BLOG 2025 AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog 2024 2023
H January(21) February(46) March(44) April(33) May(35) June(67) July(84) August(73) September(57) October(0) November(59) December(60) 2025 January(29) February(72) March(67) April(108) May(118) June(159) July(98) August(131) September(61)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 20.9.25 | Self-replicating Shai-hulud worm spreads token-stealing malware on npm | RL researchers have detected the first self-replicating worm compromising popular npm packages with cloud token-stealing malware. | Malware blog | REVERSINGLABS |
| 20.9.25 | Ethereum smart contracts used to push malicious code on npm | RL discovered how the crypto contracts were abused — and how this incident is tied to a larger campaign to promote malicious packages on top repositories. | Cryptocurrency blog | REVERSINGLABS |
| 20.9.25 | The emerging group demonstrates competent tradecraft using a familiar ransomware playbook and hints of ingenuity | Ransom blog | SOPHOS | |
| 20.9.25 | CountLoader: Silent Push Discovers New Malware Loader Being Served in 3 Different Versions | Silent Push has discovered a new malware loader that is strongly associated with Russian ransomware gangs that we are naming: “CountLoader.” | Malware blog | Silent Push |
| 20.9.25 | Advanced Queries For Real Malware Detection in Silent Push | The Silent Push platform is capable of powerful queries for threat hunting and preemptive discovery of malicious infrastructure. Our team uses this platform every day to proactively hunt and discover infrastructure for our customers, enabling blocking and discovery of threats before they are fully operationalized. | Malware blog | Silent Push |
| 20.9.25 | The Week in Vulnerabilities: 1000+ Bugs with 135 Publicly Known PoCs | This week, critical vulnerabilities in Apple, Zimbra, Samsung, and Adobe demand urgent attention as exploits surface in the wild and underground communities weaponize flaws. | Vulnerebility blog | Cyble |
| 20.9.25 | Ransomware Landscape August 2025: Qilin Dominates as Sinobi Emerges | Qilin led in ransomware attacks in all global regions in August, but the rapid rise of Sinobi and The Gentlemen also merits attention by security teams. | Ransom blog | Cyble |
| 20.9.25 | Inside Maranhão Stealer: Node.js-Powered InfoStealer Using Reflective DLL Injection | Vulnerabilities in SAP, Sophos, Adobe and Android were among the fixes issued by vendors during a very busy Patch Tuesday week. | Malware blog | Cyble |
| 20.9.25 | DeerStealer Malware Campaign: Stealth, Persistence, and Rootkit-Like Capabilities | Executive Summary At CYFIRMA, we are dedicated to providing current insights into prevalent threats and the strategies employed by malicious entities targeting both organizations | Malware blog | Cyfirma |
| 20.9.25 | CYFIRMA : Defence Industry Threat Report | EXECUTIVE SUMMARY Between May and August 2025, CYFIRMA observed sustained cyber operations against the global defence sector, driven by both state-aligned groups and | Cyber blog | Cyfirma |
| 20.9.25 | UNMASKING A PYTHON STEALER – “XillenStealer” | EXECUTIVE SUMMARY Cyfirma’s threat intelligence assessment of XillenStealer identifies it as an open-source, Python-based information stealer publicly available on GitHub. The malware is designed to harvest sensitive system and user… | Malware blog | Cyfirma |
| 20.9.25 | DIGITAL FRONTLINES : INDIA UNDER MULTI-NATION HACKTIVIST ATTACK | DIGITAL FRONTLINES : INDIA UNDER MULTI-NATION HACKTIVIST ATTACK EXECUTIVE SUMMARY At CYFIRMA, we are committed to offering up-to-date insights into prevalent threats and tactics | Hacking blog | Cyfirma |
| 20.9.25 | Surge in Cisco ASA Scanning Hints At Coming Cyberattacks | A massive surge in scans targeting Cisco Adaptive Security Appliance (ASA) devices was observed by GreyNoise in late August 2025, with over 25,000 unique IPs probing ASA login portals in a single burst. | Hacking blog | Eclypsium |
| 20.9.25 | Going Underground: China-aligned TA415 Conducts U.S.-China Economic Relations Targeting Using VS Code Remote Tunnels | Throughout July and August 2025, TA415 conducted spearphishing campaigns targeting United States government, think tank, and academic organizations utilizing U.S.-China economic-themed lures. | APT blog | PROOFPOINT |
| 20.9.25 | EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks | Combining AI-generated code and social engineering, EvilAI operators are executing a rapidly expanding campaign, disguising their malware as legitimate applications to bypass security, steal credentials, and persistently compromise organizations worldwide. | AI blog | Trend Micro |
