AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog
2025 January(29) February(72) March(67) April(108) May(118) June(159) July(143) August(131) September(61)
DATE |
NAME |
Info |
CATEG. |
WEB |
|
11.10.25 |
Block ransomware proliferation and easily restore files with AI in Google Drive | Ransomware remains one of the most damaging cyber threats facing organizations today. These attacks can lead to substantial financial losses, operational downtime, and data compromise, impacting organizations of all sizes and industries, including healthcare, retail, education, manufacturing, and government. | AI blog | Google Threat Intelligence |
|
11.10.25 |
Operations with Untamed LLMs | Starting in June 2025, Volexity detected a series of spear phishing campaigns targeting several customers and their users in North America, Asia, and Europe. The initially observed campaigns were tailored | AI blog | VOLEXITY |
|
11.10.25 |
New Stealit Campaign Abuses Node.js Single Executable Application | A new Stealit campaign uses Node.js Single Executable Application (SEA) to deliver obfuscated malware. FortiGuard Labs details tactics and defenses. | Malware blog | FORTINET |
|
11.10.25 |
The Evolution of Chaos Ransomware: Faster, Smarter, and More Dangerous | FortiGuard Labs details Chaos-C++, a ransomware variant using destructive encryption and clipboard hijacking to amplify damage and theft. | Ransom blog | FORTINET |
|
11.10.25 |
Beginning Sept. 29, 2025, Google Threat Intelligence Group (GTIG) and Mandiant began tracking a new, large-scale extortion campaign by a threat actor claiming affiliation with the CL0P extortion brand. | Vulnerebility blog | Google Threat Intelligence | |
|
11.10.25 |
Cyber Threats in the EU Escalate as Diverse Groups Target Critical Sectors | The 2025 ENISA Threat Landscape shows rising cyber threats in the EU, with DDoS, ransomware, phishing, and supply chain attacks on critical infrastructure. | Cyber blog | Cyble |
|
11.10.25 |
Australian Data Breaches Are Up 48% So Far This Year. What’s Behind The Eye-Popping Surge? | Australian data breaches have surged 48% so far this year, the latest data point that suggests that threat actors are finding rich targets Down Under. | Cyber blog | Cyble |
|
11.10.25 |
Cybersecurity Awareness Month 2025: Don’t Just Be Aware, Be Ahead | This Cybersecurity Awareness Month, it’s time to move beyond awareness. Organizations face AI-powered attacks, supply chain vulnerabilities, and brand threats that demand proactive defense strategies—not just reactive responses. | Cyber blog | Cyble |
|
11.10.25 |
DPRK SANCTIONS VIOLATIONS IN CYBER OPERATIONS POST UN PANEL DEMISE | EXECUTIVE SUMMARY Since the termination of the United Nations (UN) Panel of Experts in April 2024 due to Russia's veto, the landscape of Democratic People's Republic of Korea | BigBrother blog | Cyfirma |
|
11.10.25 |
CYBER THREAT LANDSCAPE REPORT – Saudi Arabia | Executive Summary In 2025, Saudi Arabia witnessed a notable rise in cybercriminal activity, particularly within the dark web landscape. Threat actors increasingly targeted key sectors, | Cyber blog | Cyfirma |
|
11.10.25 |
APT PROFILE – HAFNIUM | Hafnium is a Chinese state-sponsored advanced persistent threat (APT) group, also referred to as Silk Typhoon, and is known for sophisticated cyber espionage targeting critical | APT blog | Cyfirma |
|
11.10.25 |
CYBER THREAT LANDSCAPE REPORT – UNITED ARAB EMIRATES UAE | Executive Summary In 2025, the United Arab Emirates (UAE) experienced a significant surge in cybercriminal activity, particularly in the dark web ecosystem. Threat actors targeted | Cyber blog | Cyfirma |
|
11.10.25 |
TRACKING RANSOMWARE : SEPTEMBER 2025 | EXECUTIVE SUMMARY In September 2025, ransomware activity remained elevated, with 504 global victims, heavily impacting consumer services, professional services, and manufacturing | Ransom blog | Cyfirma |
|
11.10.25 |
Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability | Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035. | Vulnerebility blog | Microsoft blog |
