2025 January(178) February(102) March(349) April(412) May(435) June(471) July(395) August(189) September(431) October(0) November(0) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
|
13.10.25 |
Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors | Malware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30 vendors. The activity, described as akin to | BotNet | |
|
13.10.25 |
Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor | Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving "credible reports" in August 2025 that unknown threat actors were abusing the | Hack | |
|
13.10.25 |
Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns | Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the | Virus | |
|
13.10.25 |
New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims' PCs | Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary | Virus | |
|
13.10.25 |
New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login | Cybersecurity company Huntress on Friday warned of "widespread compromise" of SonicWall SSL VPN devices to access multiple customer environments. "Threat actors are | Hack | |
|
12.10.25 |
SonicWall: Firewall configs stolen for all cloud backup customers | SonicWall has confirmed that all customers that used the company's cloud backup service are affected by the security breach last month. | Incindent | |
|
12.10.25 |
From infostealer to full RAT: dissecting the PureRAT attack chain | Researchers map a campaign that escalated from a Python infostealer to a full PureRAT backdoor — loaders, evasions, and TLS-pinned C2. Join Huntress Labs' Tradecraft Tuesday for deep technical walkthroughs and live IOC guidance on the latest cybersecurity topics. | Virus | |
|
12.10.25 |
Azure outage blocks access to Microsoft 365 services, admin portals | Microsoft is working to resolve an outage affecting its Azure Front Door content delivery network (CDN), which is preventing customers from accessing some Microsoft 365 services. | Hack | |
|
12.10.25 |
Hacktivists target critical infrastructure, hit decoy plant | A pro-Russian hacktivist group called TwoNet pivoted in less than a year from launching distributed denial-of-service (DDoS) attacks to targeting critical infrastructure. | Hack | |
|
12.10.25 |
Hackers claim Discord breach exposed data of 5.5 million users | Discord says they will not be negotiating with threat actors who claim to have stolen the data of 5.5 million unique users from the company's Zendesk support system instance, including government IDs and partial payment information for some people. | Incindent | |
|
12.10.25 |
New FileFix attack uses cache smuggling to evade security software | A new variant of the FileFix social engineering attack uses cache smuggling to secretly download a malicious ZIP archive onto a victim's system and bypassing security software. | Attack | |
|
12.10.25 |
Qilin ransomware claims Asahi brewery attack, leaks data | The Qilin ransomware group has claimed responsibility for the attack at Japanese beer maker Asahi, adding the company to its extortion page on the dark web yesterday. | Ransom | |
|
12.10.25 |
Microsoft 365 outage blocks access to Teams, Exchange Online | Microsoft is working to resolve an ongoing outage preventing users from accessing Microsoft 365 services, including Microsoft Teams, Exchange Online, and the admin center. | OS | |
|
12.10.25 |
Microsoft enables Exchange Online auto-archiving by default | Microsoft is enabling threshold-based auto-archiving by default in Exchange Online to prevent email flow issues caused by mailboxes filling up faster than expected. | OS | |
|
12.10.25 |
Crimson Collective hackers target AWS cloud instances for data theft | The 'Crimson Collective' threat group has been targeting AWS (Amazon Web Services) cloud environments for the past weeks, to steal data and extort companies. | Incindent | |
|
12.10.25 |
Hackers exploit auth bypass in Service Finder WordPress theme | Threat actors are actively exploiting a critical vulnerability in the Service Finder WordPress theme that allows them to bypass authentication and log in as administrators. | Exploit | |
|
12.10.25 |
London police arrests suspects linked to nursery breach, child doxing | The UK Metropolitan Police has arrested two suspects following an investigation into the doxing of children online after a ransomware attack on a chain of London-based nurseries. | Incindent | |
|
12.10.25 |
Defend the Target, Not Just the Door: A Modern Plan for Google Workspace | The Salesloft Drift breach shows attackers don't need to "hack Google" — they just need to breach a trusted integration. Learn from Material Security how to secure OAuth, detect risky behavior, and protect data in Google Workspace. | Hack | |
|
12.10.25 |
Salesforce refuses to pay ransom over widespread data theft attacks | Salesforce has confirmed that it will not negotiate with or pay a ransom to the threat actors behind a massive wave of data theft attacks that impacted the company's customers this year. | Ransom | |
|
12.10.25 |
Docker makes Hardened Images Catalog affordable for small businesses | The Docker team has announced unlimited access to its Hardened Images catalog to make access to secure software bundles affordable for all development teams at startups and SMBs. | Hack | |
|
12.10.25 |
Google won’t fix new ASCII smuggling attack in Gemini | Google has decided not to fix a new ASCII smuggling attack in Gemini that could be used to trick the AI assistant into providing users with fake information, alter the model's behavior, and silently poison its data. | Attack | |
|
12.10.25 |
DraftKings warns of account breaches in credential stuffing attacks | Sports betting giant DraftKings has notified an undisclosed number of customers that their accounts had been hacked in a recent wave of credential stuffing attacks. | Incindent | |
|
12.10.25 |
Clop exploited Oracle zero-day for data theft since early August | The Clop ransomware gang has been exploiting a critical Oracle E-Business Suite (EBS) zero-day bug in data theft attacks since at least early August, according to cybersecurity company CrowdStrike. | Ransom | |
|
12.10.25 |
North Korean hackers stole over $2 billion in crypto this year | North Korean hackers have stolen an estimated $2 billion worth of cryptocurrency assets in 2025, marking the largest annual total on record. | Cryptocurrency | |