| 20.9.25 | What We Know About the NPM Supply Chain Attack | Trend™ Research outlines the critical details behind the ongoing NPM supply chain attack and offers essential steps to stay protected against potential compromise. | Hacking blog | Trend Micro |
| 20.9.25 | How AI-Native Development Platforms Enable Fake Captcha Pages | Cybercriminals are abusing AI-native platforms like Vercel, Netlify, and Lovable to host fake captcha pages that deceive users, bypass detection, and drive phishing campaigns. | AI blog | Trend Micro |
| 20.9.25 | Critical ViewState Deserialization Zero-Day in Sitecore (CVE-2025-53690) | The SonicWall Capture Labs threat research team identified CVE-2025-53690 and assessed its impact. Sitecore is a widely used digital experience platform (DXP) that provides content management, personalization and e-commerce capabilities for enterprises. | Vulnerebility blog | Palo Alto |
| 20.9.25 | The Risks of Code Assistant LLMs: Harmful Content, Misuse and Deception | We recently looked into AI code assistants that connect with integrated development environments (IDEs) as a plugin, much like GitHub Copilot. | Cyber blog | Palo Alto |
| 20.9.25 | Myth Busting: Why "Innocent Clicks" Don't Exist in Cybersecurity | Picture this: You snag the last spot in a parking lot and find the QR code to pay on the lamppost directly in front of you. Score! You go to pay on the website, but wait…the page is full of ads and looks very suspicious. | Cyber blog | Palo Alto |
| 20.9.25 | "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated September 19) | Palo Alto Networks Unit 42 is investigating an active and widespread software supply chain attack targeting the Node Package Manager (npm) ecosystem. | Malware blog | Palo Alto |
| 20.9.25 | Under the Pure Curtain: From RAT to Builder to Coder | Check Point Research conducted a forensic analysis of a ClickFix campaign that lured victims with fake job offers that resulted in an eight-day intrusion. | Malware blog | Checkpoint |
| 20.9.25 | Why a Cisco Talos Incident Response Retainer is a game-changer | With a Cisco Talos IR Retainer, your organization can stay resilient and ahead of tomorrow's threats. Here's how. | Cyber blog | CISCO TALOS |
| 20.9.25 | Put together an IR playbook — for your personal mental health and wellbeing | This edition pulls the curtain aside to show the realities of the VPN Filter campaign. Joe reflects on the struggle to prevent burnout in a world constantly on fire. | Cyber blog | CISCO TALOS |
| 20.9.25 | Alex Ryan: From zero chill to quiet confidence | Discover how a Cisco Talos Incident Response expert transitioned from philosophy to the high-stakes world of incident command, offering candid insights into managing burnout and finding a supportive team. | Cyber blog | CISCO TALOS |
| 20.9.25 | Maturing the cyber threat intelligence program | The Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) helps organizations assess and improve their threat intelligence programs by outlining 11 key areas and specific missions where CTI can support decision-making. | Cyber blog | CISCO TALOS |
| 20.9.25 | Beaches and breaches | Thor examines why supply chain and identity attacks took center stage in this week’s headlines, rather than AI and ransomware. | Cyber blog | CISCO TALOS |
| 20.9.25 | Microsoft Patch Tuesday for September 2025 – Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for September 2025, which includes 86 vulnerabilities affecting a range of products. | Vulnerebility blog | CISCO TALOS |
| 20.9.25 | Gamaredon X Turla collab | Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine | APT blog | Eset |
| 20.9.25 | Small businesses, big targets: Protecting your business against ransomware | Long known to be a sweet spot for cybercriminals, small businesses are more likely to be victimized by ransomware than large enterprises | Ransom blog | Eset |
| 20.9.25 | HybridPetya: The Petya/NotPetya copycat comes with a twist | HybridPetya is the fourth publicly known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality | Vulnerebility blog | Eset |
| 20.9.25 | Dark Web Roast - August 2025 Edition | The August 2025 edition of the Advanced Research Center Dark Web Roast delivers a masterclass in how not to run a criminal enterprise, showcasing threat actors who've somehow managed to combine the worst aspects of amateur hour operations with delusions of professional grandeur. | Cyber blog | Trelix |
| 13.9.25 | Go Get ‘Em: Updates to Volexity Golang Tooling | This blog post was the final deliverable for a summer internship project, which was completed under the direction of the Volexity Threat Intelligence team. If you’d like more information about | Cyber blog | VELOXITY |
