Malware blog | CHECKPOINT |
| 13.12.25 | New BYOVD loader behind DeadLock ransomware attack | Cisco Talos has uncovered a new DeadLock ransomware campaign using a previously unknown BYOVD loader to exploit a Baidu Antivirus driver vulnerability, letting threat actors disable EDR defenses and escalate attacks. | Ransom blog | |
| 13.12.25 | One newsletter to rule them all | Hazel embarks on a creative fitness journey, virtually crossing Middle-earth via The Conqueror app while sharing key cybersecurity insights. | Cyber blog | |
| 13.12.25 | Microsoft Patch Tuesday for December 2025 — Snort rules and prominent vulnerabilities | The Patch Tuesday for December of 2025 includes 57 vulnerabilities, including two that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” Microsoft assessed that exploitation of the two “critical” vulnerabilities is “less likely.” | Vulnerebility blog | |
| 13.12.25 | New in Snort3: Enhanced rule grouping for greater flexibility and control | Today, Cisco Talos is introducing new capabilities for Snort3 users within Cisco Secure Firewall to give you greater flexibility in how you manage, organize, and prioritize detection rules. | Cyber blog | |
| 13.12.25 | Socomec DIRIS Digiware M series and Easy Config, PDF XChange Editor vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed an out-of-bounds read vulnerability in PDF XChange Editor, and ten vulnerabilities in Socomec DIRIS Digiware M series and Easy Config products. The vulnerabilities mentioned in this blog post have been p | Vulnerebility blog | |
| 13.12.25 | Your year-end infosec wrapped | Bill explores how our biggest mistakes can be the catalysts for growth that we need. This week’s newsletter promises stories, lessons, and a fresh perspective on failure. | Exploit blog | CISCO TALOS |
| 13.12.25 | Black Hat Europe 2025: Was that device designed to be on the internet at all? | Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found | Cyber blog | |
| 13.12.25 | Black Hat Europe 2025: Reputation matters – even in the ransomware economy | Being seen as reliable is good for ‘business’ and ransomware groups care about 'brand reputation' just as much as their victims | Cyber blog | |
| 13.12.25 | Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity | If you don’t look inside your environment, you can’t know its true state – and attackers count on that | Cyber blog | |
| 13.12.25 | Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece | Interpreting the vast cybersecurity vendor landscape through the lens of industry analysts and testing authorities can immensely enhance your cyber-resilience. | Hacking blog | Eset |
| 13.12.25 | The big catch: How whaling attacks target top executives | Is your organization’s senior leadership vulnerable to a cyber-harpooning? Learn how to keep them safe. | Hacking blog | Eset |
| 13.12.25 | A look at an Android ITW DNG exploit | Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. Thanks to a lead from Meta, these samples came to the attention of Google Threat Intelligence Group. | Exploit blog | Project Zero |
| 13.12.25 | Silent Domain Hijack: Detecting DCSync with Trellix NDR | This blog provides a step-by-step breakdown of DCSync attacks, covering privilege escalation and replication requests. It also includes real-world command examples using tools like Mimikatz to carry out the attack and detection strategies that go beyond signature-based methods to detect behavioural anomalies in replication traffic. | Hacking blog | Trelix |
| 13.12.25 | Dark Web Roast – November 2025 Edition | The new security threat is speed. Learn why you must pause, verify, and secure your systems before deploying any AI-generated code. | Cyber blog | Trelix |
| 7.12.25 | Cloudflare's 2025 Q3 DDoS threat report -- including Aisuru, the apex of botnets | Welcome to the 23rd edition of Cloudflare’s Quarterly DDoS Threat Report. This report offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the third quarter of 2025. | Attack blog | CLOUDFARE |
| 7.12.25 | Smile, You’re on Camera: A Live Stream from Inside Lazarus Group’s IT Workers Scheme | his work is a collaboration between Mauro Eldritch from BCA LTD, a company dedicated to threat intelligence and hunting, Heiner García from NorthScan, a threat intelligence initiative uncovering North Korean IT worker infiltration, and ANY.RUN, the leading company in malware analysis and threat intelligence. | APT blog | ANYRUN |
| 7.12.25 | Analysing a malvertising attack targeting business Google accounts intercepted by Push | Our browser-based security platform recently intercepted a malvertising attack against Push customers. This attack was notable in that it used malvertising via Google Search as the delivery vector, circumventing email-based security controls. Here’s our breakdown. | Malware blog | PUSHSECURITY |
