BLOG 2025 AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog 2024 2023
2025 January(29) February(72) March(67) April(108) May(118) June(159) July(143) August(170) September(61) October(97) November(0) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 27.9.25 | HeartCrypt’s wholesale impersonation effort | How the notorious Packer-as-a-Service operation built itself into a hydra | Malware blog | SOPHOS |
| 27.9.25 | GOLD SALEM’s Warlock operation joins busy ransomware landscape | The emerging group demonstrates competent tradecraft using a familiar ransomware playbook and hints of ingenuity | Ransom blog | SOPHOS |
| 27.9.25 | SVG Phishing hits Ukraine with Amatera Stealer, PureMiner | A phishing campaign in Ukraine uses malicious SVG files to drop Amatera Stealer and PureMiner, enabling data theft and cryptomining. Learn more. | Phishing blog | FORTINET |
| 27.9.25 | CountLoader: Silent Push Discovers New Malware Loader Being Served in 3 Different Versions | Silent Push has discovered a new malware loader that is strongly associated with Russian ransomware gangs that we are naming: “CountLoader.” | Malware blog | Silent Push |
| 27.9.25 | Google Threat Intelligence Group (GTIG) is tracking BRICKSTORM malware activity, which is being used to maintain persistent access to victim organizations in the United States. | Malware blog | Google Threat Intelligence | |
| 27.9.25 | Iranian Threat Actor Nimbus Manticore Expands Campaigns into Europe with Advanced Malware and Fake Job Lures | Check Point Research is actively tracking Iranian threat actor Nimbus Manticore. Our latest findings show it is expanding operations into Europe and now targeting the defense, telecom, and aerospace sectors. | APT blog | CHECKPOINT |
| 27.9.25 | Australia Ransomware Landscape 2025: Rich Targets Attract Ransomware Groups | Australia’s high per-capita GDP has led to an outsized number of ransomware attacks. Here are the numbers – and 10 major attacks that hit the ANZ region. | Ransom blog | Cyble |
| 27.9.25 | Cyble Honeypots Detect Exploit Attempts of Nearly Two Dozen Vulnerabilities | Recent Cyble reports have detailed dozens of vulnerabilities under active attack by threat actors and ransomware groups. | Vulnerebility blog | Cyble |
| 27.9.25 | Australia Urges Immediate Action on Post-Quantum Cryptography as CRQC Threat Looms | ACSC urges early action as CRQC threatens current encryption. Organizations must adopt post-quantum cryptography by 2030 to protect critical data. | Cyber blog | Cyble |
| 27.9.25 | Countdown to DPDP Rules: What to Expect from the Final DPDP Rules | The wait is almost over. The final Digital Personal Data Protection (DPDP) Rules are just days away, marking the next big step after the enactment of the DPDPA in 2023. With only a few days left, organizations must gear... | Cyber blog | Seqrite |
| 27.9.25 | Why Regional and Cooperative Banks Can No Longer Rely on Legacy VPNs | Virtual Private Networks (VPNs) have been the go-to solution for securing remote access to banking systems for decades. They created encrypted tunnels for employees, vendors, and auditors to connect with core banking applications. But as cyber threats become more... | Cyber blog | Seqrite |
| 27.9.25 | CYBER THREAT LANDSCAPE- SOUTH AFRICA | Executive Summary South Africa’s cyber threat landscape has intensified sharply in 2025, reflecting the country’s position as Africa’s most digitally integrated economy and a prime targe | Cyber blog | Cyfirma |
| 27.9.25 | Investigation Report on Jaguar Land Rover Cyberattack | Executive Summary CYFIRMA analyzed the September 2, 2025, Jaguar Land Rover (JLR) cyber incident, which caused widespread disruption by shutting down global IT systems and | Incident blog | Cyfirma |
| 27.9.25 | Qatar Threat Landscape Report | Executive Summary In this report, our researchers analysed recent cyber activity targeting Qatar, including data leaks, the sale of initial access, and ransomware incidents. We explain | Cyber blog | Cyfirma |
| 27.9.25 | From MUSE to Manual: Cyberattack Analysis on European Airport Operations | Executive Summary On 19 September 2025, multiple major European airports, including London Heathrow (LHR), Brussels (BRU), and Berlin Brandenburg (BER), experienced severe | Cyber blog | Cyfirma |