|
11.10.25 |
Disrupting threats targeting Microsoft Teams | Threat actors seek to abuse Microsoft Teams features and capabilities across the attack chain, underscoring the importance for defenders to proactively monitor, detect, and respond effectively. | Cyber blog | Microsoft blog |
|
11.10.25 |
A Cascade of Insecure Architectures: Axis Plugin Design Flaw Expose Select Autodesk Revit Users to Supply Chain Risk | We discovered Azure Storage Account credentials exposed in Axis Communications’ Autodesk Revit plugin, allowing unauthorized modification of cloud-hosted files. This exposure, combined with vulnerabilities in Autodesk Revit, could enable supply-chain attacks targeting end users. | Vulnerebility blog | Trend Micro |
|
11.10.25 |
How Your AI Chatbot Can Become a Backdoor | In this post of THE AI BREACH, learn how your Chatbot can become a backdoor. | AI blog | Trend Micro |
|
11.10.25 |
Weaponized AI Assistants & Credential Thieves | Learn the state of AI and the NPM ecosystem with the recent s1ngularity' weaponized AI for credential theft. | AI blog | Trend Micro |
|
11.10.25 |
RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits | Trend™ Research and ZDI Threat Hunters have identified a large-scale RondoDox botnet campaign exploiting over 50 vulnerabilities across more than 30 vendors, including flaws first seen in Pwn2Own contests. | Exploit blog | Trend Micro |
|
11.10.25 |
Invoice Ninja Deserialization Flaw (CVE-2024-55555) | The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-55555, assessed its impact, and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
|
11.10.25 |
Responding to Cloud Incidents: A Step-by-Step Guide From the 2025 Unit 42 Global Incident Response Report | Cloud incidents like ransomware attacks and account compromise can bring operations to a halt and create a situation in which costs, reputation and customer trust are at stake. | Incident blog | Palo Alto |
|
11.10.25 |
The ClickFix Factory: First Exposure of IUAM ClickFix Generator | Attackers are packaging a highly effective social engineering technique known as ClickFix into easy-to-use phishing kits, making it accessible to a wider range of threat actors. | Hacking blog | Palo Alto |
|
11.10.25 |
When AI Remembers Too Much – Persistent Behaviors in Agents’ Memory | This article presents a proof of concept (PoC) that demonstrates how adversaries can use indirect prompt injection to silently poison the long-term memory of an AI Agent. We use Amazon Bedrock Agent for this demonstration. | AI blog | Palo Alto |
|
11.10.25 |
The Golden Scale: Bling Libra and the Evolving Extortion Economy | In recent months, threat actors claiming to be part of a new conglomerate dubbed Scattered Lapsus$ Hunters (aka SP1D3R HUNTERS, SLSH) have asserted responsibility for laying siege to customer Salesforce tenants as part of a coordinated effort to steal data and hold it for ransom. | Ransom blog | Palo Alto |
|
11.10.25 |
Velociraptor leveraged in ransomware attacks | Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool. | Ransom blog | CISCO TALOS |
|
11.10.25 |
Why don’t we sit around this computer console and have a sing-along? | Martin muses on why computers are less fun than campfires, why their dangers seem less real, and why he’s embarking on a lengthy research project to study this. | Cyber blog | CISCO TALOS |
|
11.10.25 |
What to do when you click on a suspicious link | As the go-to cybersecurity expert for your friends and family, you’ll want to be ready for those “I clicked a suspicious link — now what?” messages. Share this quick guide to help them know exactly what to do next. | Cyber blog | CISCO TALOS |
|
11.10.25 |
Too salty to handle: Exposing cases of CSS abuse for hidden text salting | A simple yet effective tactic, known as hidden text salting, is increasingly used by cybercriminals over the past few months to evade even the most advanced email security solutions, including those powered by machine learning and large language models. | Cyber blog | CISCO TALOS |
