2025 January(178) February(102) March(349) April(412) May(435) June(471) July(77) August(0) September(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 12.7.25 | Malicious pull request infects VS Code extension | ETHcode, a VS Code extension for Ethereum smart contract development, was compromised following a GitHub pull request. | Cryptocurrency blog | REVERSINGLABS |
| 12.7.25 | Is Cyber the Next Stage of War in the Middle East Conflict? | As clashes continue in the Middle East, who are the cyber actors to be aware of? | Cyber blog | SYMANTEC BLOG |
| 12.7.25 | Hacktivist Attacks on Critical Infrastructure Grow as New Groups Emerge | Hacktivists are increasingly targeting critical infrastructure, data breaches, and other more sophisticated attack types. | Hacking blog | Cyble |
| 12.7.25 | Phishing, Pivots, and Persistence: A Look into Japan’s Q1 2025 Cyber Threat Landscape | JPCERT’s Q1 2025 report reveals a 10% rise in cyber incidents, with phishing making up 87% of confirmed cases. | Phishing blog | Cyble |
| 12.7.25 | Ongoing Phishing Campaign Utilizes LogoKit for Credential Harvesting | CRIL analyzes an ongoing LogoKit phishing campaign that pulls brand assets from Clearbit and Google Favicon. | Phishing blog | Cyble |
| 12.7.25 | Direct Memory and Container OOMKilled Errors | Recently, we encountered continuous integration (CI) build failures in two of our microservices, caused by Java unit tests. | Security blog | PROOFPOINT |
| 12.7.25 | Catching Smarter Mice with Even Smarter Cats | Explore how AI is changing the cat-and-mouse dynamic of cybersecurity, from cracking obfuscation and legacy languages to challenging new malware built with Flutter, Rust, and Delphi. | AI blog | FORTINET |
| 12.7.25 | TRACKING RANSOMWARE : JUNE 2025 | EXECUTIVE SUMMARY In June 2025, ransomware attacks targeted critical industries such as professional services, healthcare, and information technology, exploiting their | Ransom blog | Cyfirma |
| 12.7.25 | RENDERSHOCK: WEAPONIZING TRUST IN FILE RENDERING PIPELINES | EXECUTIVE SUMMARY RenderShock is a comprehensive zero-click attack strategy that targets passive file preview, indexing, and automation behaviours in modern operating systems and enterprise environments. It leverages built-in trust | Malware blog | Cyfirma |
| 12.7.25 | GitHub Abused to Spread Malware Disguised as Free VPN | EXECUTIVE SUMMARY At CYFIRMA, we continuously monitor and investigate emerging cyber threats targeting both organizations and individuals. In this report, we analysed a | Malware blog | Cyfirma |
| 12.7.25 | Microsoft Security Bulletin Coverage for July 2025 | Microsoft’s July 2025 Patch Tuesday has 127 vulnerabilities, 53 of which are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2025 and has produced coverage for 12 of the reported vulnerabilities. | Vulnerebility blog | SonicWall |
| 12.7.25 | Unauthenticated File Upload-to-RCE in VvvebJs (CVE-2024-29272) | The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-29272, assessed its impact and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
| 12.7.25 | Ransomware Delivered Through GitHub: A PowerShell-Powered Attack | Recently, the SonicWall Capture Labs threat research team identified a PowerShell-based ransomware variant that is abusing GitHub for its distribution. | Ransom blog | SonicWall |
| 12.7.25 | Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques | In late 2024, we discovered a malware variant related to the SLOW#TEMPEST campaign. In this research article, we explore the obfuscation techniques employed by the malware authors. We deep dive into these malware samples and highlight methods and code that can be used to detect and defeat the obfuscation techniques. | Malware blog | Palo Alto |
| 12.7.25 | GoldMelody’s Hidden Chords: Initial Access Broker In-Memory IIS Modules Revealed | Unit 42 researchers uncovered a campaign by an initial access broker (IAB) to exploit leaked Machine Keys — cryptographic keys used on ASP.NET sites — to gain access to targeted organizations. IABs breach organizations and then sell that access to other threat actors. | Exploit blog | Palo Alto |
| 12.7.25 | Fix the Click: Preventing the ClickFix Attack Vector | In this article, we share hunting tips and mitigation strategies for ClickFix campaigns and provide an inside view of some of the most prominent ClickFix campaigns we have seen so far in 2025: | Hacking blog | Palo Alto |
| 11.7.25 | BERT Ransomware Group Targets Asia and Europe on Multiple Platforms | BERT is a newly emerged ransomware group that pairs simple code with effective execution—carrying out attacks across Europe and Asia. In this entry, we examine the group’s tactics, how their variants have evolved, and the tools they use to get past defenses and speed up encryption across platforms. | Ransom blog | Trend Micro |
| 11.7.25 | Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack | In March 2025, Apache disclosed CVE-2025-24813, a vulnerability impacting Apache Tomcat. This is a widely used platform that allows Apache web servers to run Java-based web applications. The flaw allows remote code execution, affecting Apache Tomcat versions 9.0.0.M1 to 9.0.98, 10.1.0-M1 to 10.1.34 and 11.0.0-M1 to 11.0.2. | Vulnerebility blog | Palo Alto |