| 27.9.25 | Eclypsium Acknowledged for the Firmware Protection as A Service Category in two Gartner® Hype Cycle™ R | Firmware protection is gaining increased urgency as cyberattackers from ransomware gangs to nation state APTs target firmware vulnerabilities to maintain persistence in target environments. Eclypsium has been mentioned as a sample vendor in two Gartner Hype Cycles in 2025 under the Firmware Protection as a Service product category. | APT blog | Eclypsium |
| 27.9.25 | HybridPetya Ransomware Shows Why Firmware Security Can't Be an Afterthought | Like many in our field, I thought we’d seen the last of Petya-style attacks after the chaos of 2017. | Ransom blog | Eclypsium |
| 27.9.25 | XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory | Microsoft Threat Intelligence has uncovered a new variant of the XCSSET malware, which is designed to infect Xcode projects, typically used by software developers building Apple or macOS-related applications. | Malware blog | Microsoft blog |
| 27.9.25 | AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks | Trend™ Research’s analysis of Wondershare RepairIt reveals how the AI-driven app exposed sensitive user data due to unsecure cloud storage practices and hardcoded credentials, creating risks of model tampering and supply chain attacks. | AI blog | Trend Micro |
| 27.9.25 | Domino Effect: How One Vendor's AI App Breach Toppled Giants | A single AI chatbot breach at Salesloft-Drift exposed data from 700+ companies, including security leaders. The attack shows how AI integrations expand risk, and why controls like IP allow-listing, token security, and monitoring are critical. | AI blog | Trend Micro |
| 27.9.25 | This Is How Your LLM Gets Compromised | Poisoned data. Malicious LoRAs. Trojan model files. AI attacks are stealthier than ever—often invisible until it’s too late. Here’s how to catch them before they catch you. | AI blog | Trend Micro |
| 27.9.25 | New LockBit 5.0 Targets Windows, Linux, ESXi | Trend™ Research analyzed source binaries from the latest activity from notorious LockBit ransomware with their 5.0 version that exhibits advanced obfuscation, anti-analysis techniques, and seamless cross-platform capabilities for Windows, Linux, and ESXi systems. | Ransom blog | Trend Micro |
| 27.9.25 | CNAPP is the Solution to Multi-cloud Flexibility | Cloud-native application protection platform (CNAPP) not only helps organizations protect, but offers the flexibility of multi-cloud. | Cyber blog | Trend Micro |
| 27.9.25 | Decrypting Gremlin: A Deep Dive Into The Info Stealer's Data Harvesting Engine | The SonicWall Capture Labs threat research team has recently been tracking the latest variants of Gremlin malware, a sophisticated .NET-based information stealer designed for comprehensive data exfiltration from infected Windows systems. | Malware blog | SonicWall |
| 27.9.25 | Exploited in the Wild: DELMIA Apriso Insecure Deserialization (CVE-2025-5086) | The SonicWall Capture Labs threat research team became aware of a deserialization of untrusted data vulnerability in DELMIA Apriso, assessed its impact and developed mitigation measures. | Vulnerebility blog | SonicWall |
| 27.9.25 | Nimbus Manticore Deploys New Malware Targeting Europe | Check Point Research is tracking a long‑running campaign by the Iranian threat actor Nimbus Manticore, which overlaps with UNC1549, Smoke Sandstorm, and the “Iranian Dream Job” operations. The ongoing campaign targets defense manufacturing, telecommunications, and aviation that are aligned with IRGC strategic priorities. | APT blog | Checkpoint |
| 27.9.25 | How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking | Talos discovered that a new PlugX variant’s features overlap with both the RainyDay and Turian backdoors | Malware blog | CISCO TALOS |
| 27.9.25 | Great Scott, I’m tired | Hazel celebrates unseen effort in cybersecurity and shares some PII. Completely unrelated, but did you know “Back to the Future” turns 40 this year? | Cyber blog | CISCO TALOS |
