BLOG 2025 AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog 2024 2023
2025 January(29) February(72) March(67) April(108) May(118) June(159) July(143) August(131) September(61) October(97) November(0) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 18.10.25 | Jewelbug: Chinese APT Group Widens Reach to Russia | Russian IT company among group’s latest targets. Attackers may have been attempting to target company’s customers in Russia with software supply chain attack. | APT blog | SECURITY.COM |
| 18.10.25 | This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during July and August | Cyber blog | SOPHOS | |
| 18.10.25 | F5 network compromised | On October 15, 2025, F5 reported that a nation-state threat actor had gained long-term access to some F5 systems and exfiltrated data, including source code and information about undisclosed product vulnerabilities. This information may enable threat actors to compromise F5 devices by developing exploits for these vulnerabilities. | Incident blog | SOPHOS |
| 18.10.25 | October Patch Tuesday beats January ’25 record | Microsoft throws a farewell party for Win10, Office 2016, and Office 2019… a very big party | OS Blog | SOPHOS |
| 18.10.25 | Tracking Malware and Attack Expansion: A Hacker Group’s Journey across Asia | FortiGuard Labs has tracked a hacker group expanding attacks from China to Malaysia, linking campaigns through shared code, infrastructure, and tactics. | Malware blog | FORTINET |
| 18.10.25 | The Week in Vulnerabilities: Cyble Urges Adobe, Microsoft Fixes | Vulnerabilities in products from Microsoft, Adobe, Fortinet, OpenSSL and more are getting attention this week. Patch now. | Vulnerebility blog | Cyble |
| 18.10.25 | Europe and UK Face Relentless Ransomware Onslaught in Q3 2025, Qilin Leads the Charge | Europe recorded 288 ransomware attacks in Q3 2025, with Qilin maintaining dominance at 65 victims and SafePay rapidly ascending to second place. | Ransom blog | Cyble |
| 18.10.25 | GhostBat RAT: Inside the Resurgence of RTO-Themed Android Malware | GhostBat RAT resurfaces via fake RTO apps, stealing banking data, mining crypto, and registering devices through Telegram bots—targeting Indian Android users. | Malware blog | Cyble |
| 18.10.25 | Operation MotorBeacon : Threat Actor targets Russian Automotive Sector using .NET Implant | Contents Introduction Key Targets. Industries Affected. Geographical Focus. Infection Chain. Initial Findings. Looking into the decoy-document Technical Analysis Stage 1 – Malicious LNK Script Stage 2 – Malicious .NET Implant Hunting and Infrastructure. Conclusion Seqrite Protection. IOCs MITRE ATT&CK.... | Hacking blog | Seqrite |
| 18.10.25 | Operation Silk Lure: Scheduled Tasks Weaponized for DLL Side-Loading (drops ValleyRAT) | Authors: Dixit Panchal, Soumen Burma & Kartik Jivani Table of Contents Introduction: Initial Analysis: Analysis of Decoy: Infection Chain: Technical Analysis: Infrastructure Hunting: Conclusion: Seqrite Coverage: IoCs: MITRE ATT&CK: Introduction: Seqrite Lab has been actively monitoring global cyber threat... | Hacking blog | Seqrite |
| 18.10.25 | Judicial Notification Phish Targets Colombian Users – .SVG Attachment Deploys Info-stealer Malware | Content Overview Introduction Initial Vector Infection Chain Analysis of .SVG Attachment Analysis of .HTA file Analysis of .VBS file Analysis of .ps1 file Analysis of Downloader/Loader Anti-VM Technique Persistence Technique Download and Loader Function AsyncRAT Payload File MD5’s Quick... | Phishing blog | Seqrite |
| 18.10.25 | Crystal Ball Series : Consolidated Instalments | CRYSTAL BALL SERIES IN THIS INSTALMENT WE EXPLORE AI ADVANCEMENTS 2025 AND BEYOND Digital Twin Cybersecurity Neurosymbolic Al Deepfakes: A new era | AI blog | Cyfirma |
| 18.10.25 | Cyber Threats to Oman’s Multiple Sectors | Executive Summary Oman is experiencing a rise in cyber incidents, with threat actors actively targeting organizations across multiple sectors. Recent breaches have exposed | Cyber blog | Cyfirma |