|
12.10.25 |
Electronics giant Avnet confirms breach, says stolen data unreadable | Electronic components distributor Avnet confirmed in a statement for BleepingComputer that it suffered a data breach but noted that the stolen data is unreadable without proprietary tools. | Incindent | |
|
12.10.25 |
Microsoft kills more Microsoft Account bypasses in Windows 11 | Microsoft is removing more methods that help users create local Windows accounts and bypass the Microsoft account requirement when installing Windows 11. | OS | |
|
12.10.25 |
Redefining Security Validation with AI-Powered Breach and Attack Simulation | Security teams are drowning in threat intel — but AI is changing that. AI-powered Breach and Attack Simulation turns new threats into real, testable scenarios in minutes — delivering proof that your defenses work, not just assumptions. Join the BAS Summit 2025 to see how AI redefines security validation. | AI | |
|
12.10.25 |
Google's new AI bug bounty program pays up to $30,000 for flaws | This week, Google has launched an AI Vulnerability Reward Program dedicated to security researchers who find and report flaws in the company's AI systems. | AI | BleepingComputer |
|
12.10.25 |
Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts | Cybersecurity company Huntress on Friday warned of "widespread compromise" of SonicWall SSL VPN devices to access multiple customer environments. "Threat actors are authenticating | Incindent | |
|
12.10.25 |
Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks | Threat actors are abusing Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in connection with ransomware attacks likely orchestrated by Storm-2603 (aka CL- | Ransom | |
|
11.10.25 |
Red Hat data breach escalates as ShinyHunters joins extortion | Enterprise software giant Red Hat is now being extorted by the ShinyHunters gang, with samples of stolen customer engagement reports (CERs) leaked on their data leak site. | Incindent | |
|
11.10.25 |
Microsoft: Critical GoAnywhere bug exploited in ransomware attacks | A cybercrime group, tracked as Storm-1175, has been actively exploiting a maximum severity GoAnywhere MFT vulnerability in Medusa ransomware attacks for nearly a month. | Ransom | |
|
11.10.25 |
Zeroday Cloud hacking contest offers $4.5 million in bounties | A new hacking competition called Zeroday Cloud, focused on open-source cloud and AI tools, announced a total prize pool of $4.5 million in bug bounties for researchers that submit exploits for various targets. | Hack | |
|
11.10.25 |
Redis warns of critical flaw impacting thousands of instances | The Redis security team has released patches for a maximum severity vulnerability that could allow attackers to gain remote code execution on thousands of vulnerable instances. | Vulnerebility | |
|
11.10.25 |
LinkedIn sues ProAPIs for using 1M fake accounts to scrape user data | LinkedIn has filed a lawsuit against Delaware company ProAPIs Inc. and its founder and CTO, Rehmat Alam, for allegedly scraping legitimate data through more than a million fake accounts. | Incindent | |
|
11.10.25 |
The role of Artificial Intelligence in today’s cybersecurity landscape | AI is transforming cybersecurity—from detecting phishing and insider threats to accelerating response. See how Waziuh, the open-source XDR and SIEM, integrates AI to turn raw security data into actionable insights and smarter threat hunting. | AI | |
|
11.10.25 |
Steam and Microsoft warn of Unity flaw exposing gamers to attacks | A code execution vulnerability in the Unity game engine could be exploited to achieve code execution on Android and privilege escalation on Windows. | Vulnerebility | |
|
11.10.25 |
XWorm malware resurfaces with ransomware module, over 35 plugins | New versions of the XWorm backdoor are being distributed in phishing campaigns after the original developer, XCoder, abandoned the project last year. | Virus | |
|
11.10.25 |
Oracle patches EBS zero-day exploited in Clop data theft attacks | Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks. | Vulnerebility | |
|
11.10.25 |
Hackers exploited Zimbra flaw as zero-day using iCalendar files | Researchers monitoring for larger .ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in zero-day attacks at the beginning of the year. | Vulnerebility | |
|
11.10.25 |
ParkMobile pays... $1 each for 2021 data breach that hit 22 million | ParkMobile has finally wrapped up a class action lawsuit over the platform's 2021 data breach that hit 22 million users. But there's a catch: victims are receiving compensation in the form of a $1 in-app credit, which they must claim manually. And, it comes with an expiration date. | Incindent | |
|
11.10.25 |
Massive surge in scans targeting Palo Alto Networks login portals | A spike in suspicious scans targeting Palo Alto Networks login portals indicates clear reconnaissance efforts from suspicious IP addresses, researchers warn. | Hack | |
|
11.10.25 |
Discord discloses data breach after hackers steal support tickets | Hackers stole partial payment information and personally identifiable data, including names and government-issued IDs, from some Discord users after compromising a third-party customer service provider. | Incindent | |
|
11.10.25 |
Signal adds new cryptographic defense against quantum attacks | Signal announced the introduction of Sparse Post-Quantum Ratchet (SPQR), a new cryptographic component designed to withstand quantum computing threats. | Security | |
|
11.10.25 |
Renault and Dacia UK warn of data breach impacting customers | Customers of Renault and Dacia in the United Kingdom have been notified that sensitive information they shared with the car maker was compromised following a data breach at a third-party provider. | Incindent | |
|
11.10.25 |
Japanese beer giant Asahi confirms ransomware attack | Japanese beer-making giant Asahi has disclosed today that a ransomware attack caused the IT disruptions that forced it to shut down factories this week. | Ransom | |
|
11.10.25 |
ShinyHunters launches Salesforce data leak site to extort 39 victims | An extortion group has launched a new data leak site to publicly extort dozens of companies impacted by a wave of Salesforce breaches, leaking samples of data stolen in the attacks. | Incindent | |
|
11.10.25 |