| 27.9.25 | What happens when you engage Cisco Talos Incident Response? | What happens when you bring in a team of cybersecurity responders? How do we turn chaos into control, and what is the long-term value that Talos IR provides to the organizations we work with? | Cyber blog | CISCO TALOS |
| 27.9.25 | ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices | Cisco is aware of new activity targeting certain Cisco Adaptive Security Appliances (ASA) 5500-X Series and has released three CVEs related to the event. We assess with high confidence this activity is related to same threat actor as ArcaneDoor in 2024. | Malware blog | CISCO TALOS |
| 27.9.25 | Put together an IR playbook — for your personal mental health and wellbeing | This edition pulls the curtain aside to show the realities of the VPN Filter campaign. Joe reflects on the struggle to prevent burnout in a world constantly on fire. | Cyber blog | CISCO TALOS |
| 27.9.25 | Alex Ryan: From zero chill to quiet confidence | Discover how a Cisco Talos Incident Response expert transitioned from philosophy to the high-stakes world of incident command, offering candid insights into managing burnout and finding a supportive team. | Cyber blog | CISCO TALOS |
| 27.9.25 | Roblox executors: It’s all fun and games until someone gets hacked | You could be getting more than you bargained for when you download that cheat tool promising quick wins | Cyber blog | Eset |
| 27.9.25 | DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception | Malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers | AI blog | Eset |
| 27.9.25 | Watch out for SVG files booby-trapped with malware | What you see is not always what you get as cybercriminals increasingly weaponize SVG files as delivery vectors for stealthy malware | Malware blog | Eset |
| 27.9.25 | Pointer leaks through pointer-keyed data structures | Some time in 2024, during a Project Zero team discussion, we were talking about how remote ASLR leaks would be helpful or necessary for exploiting some types of memory corruption bugs, specifically in the context of Apple devices. | Hacking blog | Project Zero |
| 27.9.25 | npm Account Hijacking and the Rise of Supply Chain Attacks | Trellix provides an in-depth examination of the Shai-Hulud worm campaign, with guidance for organizations to better protect themselves | Hacking blog | Trelix |
| 27.9.25 | When AD Gets Breached: Detecting NTDS.dit Dumps and Exfiltration with Trellix NDR | This blog describes a real-world scenario in which threat actors gained access to a system, dumped the NTDS.dit file, and attempted to exfiltrate it while avoiding common defenses. | Cyber blog | Trelix |
| 27.9.25 | Unmasking Hidden Threats: Spotting a DPRK IT-Worker Campaign | In the North Korean IT worker employment campaign, skilled operatives from the DPRK (North Korea) pose as remote IT professionals to get hired at Western companies. | APT blog | Trelix |
| 20.9.25 | Self-replicating Shai-hulud worm spreads token-stealing malware on npm | RL researchers have detected the first self-replicating worm compromising popular npm packages with cloud token-stealing malware. | Malware blog | REVERSINGLABS |
| 20.9.25 | Ethereum smart contracts used to push malicious code on npm | RL discovered how the crypto contracts were abused — and how this incident is tied to a larger campaign to promote malicious packages on top repositories. | Cryptocurrency blog | REVERSINGLABS |
| 20.9.25 | The emerging group demonstrates competent tradecraft using a familiar ransomware playbook and hints of ingenuity | Ransom blog | SOPHOS | |
| 20.9.25 | CountLoader: Silent Push Discovers New Malware Loader Being Served in 3 Different Versions | Silent Push has discovered a new malware loader that is strongly associated with Russian ransomware gangs that we are naming: “CountLoader.” | Malware blog | Silent Push |
| 20.9.25 | Advanced Queries For Real Malware Detection in Silent Push | The Silent Push platform is capable of powerful queries for threat hunting and preemptive discovery of malicious infrastructure. Our team uses this platform every day to proactively hunt and discover infrastructure for our customers, enabling blocking and discovery of threats before they are fully operationalized. | Malware blog | Silent Push |