| 18.10.25 | F5 Systems Compromised, BIG IP Vulnerabilities Exfiltrated: What To Do Next | F5 recently disclosed that a nation-state actor accessed a proprietary BIG-IP development network, including source code and details about vulnerabilities still under development. | Incident blog | Eclypsium |
| 18.10.25 | BombShell: The Signed Backdoor Hiding in Plain Sight on Framework Devices | One of our fears, as individuals who have spent years examining firmware security, is stumbling upon a vulnerability that reveals the fundamental flaws in our trust models. | Malware blog | Eclypsium |
| 18.10.25 | When the monster bytes: tracking TA585 and its arsenal | TA585 is a sophisticated cybercriminal threat actor recently named by Proofpoint. It operates its entire attack chain from infrastructure to email delivery to malware installation. | Hacking blog | PROOFPOINT |
| 18.10.25 | Trend Micro launches new integration with Zscaler to deliver real-time, Risk-Based Zero Trust Access | Discover how Trend Vision One™ integrates with Zscaler to unify detection and access enforcement, accelerate threat containment, reduce dwell time, and deliver seamless Zero Trust protection for modern enterprises. | Cyber blog | Trend Micro |
| 18.10.25 | Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits | Trend™ Research has uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352, allowing remote code execution and rootkit deployment on unprotected devices, with impacts observed on Cisco 9400, 9300, and legacy 3750G series. | Vulnerebility blog | Trend Micro |
| 18.10.25 | Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing | A targeted underground doxxing campaign exposed alleged core members of Lumma Stealer (Water Kurita), resulting in a sharp decline in its activity and a migration of customers to rival infostealer platforms. | Malware blog | Trend Micro |
| 18.10.25 | Microsoft Security Bulletin Coverage for October 2025 | Microsoft’s October 2025 Patch Tuesday has 176 vulnerabilities, of which 84 are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of October 2025 and has produced coverage for 13 of the reported vulnerabilities. | OS Blog | SonicWall |
| 18.10.25 | Threat Brief: Nation-State Actor Steals F5 Source Code and Undisclosed Vulnerabilities | On Oct. 15, 2025, F5 — a U.S. technology company — disclosed that a nation-state threat actor conducted a significant long-term compromise of their corporate networks. In this incident, attackers stole source code from their BIG-IP suite of products and information about undisclosed vulnerabilities. | Incident blog | Palo Alto |
| 18.10.25 | PhantomVAI Loader Delivers a Range of Infostealers | Unit 42 researchers have been tracking phishing campaigns that use PhantomVAI Loader to deliver information-stealing malware through a multi-stage, evasive infection chain. | Malware blog | Palo Alto |
| 18.10.25 | Anatomy of an Attack: The "BlackSuit Blitz" at a Global Equipment | Unit 42 recently assisted a prominent manufacturer who experienced a severe ransomware attack orchestrated by Ignoble Scorpius, the group that distributes BlackSuit ransomware. | Ransom blog | Palo Alto |
| 18.10.25 | Denial of Fuzzing: Rust in the Windows kernel | Check Point Research (CPR) identified a security vulnerability in January 2025 affecting the new Rust-based kernel component of the Graphics Device Interface (commonly known as GDI) in Windows. | Vulnerebility blog | CHECKPOINT |
| 18.10.25 | BeaverTail and OtterCookie evolve with a new Javascript module | Cisco Talos has uncovered a new attack linked to Famous Chollima, a threat group aligned with North Korea (DPRK). | Malware blog | CISCO TALOS |
| 18.10.25 | Ransomware attacks and how victims respond | This edition highlights the detailed studies that have been recently published on how ransomware attacks affect victims, from PTSD to burnout, and discusses ways to help deal with the fallout of victimization. | Ransom blog | CISCO TALOS |
