AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog
2025 January(29) February(72) March(67) April(108) May(118) June(159) July(143) August(131) September(170) October(145) November(166) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 7.12.25 | Cloudflare's 2025 Q3 DDoS threat report -- including Aisuru, the apex of botnets | Welcome to the 23rd edition of Cloudflare’s Quarterly DDoS Threat Report. This report offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the third quarter of 2025. | Attack blog | CLOUDFARE |
| 7.12.25 | Smile, You’re on Camera: A Live Stream from Inside Lazarus Group’s IT Workers Scheme | his work is a collaboration between Mauro Eldritch from BCA LTD, a company dedicated to threat intelligence and hunting, Heiner García from NorthScan, a threat intelligence initiative uncovering North Korean IT worker infiltration, and ANY.RUN, the leading company in malware analysis and threat intelligence. | APT blog | ANYRUN |
| 7.12.25 | Analysing a malvertising attack targeting business Google accounts intercepted by Push | Our browser-based security platform recently intercepted a malvertising attack against Push customers. This attack was notable in that it used malvertising via Google Search as the delivery vector, circumventing email-based security controls. Here’s our breakdown. | Malware blog | PUSHSECURITY |
| 7.12.25 | Uncovering a Calendly-themed phishing campaign targeting business ad manager accounts | We recently investigated a large-scale phishing campaign that demonstrated a number of advanced detection evasion techniques and social engineering tactics, specifically targeting accounts used to manage business ads. Here’s what you need to know. | Phishing blog | PUSHSECURITY |
|
6.12.25 |
|
Updates include novel abuse of recruitment platforms, modified infection chains, and expansion into a hybrid operation that combines data theft and ransomware deployment |
||
|
6.12.25 |
In early 2025, Volexity published two blog posts detailing a new trend among Russian threat actors targeting organizations through the abuse of Microsoft 365 OAuth and Device Code authentication workflows to |
|||
|
6.12.25 |
FortiGuard Labs uncovers UDPGangster campaigns linked to MuddyWater, using macro-laden phishing lures, evasion techniques, and UDP backdoors to target multiple countries |
|||
|
6.12.25 |
FortiGuard Labs discovered new Symbiote and BPFDoor variants exploiting eBPF filters to enhance stealth through IPv6 support, UDP traffic, and dynamic port hopping for covert C2 communication. |
|||
|
6.12.25 |
|
Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate unimpeded. A prominent name continues to surface in the world of mercenary spyware, Intellexa. Known for its “Predator” spyware, the company was sanctioned by the US Government. New Google Threat Intelligence Group (GTIG) analysis shows that Intellexa is evading restrictions and thriving. |
||
|
6.12.25 |
|
Google Threat Intelligence Group's findings on adversarial misuse of AI, including Gemini and other non-Google tools. |
||
|
6.12.25 |
Australia’s National AI Plan sets a roadmap for innovation, safety, and workforce readiness, shaping the nation’s long-term approach to responsible AI adoption. |
|||
|
6.12.25 |
V3G4 Botnet Evolves: From DDoS to Covert Cryptomining |
CRIL has uncovered an active V3G4 campaign using a Mirai-derived botnet alongside a fileless, runtime-configured cryptominer. |
||
|
6.12.25 |
Ransomware and Supply Chain Attacks Neared Records in November |
Ransomware and supply chain attacks hit their second-highest levels ever in November, and the attack types are overlapping in concerning ways. |
||
|
6.12.25 |
South Africa Aligns Local Realities with Global Cybersecurity Standards |
South Africa shifts to a culturally informed, locally grounded cybersecurity strategy to combat rising threats and strengthen national digital resilience. |
||
|
6.12.25 |
Operation DupeHike : UNG0902 targets Russian employees with DUPERUNNER and AdaptixC2 |
Contents Introduction Key Targets. Industries Affected. Geographical Focus. Infection Chain. Initial Findings. Looking into the decoy-document Technical Analysis Stage 1 – Malicious LNK Script Stage 2 – DUPERUNNER Implant Stage 3 – AdaptixC2 Beacon. Infrastructural Artefacts. Conclusion SEQRITE Protection.... |
||
|
6.12.25 |
EXECUTIVE SUMMARY November 2025 witnessed a dynamic reshaping of the ransomware landscape, characterized by shifts in group activity and the evolution of attack |
|||
|
6.12.25 |
SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases |
EXECUTIVE SUMMARY At Cyfirma, we are committed to providing up-to-date insights into current threats and the tactics used by malicious actors targeting both organizations |
||
|
6.12.25 |
APT36 Python Based ELF Malware Targeting Indian Government Entities |
EXECUTIVE SUMMARY CYFIRMA has uncovered an active cyber-espionage campaign conducted by APT36 (Transparent Tribe), a Pakistan-based threat actor known for persistent |
||
|
6.12.25 |
Strengthening Telecom Security in a Voluntary Compliance Landscape |
The recent decision by the Federal Communications Commission to roll back cybersecurity rules for telecom companies, will reshape the regulatory landscape for U.S. telecom carriers. As of January 2025, telecom companies were required to complete annual attestations and structured risk-management plans. |