| 13.9.25 | SEO Poisoning Attack Targets Chinese-Speaking Users with Fake Software Sites | FortiGuard Labs uncovered an SEO poisoning campaign targeting Chinese users with fake software sites delivering Hiddengh0st and Winos malware. | Attack blog | FORTINET |
| 13.9.25 | MostereRAT Deployed AnyDesk/TightVNC for Covert Full Access | FortiGuard Labs uncovers MostereRAT’s use of phishing, EPL code, and remote access tools like AnyDesk and TightVNC to evade defenses and seize full system control. | Malware blog | FORTINET |
| 13.9.25 | Advanced Queries For Real Malware Detection in Silent Push | The Silent Push platform is capable of powerful queries for threat hunting and preemptive discovery of malicious infrastructure. Our team uses this platform every day to proactively hunt and discover infrastructure for our customers, enabling blocking and discovery of threats before they are fully operationalized. | Cyber blog | Silent Push |
| 13.9.25 | Salt Typhoon and UNC4841: Silent Push Discovers New Domains; Urges Defenders to Check Telemetry and Log Data | It’s extremely rare for our team to publicly share details on how we found the technical fingerprints for an Advanced Persistent Threat (APT) group. We are making these details public now due to our belief that these are legacy fingerprints unlikely to appear again. | APT blog | Silent Push |
| 6.9.25 | ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) | In a recent investigation, Mandiant Threat Defense discovered an active ViewState deserialization attack affecting Sitecore deployments leveraging a sample machine key that had been exposed in Sitecore deployment guides from 2017 and earlier. An attacker leveraged the exposed ASP.NET machine key to perform remote code execution. | Vulnerebility blog | Google Threat Intelligence |
| 6.9.25 | Massive IPTV Piracy Network Uncovered by Silent Push | Security analysts face the constant challenge of gaining immediate and accurate context on IP addresses that pop up during an investigation, to minimize risk and prevent loss. | Hacking blog | Silent Push |
| 6.9.25 | Unmasking SocGholish: Silent Push Untangles the Malware Web Behind the “Pioneer of Fake Updates” and Its Operator, TA569 | SocGholish, operated by TA569, actually functions as a Malware-as-a-Service (MaaS) vendor, selling access to compromised systems to various financially motivated cybercriminal clients. | Malware blog | Silent Push |
| 6.9.25 | IP Tagging in Silent Push: VPN, Proxy and Sinkhole Detection | Silent Push has uncovered a massive Internet Protocol Television (IPTV)-based piracy network that has been active for several years and is currently hosted across more than 1,000 domains and over 10,000 IP addresses. | Malware blog | Silent Push |
| 6.9.25 | Hexstrike-AI: When LLMs Meet Zero-Day Exploitation | Key Findings: Newly released framework called Hexstrike-AI provides threat actors with an orchestration “brain” that ... | AI blog | Checkpoint |
| 6.9.25 | The Week in Vulnerabilities: Apple, Citrix Flaws Draw Threat Actor Interest | Several vulnerabilities this week were the focus of intense online discussion and face active exploitation. | Vulnerebility blog | Cyble |
| 6.9.25 | How Chinese State-Sponsored APT Actors Exploit Routers for Stealthy Cyber Espionage | Chinese state-sponsored APT groups target global telecom, government, and military networks, exploiting router vulnerabilities for stealthy, long-term cyber espionage since 2021. | APT blog | Cyble |
| 6.9.25 | Supply Chain Attacks Have Doubled. What’s Driving the Increase? | Threat actors have been able to access the most sensitive data of suppliers and their customers, serving as a wakeup call for third-party risks. | Hacking blog | Cyble |
| 6.9.25 | Google Salesforce Breach: A Deep dive into the chain and extent of the compromise | Executive Summary In early June 2025, Google’s corporate Salesforce instance (used to store contact data for small‑ and medium‑sized business clients) was compromised through a sophisticated vishing‑extortion campaign orchestrated by the threat‑group tracked as UNC6040 & UNC6240 (online cybercrime collective known | Vulnerebility blog | Seqrite |
| 6.9.25 | PromptLock: The First AI-Powered Ransomware & How It Works | Introduction AI-powered malware has become quite a trend now. We have always been discussing how threat actors could perform attacks by leveraging AI models, and here we have a PoC demonstrating exactly that. Although it has not yet been | AI blog | Seqrite |