CommetJacking attack tricks Comet browser into stealing emails | A new attack called 'CometJacking' exploits URL parameters to pass to Perplexity's Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and | Attack | |
|
11.10.25 |
Oracle links Clop extortion attacks to July 2025 vulnerabilities | Oracle has linked an ongoing extortion campaign claimed by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were patched in July 2025. | Vulnerebility | |
|
11.10.25 |
Gmail business users can now send encrypted emails to anyone | Google says that Gmail enterprise users can now send end-to-end encrypted emails to people who use any email service or platform. | Security | |
|
11.10.25 |
Microsoft Outlook stops displaying inline SVG images used in attacks | Microsoft says Outlook for Web and the new Outlook for Windows will no longer display risky inline SVG images that are being used in attacks. | Hack | |
|
11.10.25 |
Operations with Untamed LLMs | Starting in June 2025, Volexity detected a series of spear phishing campaigns targeting several customers and their users in North America, Asia, and Europe. The initially observed campaigns were tailored | AI blog | VOLEXITY |
|
11.10.25 |
New Stealit Campaign Abuses Node.js Single Executable Application | A new Stealit campaign uses Node.js Single Executable Application (SEA) to deliver obfuscated malware. FortiGuard Labs details tactics and defenses. | Malware blog | FORTINET |
|
11.10.25 |
The Evolution of Chaos Ransomware: Faster, Smarter, and More Dangerous | FortiGuard Labs details Chaos-C++, a ransomware variant using destructive encryption and clipboard hijacking to amplify damage and theft. | Ransom blog | FORTINET |
|
11.10.25 |
Beginning Sept. 29, 2025, Google Threat Intelligence Group (GTIG) and Mandiant began tracking a new, large-scale extortion campaign by a threat actor claiming affiliation with the CL0P extortion brand. | Vulnerebility blog | Google Threat Intelligence | |
|
11.10.25 |
Cyber Threats in the EU Escalate as Diverse Groups Target Critical Sectors | The 2025 ENISA Threat Landscape shows rising cyber threats in the EU, with DDoS, ransomware, phishing, and supply chain attacks on critical infrastructure. | Cyber blog | Cyble |
|
11.10.25 |
Australian Data Breaches Are Up 48% So Far This Year. What’s Behind The Eye-Popping Surge? | Australian data breaches have surged 48% so far this year, the latest data point that suggests that threat actors are finding rich targets Down Under. | Cyber blog | Cyble |
|
11.10.25 |
Cybersecurity Awareness Month 2025: Don’t Just Be Aware, Be Ahead | This Cybersecurity Awareness Month, it’s time to move beyond awareness. Organizations face AI-powered attacks, supply chain vulnerabilities, and brand threats that demand proactive defense strategies—not just reactive responses. | Cyber blog | Cyble |
|
11.10.25 |
DPRK SANCTIONS VIOLATIONS IN CYBER OPERATIONS POST UN PANEL DEMISE | EXECUTIVE SUMMARY Since the termination of the United Nations (UN) Panel of Experts in April 2024 due to Russia's veto, the landscape of Democratic People's Republic of Korea | BigBrother blog | Cyfirma |
|
11.10.25 |
CYBER THREAT LANDSCAPE REPORT – Saudi Arabia | Executive Summary In 2025, Saudi Arabia witnessed a notable rise in cybercriminal activity, particularly within the dark web landscape. Threat actors increasingly targeted key sectors, | Cyber blog | Cyfirma |
|
11.10.25 |
APT PROFILE – HAFNIUM | Hafnium is a Chinese state-sponsored advanced persistent threat (APT) group, also referred to as Silk Typhoon, and is known for sophisticated cyber espionage targeting critical | APT blog | Cyfirma |
|
11.10.25 |
CYBER THREAT LANDSCAPE REPORT – UNITED ARAB EMIRATES UAE | Executive Summary In 2025, the United Arab Emirates (UAE) experienced a significant surge in cybercriminal activity, particularly in the dark web ecosystem. Threat actors targeted | Cyber blog | Cyfirma |
|
11.10.25 |
TRACKING RANSOMWARE : SEPTEMBER 2025 | EXECUTIVE SUMMARY In September 2025, ransomware activity remained elevated, with 504 global victims, heavily impacting consumer services, professional services, and manufacturing | Ransom blog | Cyfirma |
|
11.10.25 |
Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability | Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035. | Vulnerebility blog | Microsoft blog |
|
11.10.25 |
Disrupting threats targeting Microsoft Teams | Threat actors seek to abuse Microsoft Teams features and capabilities across the attack chain, underscoring the importance for defenders to proactively monitor, detect, and respond effectively. | Cyber blog | Microsoft blog |
|
11.10.25 |
A Cascade of Insecure Architectures: Axis Plugin Design Flaw Expose Select Autodesk Revit Users to Supply Chain Risk | We discovered Azure Storage Account credentials exposed in Axis Communications’ Autodesk Revit plugin, allowing unauthorized modification of cloud-hosted files. This exposure, combined with vulnerabilities in Autodesk Revit, could enable supply-chain attacks targeting end users. | Vulnerebility blog | Trend Micro |
|
11.10.25 |
How Your AI Chatbot Can Become a Backdoor | In this post of THE AI BREACH, learn how your Chatbot can become a backdoor. | AI blog | Trend Micro |
|
11.10.25 |
Weaponized AI Assistants & Credential Thieves | Learn the state of AI and the NPM ecosystem with the recent s1ngularity' weaponized AI for credential theft. | AI blog | Trend Micro |
|
11.10.25 |
RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits | Trend™ Research and ZDI Threat Hunters have identified a large-scale RondoDox botnet campaign exploiting over 50 vulnerabilities across more than 30 vendors, including flaws first seen in Pwn2Own contests. | Exploit blog | Trend Micro |
|
11.10.25 |
Invoice Ninja Deserialization Flaw (CVE-2024-55555) | The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-55555, assessed its impact, and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
|
11.10.25 |
Responding to Cloud Incidents: A Step-by-Step Guide From the 2025 Unit 42 Global Incident Response Report | Cloud incidents like ransomware attacks and account compromise can bring operations to a halt and create a situation in which costs, reputation and customer trust are at stake. | Incident blog | Palo Alto |
|
11.10.25 |