| 11.7.25 | BlackSuit: A Hybrid Approach with Data Exfiltration and Encryption | In this Threat Analysis Report, Cybereason investigates a recently observed BlackSuit ransomware attack and the tools and techniques the threat actors used. | Ransom blog | Cybereason |
| 11.7.25 | From Click to Compromise: Unveiling the Sophisticated Attack of DoNot APT Group on Southern European Government Entities | The DoNot APT group, also identified by various security vendors as APT-C-35, Mint Tempest, Origami Elephant, SECTOR02, and Viceroy Tiger, has been active since at least 2016, and has been attributed by several vendors to have links to India. | APT blog | Trelix |
| 11.7.25 | M&S confirms social engineering led to massive ransomware attack | M&S confirmed today that the retail outlet's network was initially breached in a "sophisticated impersonation attack" that ultimately led to a DragonForce ransomware attack. | Ransom | |
| 11.7.25 | New Android TapTrap attack fools users with invisible UI trick | A novel tapjacking technique can exploit user interface animations to bypass Android's permission system and allow access to sensitive data or trick users into performing destructive actions, such as wiping the device. | Virus | BleepingComputer |
| 11.7.25 | Windows 10 KB5062554 cumulative update released with 13 changes, fixes | Microsoft has released the KB5062554 cumulative update for Windows 10 22H2 and Windows 10 21H2, with thirteen new fixes or changes. | OS | |
| 11.7.25 | Windows 11 KB5062553 & KB5062552 cumulative updates released | Microsoft has released Windows 11 KB5062553 and KB5062552 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. | OS | |
| 11.7.25 | Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws | Today is Microsoft's July 2025 Patch Tuesday, which includes security updates for 137 flaws, including one publicly disclosed zero-day vulnerability in Microsoft SQL Server. | OS | |
| 11.7.25 | Android malware Anatsa infiltrates Google Play to target US banks | The Anatsa banking trojan has sneaked into Google Play once more via an app posing as a PDF viewer that counted more than 50,000 downloads. | Virus | |
| 11.7.25 | Overcoming Technical Barriers in Desktop and Application Virtualization | Exposed RDP ports are an open door for attackers. TruGrid SecureRDP enforces Zero Trust and MFA, blocks lateral movement, and secures remote access—no open firewall ports required. Learn more and get a free trial. | Hack | BleepingComputer |
| 11.7.25 | Malicious Chrome extensions with 1.7M installs found on Web Store | Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. | Virus | |
| 11.7.25 | Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage | A Chinese national was arrested in Milan, Italy, last week for allegedly being linked to the state-sponsored Silk Typhoon hacking group, which responsible for cyberattacks against American organizations and government agencies. | APT | |
| 11.7.25 | Public exploits released for Citrix Bleed 2 NetScaler flaw, patch now | Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens. | Vulnerebility | BleepingComputer |
| 11.7.25 | Employee gets $920 for credentials used in $140 million bank heist | Hackers stole nearly $140 million from six banks in Brazil by using an employee's credentials from C&M, a company that offers financial connectivity solutions. | Incindent | |
| 11.7.25 | Atomic macOS infostealer adds backdoor for persistent attacks | Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as 'AMOS') that comes with a backdoor, to attackers persistent access to compromised systems. | Virus | |
| 11.7.25 | Qantas is being extorted in recent data-theft cyberattack | Qantas has confirmed that it is now being extorted by threat actors following a cyberattack that potentially exposed the data for 6 million customers. | Incindent | BleepingComputer |
| 11.7.25 | 'Batavia' Windows spyware campaign targets dozens of Russian orgs | A previously undocumented spyware called 'Batavia' has been targeting large industrial enterprises in Russia in a phishing email campaign that uses contract-related lures. | Virus | |
| 11.7.25 | Hackers abuse leaked Shellter red team tool to deploy infostealers | Shellter Project, the vendor of a commercial AV/EDR evasion loader for penetration testing, confirmed that hackers used its Shellter Elite product in attacks after a customer leaked a copy of the software. | Virus | |
| 11.7.25 | Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257) | Fortinet has released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on | Vulnerebility | The Hacker News |
| 11.7.25 | PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution | Cybersecurity researchers have discovered a set of four security flaws in OpenSynergy's BlueSDK Bluetooth stack that, if successfully exploited, could allow | Vulnerebility | The Hacker News |
| 11.7.25 | Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild | A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress. The | Vulnerebility | The Hacker News |