| 7.12.25 | Uncovering a Calendly-themed phishing campaign targeting business ad manager accounts | We recently investigated a large-scale phishing campaign that demonstrated a number of advanced detection evasion techniques and social engineering tactics, specifically targeting accounts used to manage business ads. Here’s what you need to know. | Phishing blog | PUSHSECURITY |
|
6.12.25 |
|
Updates include novel abuse of recruitment platforms, modified infection chains, and expansion into a hybrid operation that combines data theft and ransomware deployment |
||
|
6.12.25 |
In early 2025, Volexity published two blog posts detailing a new trend among Russian threat actors targeting organizations through the abuse of Microsoft 365 OAuth and Device Code authentication workflows to |
|||
|
6.12.25 |
FortiGuard Labs uncovers UDPGangster campaigns linked to MuddyWater, using macro-laden phishing lures, evasion techniques, and UDP backdoors to target multiple countries |
|||
|
6.12.25 |
FortiGuard Labs discovered new Symbiote and BPFDoor variants exploiting eBPF filters to enhance stealth through IPv6 support, UDP traffic, and dynamic port hopping for covert C2 communication. |
|||
|
6.12.25 |
|
Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate unimpeded. A prominent name continues to surface in the world of mercenary spyware, Intellexa. Known for its “Predator” spyware, the company was sanctioned by the US Government. New Google Threat Intelligence Group (GTIG) analysis shows that Intellexa is evading restrictions and thriving. |
||
|
6.12.25 |
|
Google Threat Intelligence Group's findings on adversarial misuse of AI, including Gemini and other non-Google tools. |
||
|
6.12.25 |
Australia’s National AI Plan sets a roadmap for innovation, safety, and workforce readiness, shaping the nation’s long-term approach to responsible AI adoption. |
|||
|
6.12.25 |
V3G4 Botnet Evolves: From DDoS to Covert Cryptomining |
CRIL has uncovered an active V3G4 campaign using a Mirai-derived botnet alongside a fileless, runtime-configured cryptominer. |
||
|
6.12.25 |
Ransomware and Supply Chain Attacks Neared Records in November |
Ransomware and supply chain attacks hit their second-highest levels ever in November, and the attack types are overlapping in concerning ways. |
||
|
6.12.25 |
South Africa Aligns Local Realities with Global Cybersecurity Standards |
South Africa shifts to a culturally informed, locally grounded cybersecurity strategy to combat rising threats and strengthen national digital resilience. |
||
|
6.12.25 |
Operation DupeHike : UNG0902 targets Russian employees with DUPERUNNER and AdaptixC2 |
Contents Introduction Key Targets. Industries Affected. Geographical Focus. Infection Chain. Initial Findings. Looking into the decoy-document Technical Analysis Stage 1 – Malicious LNK Script Stage 2 – DUPERUNNER Implant Stage 3 – AdaptixC2 Beacon. Infrastructural Artefacts. Conclusion SEQRITE Protection.... |
||
|
6.12.25 |
EXECUTIVE SUMMARY November 2025 witnessed a dynamic reshaping of the ransomware landscape, characterized by shifts in group activity and the evolution of attack |
|||
|
6.12.25 |
SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases |
EXECUTIVE SUMMARY At Cyfirma, we are committed to providing up-to-date insights into current threats and the tactics used by malicious actors targeting both organizations |
||
|
6.12.25 |
APT36 Python Based ELF Malware Targeting Indian Government Entities |
EXECUTIVE SUMMARY CYFIRMA has uncovered an active cyber-espionage campaign conducted by APT36 (Transparent Tribe), a Pakistan-based threat actor known for persistent |
||
|
6.12.25 |
Strengthening Telecom Security in a Voluntary Compliance Landscape |
The recent decision by the Federal Communications Commission to roll back cybersecurity rules for telecom companies, will reshape the regulatory landscape for U.S. telecom carriers. As of January 2025, telecom companies were required to complete annual attestations and structured risk-management plans. |
||
|
6.12.25 |
Unraveling Water Saci's New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp |
Through AI-driven code conversion and a layered infection chain involving different file formats and scripting languages, the threat actors behind Water Saci are quickly upgrading their malware delivery and propagation methods across WhatsApp in Brazil. |
||
|
6.12.25 |
Project View: A New Era of Prioritized and Actionable Cloud Security |