||
|
6.12.25 |
Unraveling Water Saci's New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp |
Through AI-driven code conversion and a layered infection chain involving different file formats and scripting languages, the threat actors behind Water Saci are quickly upgrading their malware delivery and propagation methods across WhatsApp in Brazil. |
||
|
6.12.25 |
Project View: A New Era of Prioritized and Actionable Cloud Security |
In today's cloud-first world, security teams face an overwhelming flood of alerts, fragmented visibility, and reactive workflows. The complexity of modern cloud environments—spanning multi-cloud deployments, ephemeral assets, and decentralized ownership—demands a new approach to risk management. |
||
|
6.12.25 |
Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know |
CVE-2025-55182 is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks (see the context section for a more exhaustive list of affected frameworks). |
||
|
6.12.25 |
This article examines the security implications of the Model Context Protocol (MCP) sampling feature in the context of a widely used coding copilot application. MCP is a standard for connecting large language model (LLM) applications to external data sources and tools. |
|||
|
6.12.25 |
The Browser Defense Playbook: Stopping the Attacks That Start on Your Screen |
Users can work from a wider range of locations and devices, accessing full “desktops” inside a browser tab. Organizations can manage apps and browser access easier than through localized desktop software. This all allows for greater central management, lower costs and better flexibility. |
||
|
6.12.25 |
Critical Vulnerabilities in React Server Components and Next.js |
On Dec. 3, 2025, researchers publicly disclosed critical remote code execution (RCE) vulnerabilities in the Flight protocol used by React Server Components (RSC). These vulnerabilities are tracked as CVE-2025-55182 (React) and CVE-2025-66478 (Next.js), which have been assigned a maximum severity rating of CVSS 10.0. |
||
|
6.12.25 |
CVE-2025-61260 — OpenAI Codex CLI: Command Injection via Project-Local Configuration |
OpenAI Codex CLI is OpenAI’s command-line tool that brings AI model-backed reasoning into developer workflows. It can read, edit, and run code directly from the terminal, making it possible to interact with projects using natural language commands, automate tasks, and streamline day-to-day development One of its key features is MCP (Model Context Protocol) – a standardized way to integrate external tools and services into the Codex environment, allowing developers to extend the CLI’s capabilities with custom functionality and automated workflows. |
||
|
6.12.25 |
Generative AI is rapidly transforming cybersecurity for both defenders and attackers. This blog highlights current uses, emerging threats, and the evolving landscape as capabilities advance. |
|||
|
6.12.25 |
Bill explores how our biggest mistakes can be the catalysts for growth that we need. This week’s newsletter promises stories, lessons, and a fresh perspective on failure. |
|||
|
6.12.25 |
Join Bill Largent as he shares his passion for learning, the connection between reading and empathy, and offers fresh insights for the next generation of security professionals. |
|||
|
6.12.25 |
Do robots dream of secure networking? Teaching cybersecurity to AI systems |
This blog demonstrates a proof of concept using LangChain and OpenAI, integrated with Cisco Umbrella API, to provide AI agents with real-time threat intelligence for evaluating domain dispositions. |
||
|
6.12.25 |
Socomec DIRIS Digiware M series and Easy Config, PDF XChange Editor vulnerabilities |
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed an out-of-bounds read vulnerability in PDF XChange Editor, and ten vulnerabilities in Socomec DIRIS Digiware M series and Easy Config products. The vulnerabilities mentioned in this blog post have been p |
||
|
6.12.25 |
Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture |
Identity is effectively the new network boundary. It must be protected at all costs. |
||
|
6.12.25 |
||||
|
6.12.25 |
Oversharing is not caring: What’s at stake if your employees post too much online |
|||
|
6.12.25 |
CVE-2025-55182: Critical Vulnerability, React2Shell, Allows for Unauthenticated RCE |
A critical vulnerability dubbed “React2Shell”, being tracked as CVE-2025-55182 with a CVSS score of 10.0, was recently discovered in React’s Server Components (RSC) that could allow for pre-authentication remote code execution |
||
|
6.12.25 |
Tracking RondoDox: Malware Exploiting Many IoT Vulnerabilities |
This month, we are looking into a relatively new threat actor who is attempting to distribute the RondoDox malware. It’s an interesting collection of residential IP addresses used for distribution, multi-platform malware, and shell scripts, along with intense targeting of IoT devices. |
||
|
6.12.25 |
In November 2025, security researchers at Cato Networks disclosed a novel indirect prompt injection technique they named ‘HashJack’. |
|||
|
6.12.25 |
The new security threat is speed. Learn why you must pause, verify, and secure your systems before deploying any AI-generated code. |