|
11.10.25 |
Family group chats: Your (very last) line of cyber defense | Amy gives an homage to parents in family group chats everywhere who want their children to stay safe in this wild world. | APT blog | CISCO TALOS |
|
11.10.25 |
UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud | Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in SEO fraud and theft of high-value credentials, configuration files, and certificate data. | APT blog | CISCO TALOS |
|
11.10.25 |
Nvidia and Adobe vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Nvidia and one in Adobe Acrobat. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerabili | Vulnerebility blog | CISCO TALOS |
|
11.10.25 |
How Uber seems to know where you are – even with restricted location permissions | Is the ride-hailing app secretly tracking you? Not really, but this iOS feature may make it feel that way. | Cyber blog | Eset |
|
11.10.25 |
Cybersecurity Awareness Month 2025: Passwords alone are not enough | Never rely on just a password, however strong it may be. Multi-factor authentication is essential for anyone who wants to protect their online accounts from intruders. | Cyber blog | Eset |
|
11.10.25 |
The case for cybersecurity: Why successful businesses are built on protection | Company leaders need to recognize the gravity of cyber risk, turn awareness into action, and put security front and center | Cyber blog | Eset |
|
11.10.25 |
Beware of threats lurking in booby-trapped PDF files | Looks can be deceiving, so much so that the familiar icon could mask malware designed to steal your data and money. | Cyber blog | Eset |
|
11.10.25 |
Addressing CL0P Extortion Campaign Targeting Oracle EBS CVE-2025-61882 | Addressing CL0P Extortion Campaign Targeting Oracle EBS CVE-2025-61882 | Vulnerebility blog | Cybereason |
|
11.10.25 |
The Bug Report – September 2025 Edition | September's Bug Report is here! Learn about critical CVEs affecting Chrome, Windows, Django, and FreePBX. Stay secure—patch now. | Vulnerebility blog | Trelix |
|
11.10.25 |
The Evolution of Russian Physical-Cyber Espionage | From Rio to The Hague: How Russia’s evolving close-access cyber ops raise new risks. Learn what’s next—and how defenders can respond. | APT blog | Trelix |
| 4.10.25 | Confucius Espionage: From Stealer to Backdoor | FortiGuard Labs has uncovered a shift in the tactics of threat actor Confucius, from stealers to Python backdoors, highlighting advanced techniques used in South Asian cyber espionage. Read more. | Malware blog | FORTINET |
| 4.10.25 | Protecting software-as-a-service (SaaS) platforms and applications requires a comprehensive security strategy. Drawing from analysis of UNC6040’s specific attack methodologies, this guide presents a structured defensive framework encompassing proactive hardening measures, comprehensive logging protocols, and advanced detection capabilities. | Cyber blog | Google Threat Intelligence | |
| 4.10.25 | The Week in Vulnerabilities: PoCs and Zero-Days Merit Rapid Patching | A high percentage of Proof-of-Concept exploits and new zero days this week should have security teams on high alert. | Vulnerebility blog | Cyble |
| 4.10.25 | The Week in Vulnerabilities: MFT, Help Desk Fixes Urged by Cyble | The week’s top vulnerabilities include several that could attract the attention of threat actors, and some that already have. | Vulnerebility blog | Cyble |
| 4.10.25 | Exploiting Legitimate Remote Access Tools in Ransomware Campaigns | Introduction Ransomware is one of the most disruptive cyber threats, encrypting critical organizational data and demanding ransom payments for restoration. While early campaigns relied on mass phishing or opportunistic malware distribution, modern ransomware operations have evolved into highly sophisticated | Exploit blog | Seqrite |