| 18.10.25 | Laura Faria: Empathy on the front lines | Laura opens up about her journey through various cybersecurity roles, her leap into incident response, and what it feels like to support customers during their toughest moments — including high-stakes situations impacting critical infrastructure. | Cyber blog | CISCO TALOS |
| 18.10.25 | Minecraft mods: When game 'hacks' turn risky | Some Minecraft 'hacks' don’t help build worlds – they break them. Here’s how malware can masquerade as a Minecraft mod. | Hacking blog | Eset |
| 18.10.25 | IT service desks: The security blind spot that may put your business at risk | Could a simple call to the helpdesk enable threat actors to bypass your security controls? Here’s how your team can close a growing security gap. | Cyber blog | Eset |
| 18.10.25 | Cybersecurity Awareness Month 2025: Why software patching matters more than ever | As the number of software vulnerabilities continues to increase, delaying or skipping security updates could cost your business dearly. | Cyber blog | Eset |
| 18.10.25 | AI-aided malvertising: Exploiting a chatbot to spread scams | Cybercriminals have tricked X’s AI chatbot into promoting phishing scams in a technique that has been nicknamed “Grokking”. Here’s what to know about it. | AI blog | Eset |
| 18.10.25 | The Silent Threat in Active Directory: How AS-REP Roasting Steals Passwords Without a Trace and Trellix NDR’s Rapid Detection | The Silent Threat in Active Directory: How AS-REP Roasting Steals Passwords Without a Trace and Trellix NDR’s Rapid Detection. | Hacking blog | Trelix |
| 18.10.25 | Dark Web Roast - September 2025 Edition | September 2025 brought us a delightful buffet of underground incompetence, and we're grateful for the content. | Cyber blog | Trelix |
|
11.10.25 |
Block ransomware proliferation and easily restore files with AI in Google Drive | Ransomware remains one of the most damaging cyber threats facing organizations today. These attacks can lead to substantial financial losses, operational downtime, and data compromise, impacting organizations of all sizes and industries, including healthcare, retail, education, manufacturing, and government. | AI blog | Google Threat Intelligence |
|
11.10.25 |
Operations with Untamed LLMs | Starting in June 2025, Volexity detected a series of spear phishing campaigns targeting several customers and their users in North America, Asia, and Europe. The initially observed campaigns were tailored | AI blog | VOLEXITY |
|
11.10.25 |
New Stealit Campaign Abuses Node.js Single Executable Application | A new Stealit campaign uses Node.js Single Executable Application (SEA) to deliver obfuscated malware. FortiGuard Labs details tactics and defenses. | Malware blog | FORTINET |
|
11.10.25 |
The Evolution of Chaos Ransomware: Faster, Smarter, and More Dangerous | FortiGuard Labs details Chaos-C++, a ransomware variant using destructive encryption and clipboard hijacking to amplify damage and theft. | Ransom blog | FORTINET |
|
11.10.25 |
Beginning Sept. 29, 2025, Google Threat Intelligence Group (GTIG) and Mandiant began tracking a new, large-scale extortion campaign by a threat actor claiming affiliation with the CL0P extortion brand. | Vulnerebility blog | Google Threat Intelligence | |
|
11.10.25 |
Cyber Threats in the EU Escalate as Diverse Groups Target Critical Sectors | The 2025 ENISA Threat Landscape shows rising cyber threats in the EU, with DDoS, ransomware, phishing, and supply chain attacks on critical infrastructure. | Cyber blog | Cyble |
|
11.10.25 |
Australian Data Breaches Are Up 48% So Far This Year. What’s Behind The Eye-Popping Surge? | Australian data breaches have surged 48% so far this year, the latest data point that suggests that threat actors are finding rich targets Down Under. | Cyber blog | Cyble |
|
11.10.25 |