The ClickFix Factory: First Exposure of IUAM ClickFix Generator | Attackers are packaging a highly effective social engineering technique known as ClickFix into easy-to-use phishing kits, making it accessible to a wider range of threat actors. | Hacking blog | Palo Alto |
|
11.10.25 |
When AI Remembers Too Much – Persistent Behaviors in Agents’ Memory | This article presents a proof of concept (PoC) that demonstrates how adversaries can use indirect prompt injection to silently poison the long-term memory of an AI Agent. We use Amazon Bedrock Agent for this demonstration. | AI blog | Palo Alto |
|
11.10.25 |
The Golden Scale: Bling Libra and the Evolving Extortion Economy | In recent months, threat actors claiming to be part of a new conglomerate dubbed Scattered Lapsus$ Hunters (aka SP1D3R HUNTERS, SLSH) have asserted responsibility for laying siege to customer Salesforce tenants as part of a coordinated effort to steal data and hold it for ransom. | Ransom blog | Palo Alto |
|
11.10.25 |
Velociraptor leveraged in ransomware attacks | Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool. | Ransom blog | CISCO TALOS |
|
11.10.25 |
Why don’t we sit around this computer console and have a sing-along? | Martin muses on why computers are less fun than campfires, why their dangers seem less real, and why he’s embarking on a lengthy research project to study this. | Cyber blog | CISCO TALOS |
|
11.10.25 |
What to do when you click on a suspicious link | As the go-to cybersecurity expert for your friends and family, you’ll want to be ready for those “I clicked a suspicious link — now what?” messages. Share this quick guide to help them know exactly what to do next. | Cyber blog | CISCO TALOS |
|
11.10.25 |
Too salty to handle: Exposing cases of CSS abuse for hidden text salting | A simple yet effective tactic, known as hidden text salting, is increasingly used by cybercriminals over the past few months to evade even the most advanced email security solutions, including those powered by machine learning and large language models. | Cyber blog | CISCO TALOS |
|
11.10.25 |
Family group chats: Your (very last) line of cyber defense | Amy gives an homage to parents in family group chats everywhere who want their children to stay safe in this wild world. | APT blog | CISCO TALOS |
|
11.10.25 |
UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud | Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in SEO fraud and theft of high-value credentials, configuration files, and certificate data. | APT blog | CISCO TALOS |
|
11.10.25 |
Nvidia and Adobe vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Nvidia and one in Adobe Acrobat. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerabili | Vulnerebility blog | CISCO TALOS |
|
11.10.25 |
How Uber seems to know where you are – even with restricted location permissions | Is the ride-hailing app secretly tracking you? Not really, but this iOS feature may make it feel that way. | Cyber blog | Eset |
|
11.10.25 |
Cybersecurity Awareness Month 2025: Passwords alone are not enough | Never rely on just a password, however strong it may be. Multi-factor authentication is essential for anyone who wants to protect their online accounts from intruders. | Cyber blog | Eset |
|
11.10.25 |
The case for cybersecurity: Why successful businesses are built on protection | Company leaders need to recognize the gravity of cyber risk, turn awareness into action, and put security front and center | Cyber blog | Eset |
|
11.10.25 |
Beware of threats lurking in booby-trapped PDF files | Looks can be deceiving, so much so that the familiar icon could mask malware designed to steal your data and money. | Cyber blog | Eset |
|
11.10.25 |
Addressing CL0P Extortion Campaign Targeting Oracle EBS CVE-2025-61882 | Addressing CL0P Extortion Campaign Targeting Oracle EBS CVE-2025-61882 | Vulnerebility blog | Cybereason |
|
11.10.25 |
The Bug Report – September 2025 Edition | September's Bug Report is here! Learn about critical CVEs affecting Chrome, Windows, Django, and FreePBX. Stay secure—patch now. | Vulnerebility blog | Trelix |
|
11.10.25 |
The Evolution of Russian Physical-Cyber Espionage | From Rio to The Hague: How Russia’s evolving close-access cyber ops raise new risks. Learn what’s next—and how defenders can respond. | APT blog | Trelix |
|
11.10.25 |
Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers | Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application (SEA) feature as a way to distribute | Virus | |
|
11.10.25 |
Microsoft Warns of 'Payroll Pirates' Hijacking HR SaaS Accounts to Steal Employee Salaries | A threat actor known as Storm-2657 has been observed hijacking employee accounts with the end goal of diverting salary payments to attacker-controlled accounts. "Storm-2657 is actively | APT | |
|
11.10.25 |
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation | Fortra on Thursday revealed the results of its investigation into CVE-2025-10035 , a critical security flaw in GoAnywhere Managed File Transfer (MFT) that's assessed to have come under | Vulnerebility | |
|
11.10.25 |
175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign | Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual | Phishing | |
|
11.10.25 |
From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability | Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products. The zero-day | Exploit | |
|
10.10.25 |
CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw | Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle's E-Business Suite (EBS) software since August 9, 2025 , Google Threat | Ransom | |
|
10.10.25 |
From HealthKick to GOVERSHELL: The Evolution of UTA0388's Espionage Malware | A China-aligned threat actor codenamed UTA0388 has been attributed to a series of spear-phishing campaigns targeting North America, Asia, and Europe that are designed to deliver a | APT | |
|
10.10.25 |
New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps | A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like | Virus | |
|
9.10.25 |
Hackers Access SonicWall Cloud Firewall Backups, Spark Urgent Security Checks | SonicWall on Wednesday disclosed that an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service. "The files contain | Vulnerebility | |
|
9.10.25 |
ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More | Cyber threats are evolving faster than ever. Attackers now combine social engineering, AI-driven manipulation, and cloud exploitation to breach targets once considered secure. From | Hack | |