| 4.10.25 | TYPHOON IN THE FIFTH DOMAIN : CHINA’S EVOLVING CYBER STRATEGY | EXECUTIVE SUMMARY China’s cyber operations have evolved from economic espionage to strategic, politically driven campaigns that pose significant threats to Western critical | APT blog | Cyfirma |
| 4.10.25 | YUREI RANSOMWARE : THE DIGITAL GHOST | EXECUTIVE SUMMARY At CYFIRMA, we are committed to delivering timely insights into emerging cyber threats and the evolving tactics of cybercriminals targeting individuals and | Ransom blog | Cyfirma |
| 4.10.25 | Rising Cyber Threats to Bahrain: Hacktivists and Data Breaches | EXECUTIVE SUMMARY In this report, our researchers analyzed recent cyber activity targeting Bahrain, including politically motivated hacktivism, credential leaks, government email | BigBrother blog | Cyfirma |
| 4.10.25 | CYBER THREAT ASSESSMENT ON NIGERIA | EXECUTIVE SUMMARY Between January and September 2025, Nigeria experienced a surge in data breaches and cybercrime activities across banking, telecom, government, healthcare, | Cyber blog | Cyfirma |
| 4.10.25 | Cisco SNMP Vulnerability CVE-2025-20352 Exploited in the Wild | CVE-2025-20352 is a critical SNMP vulnerability in Cisco IOS and IOS XE software, which has been actively exploited in the wild (added to the CISA KEV on September 29th), resulting in reported attacks affecting up to 2 million devices globally. | Vulnerebility blog | Eclypsium |
| 4.10.25 | The Hunt for RedNovember: A Depth Charge Against Network Edge Devices | Network edge devices such as routers, switches, firewalls, VPNs, and access points are being targeted by waves of cyberattacks. | Cyber blog | Eclypsium |
| 4.10.25 | HybridPetya Ransomware Shows Why Firmware Security Can't Be an Afterthought | Like many in our field, I thought we’d seen the last of Petya-style attacks after the chaos of 2017. As it turns out, that was wishful thinking. | Ransom blog | Eclypsium |
| 4.10.25 | Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users | Trend™ Research has identified an active campaign spreading via WhatsApp through a ZIP file attachment. When executed, the malware establishes persistence and hijacks the compromised WhatsApp account to send copies of itself to the victim’s contacts. | Malware blog | Trend Micro |
| 4.10.25 | Deserialization Leads to Command Injection in GoAnywhere MFT: CVE-2025-10035 | The SonicWall Capture Labs threat research team has identified a critical command injection vulnerability in GoAnywhere MFT. Tracked as CVE-2025-10035, this flaw allows attackers with a forged license response signature to deserialize malicious objects, potentially compromising the entire network access control infrastructure. | Vulnerebility blog | SonicWall |
| 4.10.25 | Exploited in the Wild: DELMIA Apriso Insecure Deserialization (CVE-2025-5086) | The SonicWall Capture Labs threat research team became aware of a deserialization of untrusted data vulnerability in DELMIA Apriso, assessed its impact and developed mitigation measures. DELMIA Apriso, developed by Dassault Systèmes, is a Manufacturing Operations Management (MOM) software that helps manufacturers digitize and manage global production. | Exploit blog | SonicWall |
| 4.10.25 | TOTOLINK X6000R: Three New Vulnerabilities Uncovered | We have uncovered three vulnerabilities in the firmware of the TOTOLINK X6000R router, version V9.4.0cu.1360_B20241207, released on March 28, 2025: | Vulnerebility blog | Palo Alto |
| 4.10.25 | Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite | Phantom Taurus is a previously undocumented nation-state actor whose espionage operations align with People’s Republic of China (PRC) state interests. Over the past two and a half years, Unit 42 researchers have observed Phantom Taurus targeting government and telecommunications organizations across Africa, the Middle East, and Asia. | APT blog | Palo Alto |
| 4.10.25 | Rhadamanthys 0.9.x – walk through the updates | Rhadamanthys is a popular, multi-modular stealer, released in 2022. Since then, it has been used in multiple campaigns by various actors. Most recently, it is being observed in the ClickFix campaigns. | Malware blog | CHECKPOINT |