Cybersecurity Awareness Month 2025: Don’t Just Be Aware, Be Ahead | This Cybersecurity Awareness Month, it’s time to move beyond awareness. Organizations face AI-powered attacks, supply chain vulnerabilities, and brand threats that demand proactive defense strategies—not just reactive responses. | Cyber blog | Cyble |
|
11.10.25 |
DPRK SANCTIONS VIOLATIONS IN CYBER OPERATIONS POST UN PANEL DEMISE | EXECUTIVE SUMMARY Since the termination of the United Nations (UN) Panel of Experts in April 2024 due to Russia's veto, the landscape of Democratic People's Republic of Korea | BigBrother blog | Cyfirma |
|
11.10.25 |
CYBER THREAT LANDSCAPE REPORT – Saudi Arabia | Executive Summary In 2025, Saudi Arabia witnessed a notable rise in cybercriminal activity, particularly within the dark web landscape. Threat actors increasingly targeted key sectors, | Cyber blog | Cyfirma |
|
11.10.25 |
APT PROFILE – HAFNIUM | Hafnium is a Chinese state-sponsored advanced persistent threat (APT) group, also referred to as Silk Typhoon, and is known for sophisticated cyber espionage targeting critical | APT blog | Cyfirma |
|
11.10.25 |
CYBER THREAT LANDSCAPE REPORT – UNITED ARAB EMIRATES UAE | Executive Summary In 2025, the United Arab Emirates (UAE) experienced a significant surge in cybercriminal activity, particularly in the dark web ecosystem. Threat actors targeted | Cyber blog | Cyfirma |
|
11.10.25 |
TRACKING RANSOMWARE : SEPTEMBER 2025 | EXECUTIVE SUMMARY In September 2025, ransomware activity remained elevated, with 504 global victims, heavily impacting consumer services, professional services, and manufacturing | Ransom blog | Cyfirma |
|
11.10.25 |
Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability | Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035. | Vulnerebility blog | Microsoft blog |
|
11.10.25 |
Disrupting threats targeting Microsoft Teams | Threat actors seek to abuse Microsoft Teams features and capabilities across the attack chain, underscoring the importance for defenders to proactively monitor, detect, and respond effectively. | Cyber blog | Microsoft blog |
|
11.10.25 |
A Cascade of Insecure Architectures: Axis Plugin Design Flaw Expose Select Autodesk Revit Users to Supply Chain Risk | We discovered Azure Storage Account credentials exposed in Axis Communications’ Autodesk Revit plugin, allowing unauthorized modification of cloud-hosted files. This exposure, combined with vulnerabilities in Autodesk Revit, could enable supply-chain attacks targeting end users. | Vulnerebility blog | Trend Micro |
|
11.10.25 |
How Your AI Chatbot Can Become a Backdoor | In this post of THE AI BREACH, learn how your Chatbot can become a backdoor. | AI blog | Trend Micro |
|
11.10.25 |
Weaponized AI Assistants & Credential Thieves | Learn the state of AI and the NPM ecosystem with the recent s1ngularity' weaponized AI for credential theft. | AI blog | Trend Micro |
|
11.10.25 |
RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits | Trend™ Research and ZDI Threat Hunters have identified a large-scale RondoDox botnet campaign exploiting over 50 vulnerabilities across more than 30 vendors, including flaws first seen in Pwn2Own contests. | Exploit blog | Trend Micro |
|
11.10.25 |
Invoice Ninja Deserialization Flaw (CVE-2024-55555) | The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-55555, assessed its impact, and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
|
11.10.25 |
Responding to Cloud Incidents: A Step-by-Step Guide From the 2025 Unit 42 Global Incident Response Report | Cloud incidents like ransomware attacks and account compromise can bring operations to a halt and create a situation in which costs, reputation and customer trust are at stake. | Incident blog | Palo Alto |
|
11.10.25 |
The ClickFix Factory: First Exposure of IUAM ClickFix Generator | Attackers are packaging a highly effective social engineering technique known as ClickFix into easy-to-use phishing kits, making it accessible to a wider range of threat actors. | Hacking blog | Palo Alto |