| 11.7.25 | Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals | An Iranian-backed ransomware-as-a-service (RaaS) named Pay2Key has resurfaced in the wake of the Israel-Iran-U.S. conflict last month, offering bigger payouts to | Ransom | The Hacker News |
| 11.7.25 | CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its | Vulnerebility | The Hacker News |
| 11.7.25 | Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads | Cybersecurity researchers have discovered a critical vulnerability in the open-source mcp-remote project that could result in the execution of arbitrary operating system | Vulnerebility | The Hacker News |
| 10.7.25 | Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord | Cryptocurrency users are the target of an ongoing social engineering campaign that employs fake startup companies to trick users into downloading malware that can | AI | The Hacker News |
| 10.7.25 | Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods | The U.K. National Crime Agency (NCA) on Thursday announced that four people have been arrested in connection with cyber attacks targeting major retailers Marks | CyberCrime | The Hacker News |
| 10.7.25 | New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App | Cybersecurity researchers have discovered new artifacts associated with an Apple macOS malware called ZuRu, which is known to propagate via trojanized versions | Virus | The Hacker News |
| 10.7.25 | AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs | Semiconductor company AMD is warning of a new set of vulnerabilities affecting a broad range of chipsets that could lead to information disclosure. The flaws, | Attack | The Hacker News |
| 10.7.25 | ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs | A high-severity security flaw has been disclosed in ServiceNow's platform that, if successfully exploited, could result in data exposure and exfiltration. The | Vulnerebility | The Hacker News |
| 10.7.25 | Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets | The Initial Access Broker (IAB) known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized | Exploit | The Hacker News |
| 10.7.25 | DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware | A threat actor with suspected ties to India has been observed targeting a European foreign affairs ministry with malware capable of harvesting sensitive data from | APT | The Hacker News |
| 9.7.25 | U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme | The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for | APT | The Hacker News |
| 9.7.25 | Chinese Hacker Xu Zewei Arrested for Ties to Silk Typhoon Group and U.S. Cyber Attacks | A Chinese national has been arrested in Milan, Italy, for his alleged links to a state-sponsored hacking group known as Silk Typhoon and for carrying out cyber attacks | APT | The Hacker News |
| 9.7.25 | Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server | For the first time in 2025, Microsoft's Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but the company acknowledged one of the | Vulnerebility | The Hacker News |
| 9.7.25 | Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware | In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming | Virus | The Hacker News |
| 9.7.25 | Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play | Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using | Virus | The Hacker News |
| 8.7.25 | Malicious Pull Request Infects 6,000+ Developers via Vulnerable Ethcode VS Code Extension | Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a | Virus | The Hacker News |
| 8.7.25 | RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks | Cybersecurity researchers are calling attention to a malware campaign that's targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers | BotNet | The Hacker News |
| 8.7.25 | Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms | Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia. The activity, | Virus | The Hacker News |
| 8.7.25 | CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, citing | Exploit | The Hacker News |
| 8.7.25 | SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools | Cybersecurity researchers have disclosed a malicious campaign that leverages search engine optimization ( SEO ) poisoning techniques to deliver a known | Virus | The Hacker News |
| 8.7.25 | TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors | A hacking group with ties other than Pakistan has been found targeting Indian government organizations with a modified variant of a remote access trojan (RAT) | Virus | The Hacker News |
| 6.7.25 | Ingram Micro outage caused by SafePay ransomware attack | An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned. | Ransom | |
| 6.7.25 | Ingram Micro suffers global outage as internal systems inaccessible | IT giant Ingram Micro is experiencing a global outage that is impacting its websites and internal systems, with customers concerned that it may be a cyberattack after the company remains silent on the cause of the issues. | Incindent | |