|
9.10.25 |
From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine | Russian hackers' adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025 (H1 2025), the country's State Service for Special | AI | |
|
9.10.25 |
Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme | Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including | Exploit | |
|
9.10.25 |
Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks | Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy | Exploit | |
|
8.10.25 |
Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave | Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT to | APT | |
|
8.10.25 |
LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem | Three prominent ransomware groups DragonForce , LockBit , and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat | Ransom | |
|
8.10.25 |
Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now | Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol ( MCP ) server that could allow attackers to | Vulnerebility | |
|
8.10.25 |
OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks | OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development. This includes a Russian‑language | AI | |
|
8.10.25 |
BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers | A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals | Virus | |
|
8.10.25 |
Google's New AI Doesn't Just Find Vulnerabilities — It Rewrites Code to Patch Them | Google's DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically detects, patches, and rewrites vulnerable code to prevent | AI | |
|
8.10.25 |
XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities | Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. | Virus | |
|
7.10.25 |
13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely | Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The | Vulnerebility | |
|
7.10.25 |
Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware | Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa | APT | |
|
7.10.25 |
Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks | CrowdStrike on Monday said it's attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence to a threat actor it tracks as Graceful | Vulnerebility | |
|
7.10.25 |
New Report Links Research Firms BIETA and CIII to China's MSS Cyber Operations | A Chinese company named the Beijing Institute of Electronics Technology and Application (BIETA) has been assessed to be likely led by the Ministry of State Security (MSS). The | APT | |
|
7.10.25 |
Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks | Oracle has released an emergency update to address a critical security flaw in its E-Business Suite software that it said has been exploited in the recent wave of Cl0p data theft attacks. The | Vulnerebility | |
|
7.10.25 |
Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers | Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high- | CyberCrime | |
|
7.10.25 |
Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files | A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military. Tracked as CVE-2025-27915 (CVSS | Exploit | |
|
5.10.25 |
DrayTek warns of remote code execution bug in Vigor routers | Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform arbitrary code. | Vulnerebility | |
|
5.10.25 |
HackerOne paid $81 million in bug bounties over the past year | Bug bounty platform HackerOne announced that it paid out $81 million in rewards to white-hat hackers worldwide over the past 12 months. | Vulnerebility | |
|
5.10.25 |
Microsoft Defender bug triggers erroneous BIOS update alerts | Microsoft is working to resolve a bug that causes Defender for Endpoint to incorrectly tag some devices' BIOS (Basic Input/Output System) firmware as outdated, prompting users to update it. | Vulnerebility | |
|
5.10.25 |
Your Service Desk is the New Attack Vector—Here's How to Defend It. | Service desks are prime targets. A practical, NIST-aligned workflow for help desk user verification that stops social engineering without slowing support. Learn how role- & points-based verification workflows stop attackers cold. | Hack | |
|
5.10.25 |
Android spyware campaigns impersonate Signal and ToTok messengers | Two new spyware campaigns that researchers call ProSpy and ToSpy lured Android users with fake upgrades or plugins for the Signal and ToTok messaging apps to steal sensitive data. | Virus | |
|
5.10.25 |
Red Hat confirms security incident after hackers breach GitLab instance | An extortion group calling itself the Crimson Collective claims to have stolen nearly 570GB of compressed data across 28,000 internal development respositories, with the company confirming it was a breach of one of its GitLab instances. | Incindent | |
|
5.10.25 |
Clop extortion emails claim theft of Oracle E-Business Suite data | Mandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems | Ransom | |
|
5.10.25 |
Data breach at dealership software provider impacts 766k clients | A ransomware attack at Motility Software Solutions, a provider of dealer management software (DMS), has exposed the sensitive data of 766,000 customers. | Incindent | |
|
5.10.25 |
Adobe Analytics bug leaked customer tracking data to other tenants | Adobe is warning its Analytics customers that an ingestion bug caused data from some organizations to appear in the analytics instances of others for approximately one day. | Vulnerebility | |
|
5.10.25 |
New bug in classic Outlook can only be fixed via Microsoft support | Microsoft is investigating a known issue that causes the classic Outlook email client to crash upon launch, which can only be resolved via Exchange Online support. | OS | |
|
5.10.25 |
Android malware uses VNC to give attackers hands-on access | A new Android banking and remote access trojan (RAT) dubbed Klopatra disguised as an IPTV and VPN app has infected more than 3,000 devices across Europe. | Virus | |
|
5.10.25 |
F-Droid project threatened by Google's new dev registration rules | F-Droid is warning that the project could reach an end due to Google's new requirements for all Android developers to verify their identity. | Virus | |
|
5.10.25 |