|
11.10.25 |
When AI Remembers Too Much – Persistent Behaviors in Agents’ Memory | This article presents a proof of concept (PoC) that demonstrates how adversaries can use indirect prompt injection to silently poison the long-term memory of an AI Agent. We use Amazon Bedrock Agent for this demonstration. | AI blog | Palo Alto |
|
11.10.25 |
The Golden Scale: Bling Libra and the Evolving Extortion Economy | In recent months, threat actors claiming to be part of a new conglomerate dubbed Scattered Lapsus$ Hunters (aka SP1D3R HUNTERS, SLSH) have asserted responsibility for laying siege to customer Salesforce tenants as part of a coordinated effort to steal data and hold it for ransom. | Ransom blog | Palo Alto |
|
11.10.25 |
Velociraptor leveraged in ransomware attacks | Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool. | Ransom blog | CISCO TALOS |
|
11.10.25 |
Why don’t we sit around this computer console and have a sing-along? | Martin muses on why computers are less fun than campfires, why their dangers seem less real, and why he’s embarking on a lengthy research project to study this. | Cyber blog | CISCO TALOS |
|
11.10.25 |
What to do when you click on a suspicious link | As the go-to cybersecurity expert for your friends and family, you’ll want to be ready for those “I clicked a suspicious link — now what?” messages. Share this quick guide to help them know exactly what to do next. | Cyber blog | CISCO TALOS |
|
11.10.25 |
Too salty to handle: Exposing cases of CSS abuse for hidden text salting | A simple yet effective tactic, known as hidden text salting, is increasingly used by cybercriminals over the past few months to evade even the most advanced email security solutions, including those powered by machine learning and large language models. | Cyber blog | CISCO TALOS |
|
11.10.25 |
Family group chats: Your (very last) line of cyber defense | Amy gives an homage to parents in family group chats everywhere who want their children to stay safe in this wild world. | APT blog | CISCO TALOS |
|
11.10.25 |
UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud | Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in SEO fraud and theft of high-value credentials, configuration files, and certificate data. | APT blog | CISCO TALOS |
|
11.10.25 |
Nvidia and Adobe vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Nvidia and one in Adobe Acrobat. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerabili | Vulnerebility blog | CISCO TALOS |
|
11.10.25 |
How Uber seems to know where you are – even with restricted location permissions | Is the ride-hailing app secretly tracking you? Not really, but this iOS feature may make it feel that way. | Cyber blog | Eset |
|
11.10.25 |
Cybersecurity Awareness Month 2025: Passwords alone are not enough | Never rely on just a password, however strong it may be. Multi-factor authentication is essential for anyone who wants to protect their online accounts from intruders. | Cyber blog | Eset |
|
11.10.25 |
The case for cybersecurity: Why successful businesses are built on protection | Company leaders need to recognize the gravity of cyber risk, turn awareness into action, and put security front and center | Cyber blog | Eset |
|
11.10.25 |
Beware of threats lurking in booby-trapped PDF files | Looks can be deceiving, so much so that the familiar icon could mask malware designed to steal your data and money. | Cyber blog | Eset |
|
11.10.25 |
Addressing CL0P Extortion Campaign Targeting Oracle EBS CVE-2025-61882 | Addressing CL0P Extortion Campaign Targeting Oracle EBS CVE-2025-61882 | Vulnerebility blog | Cybereason |
|
11.10.25 |
The Bug Report – September 2025 Edition | September's Bug Report is here! Learn about critical CVEs affecting Chrome, Windows, Django, and FreePBX. Stay secure—patch now. | Vulnerebility blog | Trelix |
|
11.10.25 |