| 6.9.25 | TYPHOON IN THE FIFTH DOMAIN : CHINA’S EVOLVING CYBER STRATEGY | EXECUTIVE SUMMARY China’s cyber operations have evolved from economic espionage to strategic, politically driven campaigns that pose significant threats to Western critical | APT blog | Cyfirma |
| 6.9.25 | Unmasked: Salat Stealer – A Deep Dive into Its Advanced Persistence Mechanisms and C2 Infrastructure | EXECUTIVE SUMMARY CYFIRMA has identified Salat Stealer (also known as WEB_RAT), a sophisticated Go-based infostealer targeting Windows systems. The malware exfiltrates browser credentials, cryptocurrency wallet data, and session | Malware blog | Cyfirma |
| 6.9.25 | EOL Devices: Exploits Will Continue Until Security Improves | Something that has caught my attention lately, both in the news and from recent leaks of threat actor groups, is that attackers continue to use what works. The technique could be something elaborate or straightforward. | Exploit blog | Eclypsium |
| 6.9.25 | Not Safe for Work: Tracking and Investigating Stealerium and Phantom Infostealers | Proofpoint researchers observed an increase in opportunistic cybercriminals using malware based on Stealerium, an open-source malware that is available “for educational purposes.” | Malware blog | PROOFPOINT |
| 6.9.25 | Three Critical Facts About Cyber Risk Management | For CISOs responsible for cyber risk management, these three insights will help build a strong and reliable foundation for your proactive security strategy. | Cyber blog | Trend Micro |
| 6.9.25 | An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps | Trend™ Research analyzed a campaign distributing Atomic macOS Stealer (AMOS), a malware family targeting macOS users. Attackers disguise the malware as “cracked” versions of legitimate apps, luring users into installation. | Malware blog | Trend Micro |
| 6.9.25 | LummaC Attacks Directly and Indirectly | This week, the SonicWall Capture Labs threat research team analyzed a sample of LummaC, a prolific infostealer. The multi-stage infection uses a combination of techniques to avoid detection, create persistence, and exfiltrate data using encryption and network methods. It is also built to resist analysis, with layers of obfuscation and code traps designed to break tools. | Malware blog | SonicWall |
| 6.9.25 | Apache NiFi Code Injection (CVE-2023-34468) | The SonicWall Capture Labs threat research team became aware of the threat CVE-2023-34468, assessed its impact and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
| 6.9.25 | Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances | Unit 42 has observed activity consistent with a specific threat actor campaign leveraging the Salesloft Drift integration to compromise customer Salesforce instances. This brief provides information about our observations and guidance for potentially affected organizations. | Cyber blog | Palo Alto |
| 6.9.25 | Model Namespace Reuse: An AI Supply-Chain Attack Exploiting Model Name Trust | Our research uncovered a fundamental flaw in the AI supply chain that allows attackers to gain Remote Code Execution (RCE) and additional capabilities on major platforms like Microsoft’s Azure AI Foundry, Google’s Vertex AI and thousands of open-source projects. We refer to this issue as Model Namespace Reuse. | Cyber blog | Palo Alto |
| 6.9.25 | Under lock and key: Safeguarding business data with encryption | As the attack surface expands and the threat landscape grows more complex, it’s time to consider whether your data protection strategy is fit for purpose | Eset | |
| 6.9.25 | GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes | ESET researchers have identified a new threat actor targeting Windows servers with a passive C++ backdoor and a malicious IIS module that manipulates Google search results | Malware blog | Eset |
| 6.9.25 | ToolShell Unleashed: Decoding the SharePoint Attack Chain | A wave of active exploitation is targeting recently disclosed vulnerabilities in Microsoft SharePoint Server (CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771). Collectively referred to as ToolShell, these vulnerabilities impact self-hosted SharePoint Server 2016, 2019, and Subscription Edition, enabling unauthenticated remote code execution and security bypasses. | Vulnerebility blog | Trelix |
| 6.9.25 | XWorm’s Evolving Infection Chain: From Predictable to Deceptive | The Trellix Advanced Research Center has uncovered a new XWorm backdoor campaign using evolved deployment methods. Unlike previous versions, this campaign employs sophisticated, deceptive techniques to bypass detection. Moving beyond simple email attacks, it now uses authentic-looking .exe filenames and blends social engineering with technical attack vectors. | Malware blog | Trelix |