| 20.9.25 | The Week in Vulnerabilities: 1000+ Bugs with 135 Publicly Known PoCs | This week, critical vulnerabilities in Apple, Zimbra, Samsung, and Adobe demand urgent attention as exploits surface in the wild and underground communities weaponize flaws. | Vulnerebility blog | Cyble |
| 20.9.25 | Ransomware Landscape August 2025: Qilin Dominates as Sinobi Emerges | Qilin led in ransomware attacks in all global regions in August, but the rapid rise of Sinobi and The Gentlemen also merits attention by security teams. | Ransom blog | Cyble |
| 20.9.25 | Inside Maranhão Stealer: Node.js-Powered InfoStealer Using Reflective DLL Injection | Vulnerabilities in SAP, Sophos, Adobe and Android were among the fixes issued by vendors during a very busy Patch Tuesday week. | Malware blog | Cyble |
| 20.9.25 | DeerStealer Malware Campaign: Stealth, Persistence, and Rootkit-Like Capabilities | Executive Summary At CYFIRMA, we are dedicated to providing current insights into prevalent threats and the strategies employed by malicious entities targeting both organizations | Malware blog | Cyfirma |
| 20.9.25 | CYFIRMA : Defence Industry Threat Report | EXECUTIVE SUMMARY Between May and August 2025, CYFIRMA observed sustained cyber operations against the global defence sector, driven by both state-aligned groups and | Cyber blog | Cyfirma |
| 20.9.25 | UNMASKING A PYTHON STEALER – “XillenStealer” | EXECUTIVE SUMMARY Cyfirma’s threat intelligence assessment of XillenStealer identifies it as an open-source, Python-based information stealer publicly available on GitHub. The malware is designed to harvest sensitive system and user… | Malware blog | Cyfirma |
| 20.9.25 | DIGITAL FRONTLINES : INDIA UNDER MULTI-NATION HACKTIVIST ATTACK | DIGITAL FRONTLINES : INDIA UNDER MULTI-NATION HACKTIVIST ATTACK EXECUTIVE SUMMARY At CYFIRMA, we are committed to offering up-to-date insights into prevalent threats and tactics | Hacking blog | Cyfirma |
| 20.9.25 | Surge in Cisco ASA Scanning Hints At Coming Cyberattacks | A massive surge in scans targeting Cisco Adaptive Security Appliance (ASA) devices was observed by GreyNoise in late August 2025, with over 25,000 unique IPs probing ASA login portals in a single burst. | Hacking blog | Eclypsium |
| 20.9.25 | Going Underground: China-aligned TA415 Conducts U.S.-China Economic Relations Targeting Using VS Code Remote Tunnels | Throughout July and August 2025, TA415 conducted spearphishing campaigns targeting United States government, think tank, and academic organizations utilizing U.S.-China economic-themed lures. | APT blog | PROOFPOINT |
| 20.9.25 | EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks | Combining AI-generated code and social engineering, EvilAI operators are executing a rapidly expanding campaign, disguising their malware as legitimate applications to bypass security, steal credentials, and persistently compromise organizations worldwide. | AI blog | Trend Micro |
| 20.9.25 | What We Know About the NPM Supply Chain Attack | Trend™ Research outlines the critical details behind the ongoing NPM supply chain attack and offers essential steps to stay protected against potential compromise. | Hacking blog | Trend Micro |
| 20.9.25 | How AI-Native Development Platforms Enable Fake Captcha Pages | Cybercriminals are abusing AI-native platforms like Vercel, Netlify, and Lovable to host fake captcha pages that deceive users, bypass detection, and drive phishing campaigns. | AI blog | Trend Micro |
| 20.9.25 | Critical ViewState Deserialization Zero-Day in Sitecore (CVE-2025-53690) | The SonicWall Capture Labs threat research team identified CVE-2025-53690 and assessed its impact. Sitecore is a widely used digital experience platform (DXP) that provides content management, personalization and e-commerce capabilities for enterprises. | Vulnerebility blog | Palo Alto |
| 20.9.25 | The Risks of Code Assistant LLMs: Harmful Content, Misuse and Deception | We recently looked into AI code assistants that connect with integrated development environments (IDEs) as a plugin, much like GitHub Copilot. | Cyber blog | Palo Alto |
| 20.9.25 | Myth Busting: Why "Innocent Clicks" Don't Exist in Cybersecurity | Picture this: You snag the last spot in a parking lot and find the QR code to pay on the lamppost directly in front of you. Score! You go to pay on the website, but wait…the page is full of ads and looks very suspicious. | Cyber blog | Palo Alto |