In today's cloud-first world, security teams face an overwhelming flood of alerts, fragmented visibility, and reactive workflows. The complexity of modern cloud environments—spanning multi-cloud deployments, ephemeral assets, and decentralized ownership—demands a new approach to risk management. |
||
|
6.12.25 |
Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know |
CVE-2025-55182 is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks (see the context section for a more exhaustive list of affected frameworks). |
||
|
6.12.25 |
This article examines the security implications of the Model Context Protocol (MCP) sampling feature in the context of a widely used coding copilot application. MCP is a standard for connecting large language model (LLM) applications to external data sources and tools. |
|||
|
6.12.25 |
The Browser Defense Playbook: Stopping the Attacks That Start on Your Screen |
Users can work from a wider range of locations and devices, accessing full “desktops” inside a browser tab. Organizations can manage apps and browser access easier than through localized desktop software. This all allows for greater central management, lower costs and better flexibility. |
||
|
6.12.25 |
Critical Vulnerabilities in React Server Components and Next.js |
On Dec. 3, 2025, researchers publicly disclosed critical remote code execution (RCE) vulnerabilities in the Flight protocol used by React Server Components (RSC). These vulnerabilities are tracked as CVE-2025-55182 (React) and CVE-2025-66478 (Next.js), which have been assigned a maximum severity rating of CVSS 10.0. |
||
|
6.12.25 |
CVE-2025-61260 — OpenAI Codex CLI: Command Injection via Project-Local Configuration |
OpenAI Codex CLI is OpenAI’s command-line tool that brings AI model-backed reasoning into developer workflows. It can read, edit, and run code directly from the terminal, making it possible to interact with projects using natural language commands, automate tasks, and streamline day-to-day development One of its key features is MCP (Model Context Protocol) – a standardized way to integrate external tools and services into the Codex environment, allowing developers to extend the CLI’s capabilities with custom functionality and automated workflows. |
||
|
6.12.25 |
Generative AI is rapidly transforming cybersecurity for both defenders and attackers. This blog highlights current uses, emerging threats, and the evolving landscape as capabilities advance. |
|||
|
6.12.25 |
Bill explores how our biggest mistakes can be the catalysts for growth that we need. This week’s newsletter promises stories, lessons, and a fresh perspective on failure. |
|||
|
6.12.25 |
Join Bill Largent as he shares his passion for learning, the connection between reading and empathy, and offers fresh insights for the next generation of security professionals. |
|||
|
6.12.25 |
Do robots dream of secure networking? Teaching cybersecurity to AI systems |
This blog demonstrates a proof of concept using LangChain and OpenAI, integrated with Cisco Umbrella API, to provide AI agents with real-time threat intelligence for evaluating domain dispositions. |
||
|
6.12.25 |
Socomec DIRIS Digiware M series and Easy Config, PDF XChange Editor vulnerabilities |
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed an out-of-bounds read vulnerability in PDF XChange Editor, and ten vulnerabilities in Socomec DIRIS Digiware M series and Easy Config products. The vulnerabilities mentioned in this blog post have been p |
||
|
6.12.25 |
Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture |
Identity is effectively the new network boundary. It must be protected at all costs. |
||
|
6.12.25 |
||||
|
6.12.25 |
Oversharing is not caring: What’s at stake if your employees post too much online |
|||
|
6.12.25 |
CVE-2025-55182: Critical Vulnerability, React2Shell, Allows for Unauthenticated RCE |
A critical vulnerability dubbed “React2Shell”, being tracked as CVE-2025-55182 with a CVSS score of 10.0, was recently discovered in React’s Server Components (RSC) that could allow for pre-authentication remote code execution |
||
|
6.12.25 |
Tracking RondoDox: Malware Exploiting Many IoT Vulnerabilities |
This month, we are looking into a relatively new threat actor who is attempting to distribute the RondoDox malware. It’s an interesting collection of residential IP addresses used for distribution, multi-platform malware, and shell scripts, along with intense targeting of IoT devices. |
||
|
6.12.25 |
In November 2025, security researchers at Cato Networks disclosed a novel indirect prompt injection technique they named ‘HashJack’. |
|||
|
6.12.25 |
The new security threat is speed. Learn why you must pause, verify, and secure your systems before deploying any AI-generated code. |
|||