| 6.7.25 | Hacker leaks Telefónica data allegedly stolen in a new breach | A hacker is threatening to leak 106GB of data allegedly stolen from Spanish telecommunications company Telefónica in a breach that the company did not acknowledge. | Incindent | BleepingComputer |
| 6.7.25 | Police dismantles investment fraud ring stealing €10 million | The Spanish police have dismantled a large-scale investment fraud operation based in the country, which has caused cumulative damages exceeding €10 million ($11.8M). | CyberCrime | |
| 6.7.25 | Grafana releases critical security update for Image Renderer plugin | Grafana Labs has addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent. | Vulnerebility | |
| 5.7.25 | IdeaLab confirms data stolen in ransomware attack last year | IdeaLab is notifying individuals impacted by a data breach incident last October when hackers accessed sensitive information. | Ransom | BleepingComputer |
| 5.7.25 | Microsoft investigates ongoing SharePoint Online access issues | Microsoft is investigating an ongoing incident causing intermittent issues for users attempting to access SharePoint Online sites. | OS | |
| 5.7.25 | Microsoft: Exchange Server Subscription Edition now available | Microsoft has announced that the Exchange Server Subscription Edition (SE) is now available to all customers of its enterprise email service. | OS | |
| 5.7.25 | Hunters International ransomware shuts down, releases free decryptors | The Hunters International Ransomware-as-a-Service (RaaS) operation announced today that it has officially closed down its operations and will offer free decryptors to help victims recover their data without paying a ransom. | Ransom | BleepingComputer |
| 5.7.25 | Microsoft asks users to ignore Windows Firewall config errors | Microsoft asked customers this week to disregard incorrect Windows Firewall errors that appear after rebooting their systems following the installation of the June 2025 preview update. | OS | BleepingComputer |
| 5.7.25 | NimDoor crypto-theft macOS malware revives itself when killed | NimDoor crypto-theft macOS malware revives itself when killed | Virus | BleepingComputer |
| 5.7.25 | DOJ investigates ex-ransomware negotiator over extortion kickbacks | An ex-ransomware negotiator is under criminal investigation by the Department of Justice for allegedly working with ransomware gangs to profit from extortion payment deals. | Ransom | |
| 5.7.25 | Spain arrests hackers who targeted politicians and journalists | The Spanish police have arrested two individuals in the province of Las Palmas for their alleged involvement in cybercriminal activity, including data theft from the country's government. | CyberCrime | |
| 5.7.25 | Cisco warns that Unified CM has hardcoded root SSH credentials | Cisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices with root privileges. | Hack | BleepingComputer |
| 5.7.25 | Citrix warns of login issues after NetScaler auth bypass patch | Citrix warns that patching recently disclosed vulnerabilities that can be exploited to bypass authentication and launch denial-of-service attacks may also break login pages on NetScaler ADC and Gateway appliances. | Vulnerebility | |
| 5.7.25 | Forminator plugin flaw exposes WordPress sites to takeover attacks | The Forminator plugin for WordPress is vulnerable to an unauthenticated arbitrary file deletion flaw that could enable full site takeover attacks. | Vulnerebility | |
| 5.7.25 | NSB Alerts the Significant Cybersecurity Risks in China-Made Mobile Applications | In recent years, the international community has shown growing concerns over cybersecurity issues deriving from China-developed mobile applications (apps). | BigBrother blog | nsb.gov.tw |
| 5.7.25 | Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open | During routine monitoring, the Wiz Research Team observed an exploitation attempt targeting one of our honeypot servers running TeamCity, a popular CI/CD tool. | Exploit blog | WIZ |
| 5.7.25 | Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties | Taiwan's National Security Bureau (NSB) has warned that China-developed applications like RedNote (aka Xiaohongshu), Weibo, TikTok, WeChat, and Baidu | Social | The Hacker News |
| 5.7.25 | Alert: Exposed JDWP Interfaces Lead to Crypto Mining, Hpingbot Targets SSH for DDoS | Threat actors are weaponizing exposed Java Debug Wire Protocol ( JDWP ) interfaces to obtain code execution capabilities and deploy cryptocurrency miners | Cryptocurrency | The Hacker News |
| 5.7.25 | NightEagle APT Exploits Microsoft Exchange Flaw to Target China's Military and Tech Sectors | Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been observed targeting Microsoft | APT | The Hacker News |
| 5.7.25 | Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros | Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local | Vulnerebility | The Hacker News |
| 5.7.25 | Microsoft fixes ‘Print to PDF’ feature broken by Windows update | Microsoft has fixed a known bug that breaks the 'Print to PDF' feature on Windows 11 24H2 systems after installing the April 2025 preview update. | OS | BleepingComputer |