| 20.9.25 | "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated September 19) | Palo Alto Networks Unit 42 is investigating an active and widespread software supply chain attack targeting the Node Package Manager (npm) ecosystem. | Malware blog | Palo Alto |
| 20.9.25 | Under the Pure Curtain: From RAT to Builder to Coder | Check Point Research conducted a forensic analysis of a ClickFix campaign that lured victims with fake job offers that resulted in an eight-day intrusion. | Malware blog | Checkpoint |
| 20.9.25 | Why a Cisco Talos Incident Response Retainer is a game-changer | With a Cisco Talos IR Retainer, your organization can stay resilient and ahead of tomorrow's threats. Here's how. | Cyber blog | CISCO TALOS |
| 20.9.25 | Put together an IR playbook — for your personal mental health and wellbeing | This edition pulls the curtain aside to show the realities of the VPN Filter campaign. Joe reflects on the struggle to prevent burnout in a world constantly on fire. | Cyber blog | CISCO TALOS |
| 20.9.25 | Alex Ryan: From zero chill to quiet confidence | Discover how a Cisco Talos Incident Response expert transitioned from philosophy to the high-stakes world of incident command, offering candid insights into managing burnout and finding a supportive team. | Cyber blog | CISCO TALOS |
| 20.9.25 | Maturing the cyber threat intelligence program | The Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) helps organizations assess and improve their threat intelligence programs by outlining 11 key areas and specific missions where CTI can support decision-making. | Cyber blog | CISCO TALOS |
| 20.9.25 | Beaches and breaches | Thor examines why supply chain and identity attacks took center stage in this week’s headlines, rather than AI and ransomware. | Cyber blog | CISCO TALOS |
| 20.9.25 | Microsoft Patch Tuesday for September 2025 – Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for September 2025, which includes 86 vulnerabilities affecting a range of products. | Vulnerebility blog | CISCO TALOS |
| 20.9.25 | Gamaredon X Turla collab | Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine | APT blog | Eset |
| 20.9.25 | Small businesses, big targets: Protecting your business against ransomware | Long known to be a sweet spot for cybercriminals, small businesses are more likely to be victimized by ransomware than large enterprises | Ransom blog | Eset |
| 20.9.25 | HybridPetya: The Petya/NotPetya copycat comes with a twist | HybridPetya is the fourth publicly known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality | Vulnerebility blog | Eset |
| 20.9.25 | Dark Web Roast - August 2025 Edition | The August 2025 edition of the Advanced Research Center Dark Web Roast delivers a masterclass in how not to run a criminal enterprise, showcasing threat actors who've somehow managed to combine the worst aspects of amateur hour operations with delusions of professional grandeur. | Cyber blog | Trelix |
| 13.9.25 | Go Get ‘Em: Updates to Volexity Golang Tooling | This blog post was the final deliverable for a summer internship project, which was completed under the direction of the Volexity Threat Intelligence team. If you’d like more information about | Cyber blog | VELOXITY |
| 13.9.25 | SEO Poisoning Attack Targets Chinese-Speaking Users with Fake Software Sites | FortiGuard Labs uncovered an SEO poisoning campaign targeting Chinese users with fake software sites delivering Hiddengh0st and Winos malware. | Attack blog | FORTINET |
| 13.9.25 | MostereRAT Deployed AnyDesk/TightVNC for Covert Full Access | FortiGuard Labs uncovers MostereRAT’s use of phishing, EPL code, and remote access tools like AnyDesk and TightVNC to evade defenses and seize full system control. | Malware blog | FORTINET |
| 13.9.25 | Advanced Queries For Real Malware Detection in Silent Push | The Silent Push platform is capable of powerful queries for threat hunting and preemptive discovery of malicious infrastructure. Our team uses this platform every day to proactively hunt and discover infrastructure for our customers, enabling blocking and discovery of threats before they are fully operationalized. | Cyber blog | Silent Push |