WestJet data breach exposes travel details of 1.2 million customers | Canadian airline WestJet is informing customers that the cyberattack disclosed in June compromised the personal information of 1.2 million customers, including passports and ID documents. | Incindent | |
|
5.10.25 |
Google Drive for desktop gets AI-powered ransomware detection | Google has begun rolling out a new AI-powered security feature for Google Drive desktop, which will automatically pause file syncing when it detects a ransomware attack to minimize impact. | AI | |
|
5.10.25 |
Allianz Life says July data breach impacts 1.5 million people | Allianz Life has completed the investigation into the cyberattack it suffered in July and determined that nearly 1.5 million individuals are impacted. | Incindent | |
|
5.10.25 |
How To Simplify CISA's Zero Trust Roadmap with Modern Microsegmentation | CISA says microsegmentation isn't optional—it's foundational to Zero Trust. But legacy methods make it slow & complex. Learn from Zero Networks how modern, automated, agentless approaches make containment practical for every org. | Security | |
|
5.10.25 |
Microsoft: Media Creation Tool broken on Windows 11 Arm64 PCs | After rolling out Windows 11 25H2, also known as Windows 11 2025 Update, Microsoft has confirmed that the Media Creation Tool has stopped working on devices with Arm64 CPUs. | OS | |
|
5.10.25 |
Sendit sued by the FTC for illegal collection of children data | The Federal Trade Commission (FTC) is suing Sendit's operating company and its CEO for unlawful collection of data from underage users, as well as deceptive subscription practices. | BigBrothers | |
|
5.10.25 |
New MatrixPDF toolkit turns PDFs into phishing and malware lures | A new phishing and malware distribution toolkit called MatrixPDF allows attackers to convert ordinary PDF files into interactive lures that bypass email security and redirect victims to credential theft or malware downloads. | Phishing | |
|
5.10.25 |
CometJacking: One Click Can Turn Perplexity's Comet AI Browser Into a Data Thief | Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity's agentic AI browser Comet by embedding malicious prompts within a | AI | |
|
5.10.25 |
Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day | Threat intelligence firm GreyNoise disclosed on Friday that it has observed a spike in scanning activity targeting Palo Alto Networks login portals. The company said it observed a nearly 500% | Hack | |
|
4.10.25 |
Windows 11 2025 Update (25H2) is now available, Here's what's new |
Today, Microsoft announced the release of Windows 11 25H2, also known as Windows 11 2025 Update. |
||
|
4.10.25 |
Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws |
Roughly 50,000 Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) appliances exposed on the public web are vulnerable to two vulnerabilities actively leveraged by hackers. |
||
|
4.10.25 |
Western Digital has released firmware updates for multiple My Cloud NAS models to patch a critical-severity vulnerability that could be exploited remotely to execute arbitrary system commands. |
|||
|
4.10.25 |
Chinese hackers exploiting VMware zero-day since October 2024 |
Broadcom has patched a high-severity privilege escalation vulnerability in its VMware Aria Operations and VMware Tools software, which has been exploited in zero-day attacks since October 2024. |
||
|
4.10.25 |
VMware certification is surging as IT teams face hybrid infra, cloud complexity, & rising risks. See how VMUG Advantage helps practitioners & enterprises turn certification into stronger security & measurable value. |
|||
|
4.10.25 |
Microsoft fixes Windows DRM video playback issues for some users |
Microsoft says it has "partially" resolved a known issue that caused problems when trying to play DRM-protected video in Blu-ray/DVD/Digital TV applications. |
||
|
4.10.25 |
Hackers are actively exploiting a critical vulnerability (CVE-2025-32463) in the sudo package that enables the execution of commands with root-level privileges on Linux operating systems. |
|||
|
4.10.25 |
Windows 11 KB5065789 update released with 41 changes and fixes |
Microsoft has released the KB5065789 preview cumulative update for Windows 11 24H2, which includes 41 improvements, including new AI actions in File Explorer and bug fixes for Windows Update and Windows Sandbox. |
||
|
4.10.25 |
Broadcom fixes high-severity VMware NSX bugs reported by NSA |
Broadcom has released security updates to patch two high-severity VMware NSX vulnerabilities reported by the U.S. National Security Agency (NSA). |
||
|
4.10.25 |
UK convicts "Bitcoin Queen" in world’s largest cryptocurrency seizure |
The Metropolitan Police has secured a conviction in what is believed to be the world's largest cryptocurrency seizure, valued at more than £5.5 billion ($7.3 billion). |
||
|
4.10.25 |
Japan's largest brewer suspends operations due to cyberattack |
Asahi Group Holdings, Ltd (Asahi), the brewer of Japan's top-selling beer, has disclosed a cyberattack that disrupted several of its operations. |
||
|
4.10.25 |
Ransomware gang sought BBC reporter’s help in hacking media giant |
Threat actors claiming to represent the Medusa ransomware gang tempted a BBC correspondent to become an insider threat by offering a significant amount of money. |
||
|
4.10.25 |
UK govt backs JLR with £1.5 billion loan guarantee after cyberattack |
The UK Government is providing Jaguar Land Rover (JLR) with a £1.5 billion loan guarantee to restore its supply chain after a catastrophic cyberattack forced the automaker to halt production. |
||
|
4.10.25 |
Harrods suffers new data breach exposing 430,000 customer records |
UK retail giant Harrods has disclosed a new cybersecurity incident after hackers compromised a third-party supplier and stole 430,000 records with sensitive e-commerce customer information. |
||
|
4.10.25 |
Can We Trust AI To Write Vulnerability Checks? Here's What We Found |
Can AI speed up writing vulnerability checks without sacrificing quality? Intruder put it to the test. Their researchers found where AI helps, where it falls short, and why human oversight is still critical. See what they discovered in practice. |
||
|
4.10.25 |
Akira ransomware breaching MFA-protected SonicWall VPN accounts |
Ongoing Akira ransomware attacks targeting SonicWall SSL VPN devices continue to evolve, with the threat actors found to be successfully logging in despite OTP MFA being enabled on accounts. Researchers suspect that this may be achieved through the use of previously stolen OTP seeds, although the exact method remains unconfirmed. |