| 5.7.25 | Dozens of fake wallet add-ons flood Firefox store to drain crypto | More than 40 fake extensions in Firefox's official add-ons store are impersonating popular cryptocurrency wallets from trusted providers to steal wallet credentials and sensitive data. | Cryptocurrency | |
| 5.7.25 | Microsoft: DNS issue blocks delivery of Exchange Online OTP codes | Microsoft is working to fix a DNS misconfiguration that is causing one-time passcode (OTP) message delivery failures in Exchange Online for some users. | Security | |
| 5.7.25 | Qantas discloses cyberattack amid Scattered Spider aviation breaches | Australian airline Qantas disclosed that it detected a cyberattack on Monday after threat actors gained access to a third-party platform containing customer data. | Incindent | BleepingComputer |
| 5.7.25 | AT&T rolls out "Wireless Lock" feature to block SIM swap attacks | AT&T has launched a new security feature called "Wireless Lock" that protects customers from SIM swapping attacks by preventing changes to their account information and the porting of phone numbers while the feature is enabled. | Mobil | BleepingComputer |
| 5.7.25 | Microsoft open-sources VS Code Copilot Chat extension on GitHub | Microsoft has released the source code for the GitHub Copilot Chat extension for VS Code under the MIT license. | Security | BleepingComputer |
| 5.7.25 | Kelly Benefits says 2024 data breach impacts 550,000 customers | Kelly & Associates Insurance Group (dba Kelly Benefits) is informing more than half a million people of a data breach that compromised their personal information. | Incindent | |
| 5.7.25 | Aeza Group sanctioned for hosting ransomware, infostealer servers | The U.S. Department of the Treasury has sanctioned Russian hosting company Aeza Group and four operators for allegedly acting as a bulletproof hosting company for ransomware gangs, infostealer operations, darknet drug markets, and Russian disinformation campaigns. | Ransom | |
| 5.7.25 | New FileFix attack runs JScript while bypassing Windows MoTW alerts | A new FileFix attack allows executing malicious scripts while bypassing the Mark of the Web (MoTW) protection in Windows by exploiting how browsers handle saved HTML webpages. | Virus | |
| 5.7.25 | International Criminal Court hit by new 'sophisticated' cyberattack | On Monday, the International Criminal Court (ICC) announced that it's investigating a new "sophisticated" cyberattack that targeted its systems last week. | CyberCrime | |
| 5.7.25 | US disrupts North Korean IT worker "laptop farm" scheme in 16 states | The U.S. Department of Justice (DoJ) announced coordinated law enforcement actions against North Korean government's fund raising operations using remote IT workers. | APT | |
| 5.7.25 | Esse Health says recent data breach affects over 263,000 patients | Esse Health, a healthcare provider based in St. Louis, Missouri, is notifying over 263,000 patients that their personal and health information was stolen in an April cyberattack. | Incindent | |
| 5.7.25 | Johnson Controls starts notifying people affected by 2023 breach | Building automation giant Johnson Controls is notifying individuals whose data was stolen in a massive ransomware attack that impacted the company's operations worldwide in September 2023. | Incindent | |
| 5.7.25 | RondoDox Unveiled: Breaking Down a New Botnet Threat | FortiGuard Labs analyzes RondoDox, a stealthy new botnet targeting TBK DVRs and Four-Faith routers via CVE-2024-3721 and CVE-2024-12856. Learn how it evades detection, establishes persistence, and mimics gaming and VPN traffic to launch DDoS attacks. | BotNet blog | FOTINET |
| 5.7.25 | DCRAT Impersonating the Colombian Government | Threat actor impersonates Colombian government to deliver DCRAT via phishing email, using obfuscation, steganography, and PowerShell payload chains. | Malware blog | FOTINET |
| 5.7.25 | Numerous Western Companies May Still Need to Ban FUNNULL Admin Accounts to Comply with U.S. Treasury Sanctions | Silent Push Threat Analysts have been mapping the scope of the FUNNULL content delivery network (CDN) and its use of Infrastructure Laundering to hide its infrastructure among major Western cloud providers, such as Amazon and Microsoft, burdening defenders to remain constantly alert to respond and block its accounts. We labeled the threat actor network, “Triad Nexus.” | Cyber blog | Silent Push |
| 5.7.25 | Silent Push Uncovers Chinese Fake Marketplace e-Commerce Phishing Campaign Using Thousands of Websites to Spoof Popular Retail Brands | Silent Push Threat Analysts followed a tip from Mexican journalist Ignacio Gómez Villaseñor about a threat actor targeting “Hot Sale 2025,” an annual sales event similar to “Black Friday” in the U.S. | Phishing blog | Silent Push |
| 5.7.25 | Top Ransomware Groups June 2025: Qilin Reclaims Top Spot | A look at the top ransomware groups, incidents and developments in June 2025. | Ransom blog | Cyble |
| 5.7.25 | The Week in Vulnerabilities: High-Risk IT and ICS Flaws Flagged by Cyble | Cyble threat intelligence researchers identified several high-risk IT and ICS flaws this week, including some under active exploitation. | Vulnerebility blog | Cyble |