| 13.9.25 | Salt Typhoon and UNC4841: Silent Push Discovers New Domains; Urges Defenders to Check Telemetry and Log Data | It’s extremely rare for our team to publicly share details on how we found the technical fingerprints for an Advanced Persistent Threat (APT) group. We are making these details public now due to our belief that these are legacy fingerprints unlikely to appear again. | APT blog | Silent Push |
| 6.9.25 | ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) | In a recent investigation, Mandiant Threat Defense discovered an active ViewState deserialization attack affecting Sitecore deployments leveraging a sample machine key that had been exposed in Sitecore deployment guides from 2017 and earlier. An attacker leveraged the exposed ASP.NET machine key to perform remote code execution. | Vulnerebility blog | Google Threat Intelligence |
| 6.9.25 | Massive IPTV Piracy Network Uncovered by Silent Push | Security analysts face the constant challenge of gaining immediate and accurate context on IP addresses that pop up during an investigation, to minimize risk and prevent loss. | Hacking blog | Silent Push |
| 6.9.25 | Unmasking SocGholish: Silent Push Untangles the Malware Web Behind the “Pioneer of Fake Updates” and Its Operator, TA569 | SocGholish, operated by TA569, actually functions as a Malware-as-a-Service (MaaS) vendor, selling access to compromised systems to various financially motivated cybercriminal clients. | Malware blog | Silent Push |
| 6.9.25 | IP Tagging in Silent Push: VPN, Proxy and Sinkhole Detection | Silent Push has uncovered a massive Internet Protocol Television (IPTV)-based piracy network that has been active for several years and is currently hosted across more than 1,000 domains and over 10,000 IP addresses. | Malware blog | Silent Push |
| 6.9.25 | Hexstrike-AI: When LLMs Meet Zero-Day Exploitation | Key Findings: Newly released framework called Hexstrike-AI provides threat actors with an orchestration “brain” that ... | AI blog | Checkpoint |
| 6.9.25 | The Week in Vulnerabilities: Apple, Citrix Flaws Draw Threat Actor Interest | Several vulnerabilities this week were the focus of intense online discussion and face active exploitation. | Vulnerebility blog | Cyble |
| 6.9.25 | How Chinese State-Sponsored APT Actors Exploit Routers for Stealthy Cyber Espionage | Chinese state-sponsored APT groups target global telecom, government, and military networks, exploiting router vulnerabilities for stealthy, long-term cyber espionage since 2021. | APT blog | Cyble |
| 6.9.25 | Supply Chain Attacks Have Doubled. What’s Driving the Increase? | Threat actors have been able to access the most sensitive data of suppliers and their customers, serving as a wakeup call for third-party risks. | Hacking blog | Cyble |
| 6.9.25 | Google Salesforce Breach: A Deep dive into the chain and extent of the compromise | Executive Summary In early June 2025, Google’s corporate Salesforce instance (used to store contact data for small‑ and medium‑sized business clients) was compromised through a sophisticated vishing‑extortion campaign orchestrated by the threat‑group tracked as UNC6040 & UNC6240 (online cybercrime collective known | Vulnerebility blog | Seqrite |
| 6.9.25 | PromptLock: The First AI-Powered Ransomware & How It Works | Introduction AI-powered malware has become quite a trend now. We have always been discussing how threat actors could perform attacks by leveraging AI models, and here we have a PoC demonstrating exactly that. Although it has not yet been | AI blog | Seqrite |
| 6.9.25 | TYPHOON IN THE FIFTH DOMAIN : CHINA’S EVOLVING CYBER STRATEGY | EXECUTIVE SUMMARY China’s cyber operations have evolved from economic espionage to strategic, politically driven campaigns that pose significant threats to Western critical | APT blog | Cyfirma |
| 6.9.25 | Unmasked: Salat Stealer – A Deep Dive into Its Advanced Persistence Mechanisms and C2 Infrastructure | EXECUTIVE SUMMARY CYFIRMA has identified Salat Stealer (also known as WEB_RAT), a sophisticated Go-based infostealer targeting Windows systems. The malware exfiltrates browser credentials, cryptocurrency wallet data, and session | Malware blog | Cyfirma |