||
|
4.10.25 |
The European Comission is investigating potential anti-competitive practices in aftermarket services SAP provides for its on-premise ERP software. |
|||
|
4.10.25 |
Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer |
A threat actor named Detour Dog has been outed as powering campaigns distributing an information stealer known as Strela Stealer. That's according to findings from Infoblox, which |
||
|
4.10.25 |
Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads |
The threat actor behind Rhadamanthys has also advertised two other tools called Elysium Proxy Bot and Crypt Service on their website, even as the flagship information stealer has been |
||
|
4.10.25 |
FortiGuard Labs has uncovered a shift in the tactics of threat actor Confucius, from stealers to Python backdoors, highlighting advanced techniques used in South Asian cyber espionage. Read more. |
|||
|
4.10.25 |
|
Protecting software-as-a-service (SaaS) platforms and applications requires a comprehensive security strategy. Drawing from analysis of UNC6040’s specific attack methodologies, this guide presents a structured defensive framework encompassing proactive hardening measures, comprehensive logging protocols, and advanced detection capabilities. |
||
|
4.10.25 |
The Week in Vulnerabilities: PoCs and Zero-Days Merit Rapid Patching |
A high percentage of Proof-of-Concept exploits and new zero days this week should have security teams on high alert. |
||
|
4.10.25 |
The Week in Vulnerabilities: MFT, Help Desk Fixes Urged by Cyble |
The week’s top vulnerabilities include several that could attract the attention of threat actors, and some that already have. |
||
|
4.10.25 |
Exploiting Legitimate Remote Access Tools in Ransomware Campaigns |
Introduction Ransomware is one of the most disruptive cyber threats, encrypting critical organizational data and demanding ransom payments for restoration. While early campaigns relied on mass phishing or opportunistic malware distribution, modern ransomware operations have evolved into highly sophisticated |
||
|
4.10.25 |
TYPHOON IN THE FIFTH DOMAIN : CHINA’S EVOLVING CYBER STRATEGY |
EXECUTIVE SUMMARY China’s cyber operations have evolved from economic espionage to strategic, politically driven campaigns that pose significant threats to Western critical |
||
|
4.10.25 |
EXECUTIVE SUMMARY At CYFIRMA, we are committed to delivering timely insights into emerging cyber threats and the evolving tactics of cybercriminals targeting individuals and |
|||
|
4.10.25 |
Rising Cyber Threats to Bahrain: Hacktivists and Data Breaches |
EXECUTIVE SUMMARY In this report, our researchers analyzed recent cyber activity targeting Bahrain, including politically motivated hacktivism, credential leaks, government email |
||
|
4.10.25 |
EXECUTIVE SUMMARY Between January and September 2025, Nigeria experienced a surge in data breaches and cybercrime activities across banking, telecom, government, healthcare, |
|||
|
4.10.25 |
Cisco SNMP Vulnerability CVE-2025-20352 Exploited in the Wild |
CVE-2025-20352 is a critical SNMP vulnerability in Cisco IOS and IOS XE software, which has been actively exploited in the wild (added to the CISA KEV on September 29th), resulting in reported attacks affecting up to 2 million devices globally. |
||
|
4.10.25 |
The Hunt for RedNovember: A Depth Charge Against Network Edge Devices |
Network edge devices such as routers, switches, firewalls, VPNs, and access points are being targeted by waves of cyberattacks. |
||
|
4.10.25 |
HybridPetya Ransomware Shows Why Firmware Security Can't Be an Afterthought |
Like many in our field, I thought we’d seen the last of Petya-style attacks after the chaos of 2017. As it turns out, that was wishful thinking. |
||
|
4.10.25 |
Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users |
Trend™ Research has identified an active campaign spreading via WhatsApp through a ZIP file attachment. When executed, the malware establishes persistence and hijacks the compromised WhatsApp account to send copies of itself to the victim’s contacts. |
||
|
4.10.25 |
Deserialization Leads to Command Injection in GoAnywhere MFT: CVE-2025-10035 |
The SonicWall Capture Labs threat research team has identified a critical command injection vulnerability in GoAnywhere MFT. Tracked as CVE-2025-10035, this flaw allows attackers with a forged license response signature to deserialize malicious objects, potentially compromising the entire network access control infrastructure. |
||
|
4.10.25 |
Exploited in the Wild: DELMIA Apriso Insecure Deserialization (CVE-2025-5086) |
The SonicWall Capture Labs threat research team became aware of a deserialization of untrusted data vulnerability in DELMIA Apriso, assessed its impact and developed mitigation measures. DELMIA Apriso, developed by Dassault Systèmes, is a Manufacturing Operations Management (MOM) software that helps manufacturers digitize and manage global production. |
||
|
4.10.25 |
We have uncovered three vulnerabilities in the firmware of the TOTOLINK X6000R router, version V9.4.0cu.1360_B20241207, released on March 28, 2025: |
|||
|
4.10.25 |
Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite |
Phantom Taurus is a previously undocumented nation-state actor whose espionage operations align with People’s Republic of China (PRC) state interests. Over the past two and a half years, Unit 42 researchers have observed Phantom Taurus targeting government and telecommunications organizations across Africa, the Middle East, and Asia. |
||
|
4.10.25 |
Rhadamanthys is a popular, multi-modular stealer, released in 2022. Since then, it has been used in multiple campaigns by various actors. Most recently, it is being observed in the ClickFix campaigns. |
|||
|
4.10.25 |
UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud |
Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in SEO fraud and theft of high-value credentials, configuration files, and certificate data. |
||
|
4.10.25 |
Amy gives an homage to parents in family group chats everywhere who want their children to stay safe in this wild world. |
|||
|
4.10.25 |