| 5.7.25 | Phishing Attack : Deploying Malware on Indian Defense BOSS Linux | Executive Summary CYFIRMA has identified a sophisticated cyber-espionage campaign orchestrated by APT36 (also known as Transparent Tribe), a threat actor based in Pakistan. | Phishing blog | Cyfirma |
| 5.7.25 | EXECUTIVE THREAT LANDSCAPE REPORT AUSTRALIA | Why Cyber Threat Actors Target Australia?Why Cyber Threat Actors Target Australia?Why Cyber Threat Actors Target Australia?Why Cyber Threat Actors Target Australia?Why Cyber | Cyber blog | Cyfirma |
| 5.7.25 | Fortnightly Vulnerability Summary | Fortnightly Vulnerability Summary CHECK OUT THESE FAST FACTS ON FORTNIGHTLY OBSERVED VULNERABILITIES. Fortnight's Most Impacted Products D-Link | Teamcity | Netbox Fortnightly | Vulnerebility blog | Cyfirma |
| 5.7.25 | Eclypsium Releases Tools for Detecting AMI MegaRAC BMC Vulnerabilities | An attacker armed with the latest knowledge of BMC vulnerabilities and exploits is poised to take control of your server(s). Given that one of these vulnerabilities, CVE-2024-54085, was recently added to the CISA KEV, we now know exploitation is happening in the wild. Organizations must inventory IT assets and then determine if a given vulnerability is present. | Vulnerebility blog | Eclypsium |
| 5.7.25 | AI Dilemma: Emerging Tech as Cyber Risk Escalates | As AI adoption accelerates, businesses face mounting cyber threats—and urgent choices about secure implementation | AI blog | Trend Micro |
| 5.7.25 | DBatLoader Reloaded: Dual Injection and Resilience | The SonicWall Capture Labs threat research team has observed the latest variant of DBatLoader performing a dual injection of Remcos RAT, utilizing two distinct injection techniques. The malware is mainly known for delivering Remcos RAT, but also delivers other malware. | Malware blog | SonicWall |
| 5.7.25 | Pay2Key: First Ransomware Utilizing I2P Network Instead of Tor | Pay2Key first emerged in late 2020 and primarily targeted Israeli businesses. It gained attention for its alleged links to Iranian threat actors. Today’s sample, however, is an obvious pivot to a ransomware-as-a-service model, welcoming even the most novice users. What sets it apart is its use of I2P, an anonymous network similar to Tor. | Ransom blog | SonicWall |
| 5.7.25 | Windows Shortcut (LNK) Malware Strategies | Attackers are increasingly exploiting Windows shortcut (LNK) files for malware delivery. Our telemetry revealed 21,098 malicious LNK samples in 2023, which surged to 68,392 in 2024. In this article, we present an in-depth investigation of LNK malware, based on analysis of 30,000 recent samples. | Malware blog | Palo Alto |
| 5.7.25 | Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack | In March 2025, Apache disclosed CVE-2025-24813, a vulnerability impacting Apache Tomcat. This is a widely used platform that allows Apache web servers to run Java-based web applications. The flaw allows remote code execution, affecting Apache Tomcat versions 9.0.0.M1 to 9.0.98, 10.1.0-M1 to 10.1.34 and 11.0.0-M1 to 11.0.2. | Vulnerebility blog | Palo Alto |
| 5.7.25 | A message from Bruce the mechanical shark | This Fourth of July, Bruce, the 25-foot mechanical shark from Jaws, shares how his saltwater struggles mirror the need for real-world cybersecurity stress testing. | Cyber blog | CISCO TALOS |
| 5.7.25 | How to get into cybersecurity | Unlocked 403 cybersecurity podcast (S2E3) | Cracking the code of cybersecurity careers starts here. What skills and mindset can set you apart? Hear from ESET's Robert Lipovsky as he reveals how to thrive in this fast-paced field. | Cyber blog | Eset |
| 5.7.25 | Task scams: Why you should never pay to get paid | Spam blog | Eset | |
| 5.7.25 | How government cyber cuts will affect you and your business | Deep cuts in cybersecurity spending risk creating ripple effects that will put many organizations at a higher risk of falling victim to cyberattacks | Cyber blog | Eset |
| 5.7.25 | Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset | ESET Research analyzes Gamaredon’s updated cyberespionage toolset, new stealth-focused techniques, and aggressive spearphishing operations observed throughout | Phishing blog | Eset |
| 5.7.25 | Automagic Reverse Engineering | Overall, the required time to analyze a binary goes down with this approach, as a lot of manual tasks have been automated. Being able to run these scripts headless allows you to integrate them into your workflow of choice, making the methodology as flexible as possible. | Vulnerebility blog | Trelix |
| 5.7.25 | The Bug Report - June 2025 Edition | Stay cool this summer with June 2025’s top 4 CVEs: RCEs, NTLM exploits, router worms & a Google supply chain flaw. Read now to patch fast and stay safe. | Vulnerebility blog | Trelix |
| 5.7.25 | The Democratization of Phishing: Popularity of PhaaS platforms on the rise | PhaaS platforms are democratizing sophisticated phishing attacks, making them cheaper, easier, and more effective for cybercriminals, with AI amplifying their scale. | Phishing blog | Trelix |