| 6.9.25 | EOL Devices: Exploits Will Continue Until Security Improves | Something that has caught my attention lately, both in the news and from recent leaks of threat actor groups, is that attackers continue to use what works. The technique could be something elaborate or straightforward. | Exploit blog | Eclypsium |
| 6.9.25 | Not Safe for Work: Tracking and Investigating Stealerium and Phantom Infostealers | Proofpoint researchers observed an increase in opportunistic cybercriminals using malware based on Stealerium, an open-source malware that is available “for educational purposes.” | Malware blog | PROOFPOINT |
| 6.9.25 | Three Critical Facts About Cyber Risk Management | For CISOs responsible for cyber risk management, these three insights will help build a strong and reliable foundation for your proactive security strategy. | Cyber blog | Trend Micro |
| 6.9.25 | An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps | Trend™ Research analyzed a campaign distributing Atomic macOS Stealer (AMOS), a malware family targeting macOS users. Attackers disguise the malware as “cracked” versions of legitimate apps, luring users into installation. | Malware blog | Trend Micro |
| 6.9.25 | LummaC Attacks Directly and Indirectly | This week, the SonicWall Capture Labs threat research team analyzed a sample of LummaC, a prolific infostealer. The multi-stage infection uses a combination of techniques to avoid detection, create persistence, and exfiltrate data using encryption and network methods. It is also built to resist analysis, with layers of obfuscation and code traps designed to break tools. | Malware blog | SonicWall |
| 6.9.25 | Apache NiFi Code Injection (CVE-2023-34468) | The SonicWall Capture Labs threat research team became aware of the threat CVE-2023-34468, assessed its impact and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
| 6.9.25 | Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances | Unit 42 has observed activity consistent with a specific threat actor campaign leveraging the Salesloft Drift integration to compromise customer Salesforce instances. This brief provides information about our observations and guidance for potentially affected organizations. | Cyber blog | Palo Alto |
| 6.9.25 | Model Namespace Reuse: An AI Supply-Chain Attack Exploiting Model Name Trust | Our research uncovered a fundamental flaw in the AI supply chain that allows attackers to gain Remote Code Execution (RCE) and additional capabilities on major platforms like Microsoft’s Azure AI Foundry, Google’s Vertex AI and thousands of open-source projects. We refer to this issue as Model Namespace Reuse. | Cyber blog | Palo Alto |
| 6.9.25 | Under lock and key: Safeguarding business data with encryption | As the attack surface expands and the threat landscape grows more complex, it’s time to consider whether your data protection strategy is fit for purpose | Eset | |
| 6.9.25 | GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes | ESET researchers have identified a new threat actor targeting Windows servers with a passive C++ backdoor and a malicious IIS module that manipulates Google search results | Malware blog | Eset |
| 6.9.25 | ToolShell Unleashed: Decoding the SharePoint Attack Chain | A wave of active exploitation is targeting recently disclosed vulnerabilities in Microsoft SharePoint Server (CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771). Collectively referred to as ToolShell, these vulnerabilities impact self-hosted SharePoint Server 2016, 2019, and Subscription Edition, enabling unauthenticated remote code execution and security bypasses. | Vulnerebility blog | Trelix |
| 6.9.25 | XWorm’s Evolving Infection Chain: From Predictable to Deceptive | The Trellix Advanced Research Center has uncovered a new XWorm backdoor campaign using evolved deployment methods. Unlike previous versions, this campaign employs sophisticated, deceptive techniques to bypass detection. Moving beyond simple email attacks, it now uses authentic-looking .exe filenames and blends social engineering with technical attack vectors. | Malware blog | Trelix |