The Evolution of Russian Physical-Cyber Espionage | From Rio to The Hague: How Russia’s evolving close-access cyber ops raise new risks. Learn what’s next—and how defenders can respond. | APT blog | Trelix |
| 4.10.25 | Confucius Espionage: From Stealer to Backdoor | FortiGuard Labs has uncovered a shift in the tactics of threat actor Confucius, from stealers to Python backdoors, highlighting advanced techniques used in South Asian cyber espionage. Read more. | Malware blog | FORTINET |
| 4.10.25 | Protecting software-as-a-service (SaaS) platforms and applications requires a comprehensive security strategy. Drawing from analysis of UNC6040’s specific attack methodologies, this guide presents a structured defensive framework encompassing proactive hardening measures, comprehensive logging protocols, and advanced detection capabilities. | Cyber blog | Google Threat Intelligence | |
| 4.10.25 | The Week in Vulnerabilities: PoCs and Zero-Days Merit Rapid Patching | A high percentage of Proof-of-Concept exploits and new zero days this week should have security teams on high alert. | Vulnerebility blog | Cyble |
| 4.10.25 | The Week in Vulnerabilities: MFT, Help Desk Fixes Urged by Cyble | The week’s top vulnerabilities include several that could attract the attention of threat actors, and some that already have. | Vulnerebility blog | Cyble |
| 4.10.25 | Exploiting Legitimate Remote Access Tools in Ransomware Campaigns | Introduction Ransomware is one of the most disruptive cyber threats, encrypting critical organizational data and demanding ransom payments for restoration. While early campaigns relied on mass phishing or opportunistic malware distribution, modern ransomware operations have evolved into highly sophisticated | Exploit blog | Seqrite |
| 4.10.25 | TYPHOON IN THE FIFTH DOMAIN : CHINA’S EVOLVING CYBER STRATEGY | EXECUTIVE SUMMARY China’s cyber operations have evolved from economic espionage to strategic, politically driven campaigns that pose significant threats to Western critical | APT blog | Cyfirma |
| 4.10.25 | YUREI RANSOMWARE : THE DIGITAL GHOST | EXECUTIVE SUMMARY At CYFIRMA, we are committed to delivering timely insights into emerging cyber threats and the evolving tactics of cybercriminals targeting individuals and | Ransom blog | Cyfirma |
| 4.10.25 | Rising Cyber Threats to Bahrain: Hacktivists and Data Breaches | EXECUTIVE SUMMARY In this report, our researchers analyzed recent cyber activity targeting Bahrain, including politically motivated hacktivism, credential leaks, government email | BigBrother blog | Cyfirma |
| 4.10.25 | CYBER THREAT ASSESSMENT ON NIGERIA | EXECUTIVE SUMMARY Between January and September 2025, Nigeria experienced a surge in data breaches and cybercrime activities across banking, telecom, government, healthcare, | Cyber blog | Cyfirma |
| 4.10.25 | Cisco SNMP Vulnerability CVE-2025-20352 Exploited in the Wild | CVE-2025-20352 is a critical SNMP vulnerability in Cisco IOS and IOS XE software, which has been actively exploited in the wild (added to the CISA KEV on September 29th), resulting in reported attacks affecting up to 2 million devices globally. | Vulnerebility blog | Eclypsium |
| 4.10.25 | The Hunt for RedNovember: A Depth Charge Against Network Edge Devices | Network edge devices such as routers, switches, firewalls, VPNs, and access points are being targeted by waves of cyberattacks. | Cyber blog | Eclypsium |
| 4.10.25 | HybridPetya Ransomware Shows Why Firmware Security Can't Be an Afterthought | Like many in our field, I thought we’d seen the last of Petya-style attacks after the chaos of 2017. As it turns out, that was wishful thinking. | Ransom blog | Eclypsium |
| 4.10.25 | Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users | Trend™ Research has identified an active campaign spreading via WhatsApp through a ZIP file attachment. When executed, the malware establishes persistence and hijacks the compromised WhatsApp account to send copies of itself to the victim’s contacts. | Malware blog | Trend Micro |