| 4.7.25 | June's Dark Gift: The Rise of Qwizzserial | Discovered by Group-IB in mid-2024, the Qwizzserial, which was initially not very active, began to spread strongly in Uzbekistan, masquerading as legitimate applications. The malware steals banking information and intercepts 2FA sms, transmitting it to fraudsters via Telegram bots. | Malware blog | GROUP-IB |
| 4.7.25 | How IAS is Fighting Back Against the Shape-Shifting Kaleidoscope Scheme | The IAS Threat Lab has uncovered a sophisticated new threat dubbed Kaleidoscope — a deceptive Android ad fraud operation that’s as dynamic as it is dangerous. This scheme hides behind seemingly legitimate apps available on Google Play, while malicious lookalike versions are quietly distributed through third-party app stores. | Cyber blog | INTERGRALANDS |
| 4.7.25 | Satori Threat Intelligence Alert: IconAds Conceals Source of Ad Fraud from Users | HUMAN’s Satori Threat Intelligence and Research Team has uncovered and disrupted an operation dubbed IconAds. This scheme centered on a collection of 352 apps which load out-of-context ads on a user’s screen and hide the app icons, making it difficult for a user to identify the culprit app and remove it. | Cyber blog | HUMANSECURITY |
| 4.7.25 | FoxyWallet: 40+ Malicious Firefox Extensions Exposed | A large-scale malicious campaign has been uncovered involving dozens of fake Firefox extensions designed to steal cryptocurrency wallet credentials. | Cryptocurrency blog | KOI SECURITY |
| 4.7.25 | Google Ordered to Pay $314M for Misusing Android Users' Cellular Data Without Permission | Google has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused Android device users' cellular data when they | Virus | The Hacker News |
| 4.7.25 | Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams | A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN. The identified apps | Virus | The Hacker News |
| 4.7.25 | Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets | Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting | Cryptocurrency | The Hacker News |
| 3.7.25 | Google fixes fourth actively exploited Chrome zero-day of 2025 | Google has released emergency updates to patch another Chrome zero-day vulnerability exploited in attacks, marking the fourth such flaw fixed since the start of the year. | Exploit | BleepingComputer |
| 3.7.25 | U.S. warns of Iranian cyber threats on critical infrastructure | U.S. cyber agencies, the FBI, and NSA issued an urgent warning today about potential cyberattacks from Iranian-affiliated hackers targeting U.S. critical infrastructure. | BigBrothers | |
| 3.7.25 | Germany asks Google, Apple to remove DeepSeek AI from app stores | The Berlin Commissioner for Data Protection has formally requested Google and Apple to remove the DeepSeek AI application from the application stores due to GDPR violations. | AI | |
| 3.7.25 | Microsoft Defender for Office 365 now blocks email bombing attacks | Microsoft says its Defender for Office 365 cloud-based email security suite will now automatically detect and block email bombing attacks. | Hack | BleepingComputer |
| 3.7.25 | Switzerland says government data stolen in ransomware attack | The government in Switzerland is informing that sensitive information from various federal offices has been impacted by a ransomware attack at the third-party organization Radix. | Ransom | BleepingComputer |
| 3.7.25 | Hikvision Canada ordered to cease operations over security risks | The Canadian government has ordered Hikvision's subsidiary in the country to cease all operations following a review that determined them to pose a national security risk. | BigBrothers | BleepingComputer |
| 3.7.25 | Microsoft warns of Windows update delays due to wrong timestamp | Microsoft has confirmed a new known issue causing delivery delays for June 2025 Windows security updates due to an incorrect metadata timestamp. | OS | |
| 3.7.25 | Europol helps disrupt $540 million crypto investment fraud ring | Spanish authorities have arrested five individuals in Madrid and the Canary Islands, suspected of laundering $540 million (€460 million) from illegal cryptocurrency investment schemes and defrauding more than 5,000 victims. | CyberCrime | |
| 3.7.25 | FBI: Cybercriminals steal health data posing as fraud investigators | The Federal Bureau of Investigation (FBI) has warned Americans of cybercriminals impersonating health fraud investigators to steal their sensitive information. | CyberCrime | |
| 3.7.25 | Over 1,200 Citrix servers unpatched against critical auth bypass flaw | Over 1,200 Citrix NetScaler ADC and NetScaler Gateway appliances exposed online are unpatched against a critical vulnerability believed to be actively exploited, allowing threat actors to bypass authentication by hijacking user sessions. | Vulnerebility | |
| 3.7.25 | Further insights into Ivanti CSA 4.6 vulnerabilities exploitation | Between October 2024 and late January 2025, public reports described the exploitation of Ivanti CSA vulnerabilities which started Q4 2024. We share analysis results confirming a worldwide exploitation, that lead to Webshells deployments in September and October 2024. | Exploit blog | INSIDETHELAB |