What happens when you bring in a team of cybersecurity responders? How do we turn chaos into control, and what is the long-term value that Talos IR provides to the organizations we work with? |
|||
|
4.10.25 |
Manufacturing under fire: Strengthening cyber-defenses amid surging threats |
|||
|
4.10.25 |
New spyware campaigns target privacy-conscious Android users in the UAE |
|||
|
4.10.25 |
||||
|
4.10.25 |
This month in security with Tony Anscombe – September 2025 edition |
|||
|
4.10.25 |
XWorm V6, a potent malware, has resurfaced with new plugins and persistence methods. Stay informed and enhance your defenses against evolving cyber threats. Protect your organization now! |
|||
|
3.10.25 |
Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL |
Brazilian users have emerged as the target of a new self-propagating malware that spreads via the popular messaging app WhatsApp. The campaign, codenamed SORVEPOTEL by Trend |
||
|
3.10.25 |
Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security |
Passwork is positioned as an on-premises unified platform for both password and secrets management, aiming to address the increasing complexity of credential storage and sharing in |
||
|
3.10.25 |
New "Cavalry Werewolf" Attack Hits Russian Agencies with FoalShell and StallionRAT |
A threat actor that's known to share overlaps with a hacking group called YoroTrooper has been observed targeting the Russian public sector with malware families such as FoalShell and |
||
|
3.10.25 |
CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited |
||
|
3.10.25 |
Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware |
The threat actor known as Confucius has been attributed to a new phishing campaign that has targeted Pakistan with malware families like WooperStealer and Anondoor. "Over the past |
||
|
3.10.25 |
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown |
Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also |
||
|
3.10.25 |
Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware |
Google Mandiant and Google Threat Intelligence Group (GTIG) have disclosed that they are tracking a new cluster of activity possibly linked to a financially motivated threat actor known as |
||
|
3.10.25 |
Warning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro |
Cybersecurity researchers have discovered two Android spyware campaigns dubbed ProSpy and ToSpy that impersonate apps like Signal and ToTok to target users in the United Arab |
||
|
3.10.25 |
New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer |
In yet another piece of research, academics from Georgia Institute of Technology and Purdue University have demonstrated that the security guarantees offered by Intel's Software Guard |
||
|
3.10.25 |
OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps |
A high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution that, if successfully exploited, could expose sensitive |
||
|
3.10.25 |
Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover |
A severe security flaw has been disclosed in the Red Hat OpenShift AI service that could allow attackers to escalate privileges and take control of the complete infrastructure under certain |
||
|
3.10.25 |
Hackers Exploit Milesight Routers to Send Phishing SMS to European Users |
Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February |
||
|
3.10.25 |
Bitdefender's 2025 Cybersecurity Assessment Report paints a sobering picture of today's cyber defense landscape: mounting pressure to remain silent after breaches, a gap between |
|||
|
3.10.25 |
New Android Banking Trojan "Klopatra" Uses Hidden VNC to Control Infected Smartphones |
A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy. Italian fraud |
||
|
3.10.25 |
Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs |
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new targeted cyber attacks in the country using a backdoor called CABINETRAT. The activity, observed in |
||
|
3.10.25 |
New $50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections |
A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud |
||
|
3.10.25 |
Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware |
Government and telecommunications organizations across Africa, the Middle East, and Asia have emerged as the target of a previously undocumented China-aligned nation-state actor |
||
|
3.10.25 |
Researchers Disclose Google Gemini AI Flaws Allowing Prompt Injection and Cloud Exploits |
Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have |
||
|
3.10.25 |
Microsoft Expands Sentinel Into Agentic Security Platform With Unified Data Lake |
Microsoft on Tuesday unveiled the expansion of its Sentinel Security Incidents and Event Management solution (SIEM) as a unified agentic platform with the general availability of the |
||
|
3.10.25 |
Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024 |
A newly patched security flaw impacting Broadcom VMware Tools and VMware Aria Operations has been exploited in the wild as a zero-day since mid-October 2024 by a threat actor called |
||
|
3.10.25 |
New Android Trojan "Datzbro" Tricking Elderly with AI-Generated Facebook Travel Events |
Cybersecurity researchers have flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover ( DTO ) attacks and perform fraudulent |
||
|
3.10.25 |
U.K. Police Just Seized £5.5 Billion in Bitcoin — The World's Largest Crypto Bust |
A Chinese national has been convicted for her role in a fraudulent cryptocurrency scheme after law enforcement authorities in the U.K. confiscated £5.5 billion (about $7.39 billion) during a |
||
|
3.10.25 |
CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems |
||
|
3.10.25 |
EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations |
Threat actors have been observed using seemingly legitimate artificial intelligence (AI) tools and software to sneakily slip malware for future attacks on organizations worldwide. According |
||
|
3.10.25 |
Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security |
Microsoft is calling attention to a new phishing campaign primarily aimed at U.S.-based organizations that has likely utilized code generated using large language models (LLMs) to |
||
|
3.10.25 |
First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package |
Telecommunications and manufacturing sectors in Central and South Asian countries have emerged as the target of an ongoing campaign distributing a new variant of a known malware |