| 4.10.25 | Deserialization Leads to Command Injection in GoAnywhere MFT: CVE-2025-10035 | The SonicWall Capture Labs threat research team has identified a critical command injection vulnerability in GoAnywhere MFT. Tracked as CVE-2025-10035, this flaw allows attackers with a forged license response signature to deserialize malicious objects, potentially compromising the entire network access control infrastructure. | Vulnerebility blog | SonicWall |
| 4.10.25 | Exploited in the Wild: DELMIA Apriso Insecure Deserialization (CVE-2025-5086) | The SonicWall Capture Labs threat research team became aware of a deserialization of untrusted data vulnerability in DELMIA Apriso, assessed its impact and developed mitigation measures. DELMIA Apriso, developed by Dassault Systèmes, is a Manufacturing Operations Management (MOM) software that helps manufacturers digitize and manage global production. | Exploit blog | SonicWall |
| 4.10.25 | TOTOLINK X6000R: Three New Vulnerabilities Uncovered | We have uncovered three vulnerabilities in the firmware of the TOTOLINK X6000R router, version V9.4.0cu.1360_B20241207, released on March 28, 2025: | Vulnerebility blog | Palo Alto |
| 4.10.25 | Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite | Phantom Taurus is a previously undocumented nation-state actor whose espionage operations align with People’s Republic of China (PRC) state interests. Over the past two and a half years, Unit 42 researchers have observed Phantom Taurus targeting government and telecommunications organizations across Africa, the Middle East, and Asia. | APT blog | Palo Alto |
| 4.10.25 | Rhadamanthys 0.9.x – walk through the updates | Rhadamanthys is a popular, multi-modular stealer, released in 2022. Since then, it has been used in multiple campaigns by various actors. Most recently, it is being observed in the ClickFix campaigns. | Malware blog | CHECKPOINT |
| 4.10.25 | UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud | Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in SEO fraud and theft of high-value credentials, configuration files, and certificate data. | Cyber blog | CISCO TALOS |
| 4.10.25 | Family group chats: Your (very last) line of cyber defense | Amy gives an homage to parents in family group chats everywhere who want their children to stay safe in this wild world. | Cyber blog | CISCO TALOS |
| 4.10.25 | What happens when you engage Cisco Talos Incident Response? | What happens when you bring in a team of cybersecurity responders? How do we turn chaos into control, and what is the long-term value that Talos IR provides to the organizations we work with? | Cyber blog | CISCO TALOS |
| 4.10.25 | Manufacturing under fire: Strengthening cyber-defenses amid surging threats | Manufacturers operate in one of the most unforgiving threat environments and face a unique set of pressures that make attacks particularly damaging | Cyber blog | Eset |
| 4.10.25 | New spyware campaigns target privacy-conscious Android users in the UAE | ESET researchers have discovered campaigns distributing spyware disguised as Android Signal and ToTok apps, targeting users in the United Arab Emirates | Social blog | Eset |
| 4.10.25 | Cybersecurity Awareness Month 2025: Knowledge is power | We're kicking off the month with a focus on the human element: the first line of defense, but also the path of least resistance for many cybercriminals | Cyber blog | Eset |
| 4.10.25 | This month in security with Tony Anscombe – September 2025 edition | The past 30 days have seen no shortage of new threats and incidents that brought into sharp relief the need for well-thought-out cyber-resilience plans | Cyber blog | Eset |
| 4.10.25 | XWorm V6: Exploring Pivotal Plugins | XWorm V6, a potent malware, has resurfaced with new plugins and persistence methods. Stay informed and enhance your defenses against evolving cyber threats. Protect your organization now! | Malware blog | Trelix |