| 3.7.25 | PDFs: Portable documents, or perfect deliveries for phish? | Cisco recently developed and released an update to its brand impersonation detection engine for emails. This new update enhances detection coverage and includes a wider range of brands that are delivered using PDF payloads (or attachments). | Phishing blog | CISCO TALOS |
| 3.7.25 | Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms | The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors | BigBrothers | The Hacker News |
| 3.7.25 | Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials | Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications | Vulnerebility | The Hacker News |
| 3.7.25 | North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign | Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming | Virus | The Hacker News |
| 3.7.25 | Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns | Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated | Phishing | The Hacker News |
| 2.7.25 | U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware | The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH) service provider | Ransom | The Hacker News |
| 2.7.25 | Okta observes v0 AI tool used to build phishing sites | Okta Threat Intelligence has observed threat actors abusing v0, a breakthrough Generative Artificial Intelligence (GenAI) tool created by Vercelopens in a new tab, to develop phishing sites that impersonate legitimate sign-in webpages. | AI blog | OKTA |
| 2.7.25 | 10 Things I Hate About Attribution: RomCom vs. TransferLoader | Most of the time, delineating activities from distinct clusters and separating cybercrime from espionage can be done based on differing tactics, techniques, and procedures (TTPs), tooling, volume/scale, and targeting. | Malware blog | PROOFPOINT |
| 2.7.25 | Vercel's v0 AI Tool Weaponized by Cybercriminals to Rapidly Create Fake Login Pages at Scale | Unknown threat actors have been observed weaponizing v0 , a generative artificial intelligence (AI) tool from Vercel, to design fake sign-in pages that impersonate | AI | The Hacker News |
| 2.7.25 | Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits | Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic's Model Context Protocol ( MCP ) Inspector | Vulnerebility | The Hacker News |
| 2.7.25 | TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns | Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a | APT | The Hacker News |
| 1.7.25 | Can You Trust that Verified Symbol? Exploiting IDE Extensions is Easier Than it Should Be | OX Security researchers uncover how easy it is for malicious extensions to bypass trust checks and execute code on developer machines. | Exploit blog | OX SECURITY |
| 1.7.25 | New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status | A new study of integrated development environments (IDEs) like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in | Vulnerebility | The Hacker News |
| 1.7.25 | Google Patches Critical Zero-Day Flaw in Chrome's V8 Engine After Active Exploitation | Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as | Exploit | The Hacker News |
| 1.7.25 | U.S. Arrests Facilitator in North Korean IT Worker Scheme; Seizes 29 Domains and Raids 21 Laptop Farms | The U.S. Department of Justice (DoJ) on Monday announced sweeping actions targeting the North Korean information technology (IT) worker scheme, leading to | BigBrothers | The Hacker News |
| 1.7.25 | Microsoft Removes Password Management from Authenticator App Starting August 2025 | Microsoft has said that it's ending support for passwords in its Authenticator app starting August 1, 2025. Microsoft's move is part of a much larger shift away from | Security | The Hacker News |
| 1.7.25 | Patch and Persist: Darktrace’s Detection of Blind Eagle (APT-C-36) | Since 2018, Blind Eagle has targeted Latin American organizations using phishing and RATs. Darktrace detected Blind Eagle activity on a customer network involving C2 connectivity, malicious payload downloads and data exfiltration. | APT blog | DARKTRACE |
| 1.7.25 | Tracing Blind Eagle to Proton66 | Trustwave SpiderLabs has assessed with high confidence that the threat group Blind Eagle, aka APT-C-36, is associated with the Russian bulletproof hosting service provider Proton66. | APT blog | SPIDERLABS BLOG |
| 1.7.25 | U.S. Agencies Warn of Rising Iranian Cyberattacks on Defense, OT Networks, and Critical Infrastructure | U.S. cybersecurity and intelligence agencies have issued a joint advisory warning of potential cyber-attacks from Iranian state-sponsored or affiliated threat actors. | APT | The Hacker News |
| 1.7.25 | Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects | Europol on Monday announced the takedown of a cryptocurrency investment fraud ring that laundered €460 million ($540 million) from more than 5,000 victims across | CyberCrime | The Hacker News |
| 1.7.25 | Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks | The threat actor known as Blind Eagle has been attributed with high confidence to the use of the Russian bulletproof hosting service Proton66 . Trustwave SpiderLabs, | Virus | The Hacker News |