| 4.10.25 | UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud | Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in SEO fraud and theft of high-value credentials, configuration files, and certificate data. | Cyber blog | CISCO TALOS |
| 4.10.25 | Family group chats: Your (very last) line of cyber defense | Amy gives an homage to parents in family group chats everywhere who want their children to stay safe in this wild world. | Cyber blog | CISCO TALOS |
| 4.10.25 | What happens when you engage Cisco Talos Incident Response? | What happens when you bring in a team of cybersecurity responders? How do we turn chaos into control, and what is the long-term value that Talos IR provides to the organizations we work with? | Cyber blog | CISCO TALOS |
| 4.10.25 | Manufacturing under fire: Strengthening cyber-defenses amid surging threats | Manufacturers operate in one of the most unforgiving threat environments and face a unique set of pressures that make attacks particularly damaging | Cyber blog | Eset |
| 4.10.25 | New spyware campaigns target privacy-conscious Android users in the UAE | ESET researchers have discovered campaigns distributing spyware disguised as Android Signal and ToTok apps, targeting users in the United Arab Emirates | Social blog | Eset |
| 4.10.25 | Cybersecurity Awareness Month 2025: Knowledge is power | We're kicking off the month with a focus on the human element: the first line of defense, but also the path of least resistance for many cybercriminals | Cyber blog | Eset |
| 4.10.25 | This month in security with Tony Anscombe – September 2025 edition | The past 30 days have seen no shortage of new threats and incidents that brought into sharp relief the need for well-thought-out cyber-resilience plans | Cyber blog | Eset |
| 4.10.25 | XWorm V6: Exploring Pivotal Plugins | XWorm V6, a potent malware, has resurfaced with new plugins and persistence methods. Stay informed and enhance your defenses against evolving cyber threats. Protect your organization now! | Malware blog | Trelix |
| 27.9.25 | HeartCrypt’s wholesale impersonation effort | How the notorious Packer-as-a-Service operation built itself into a hydra | Malware blog | SOPHOS |
| 27.9.25 | GOLD SALEM’s Warlock operation joins busy ransomware landscape | The emerging group demonstrates competent tradecraft using a familiar ransomware playbook and hints of ingenuity | Ransom blog | SOPHOS |
| 27.9.25 | SVG Phishing hits Ukraine with Amatera Stealer, PureMiner | A phishing campaign in Ukraine uses malicious SVG files to drop Amatera Stealer and PureMiner, enabling data theft and cryptomining. Learn more. | Phishing blog | FORTINET |
| 27.9.25 | CountLoader: Silent Push Discovers New Malware Loader Being Served in 3 Different Versions | Silent Push has discovered a new malware loader that is strongly associated with Russian ransomware gangs that we are naming: “CountLoader.” | Malware blog | Silent Push |
| 27.9.25 | Google Threat Intelligence Group (GTIG) is tracking BRICKSTORM malware activity, which is being used to maintain persistent access to victim organizations in the United States. | Malware blog | Google Threat Intelligence | |
| 27.9.25 | Iranian Threat Actor Nimbus Manticore Expands Campaigns into Europe with Advanced Malware and Fake Job Lures | Check Point Research is actively tracking Iranian threat actor Nimbus Manticore. Our latest findings show it is expanding operations into Europe and now targeting the defense, telecom, and aerospace sectors. | APT blog | CHECKPOINT |
| 27.9.25 | Australia Ransomware Landscape 2025: Rich Targets Attract Ransomware Groups | Australia’s high per-capita GDP has led to an outsized number of ransomware attacks. Here are the numbers – and 10 major attacks that hit the ANZ region. | Ransom blog | Cyble |
| 27.9.25 | Cyble Honeypots Detect Exploit Attempts of Nearly Two Dozen Vulnerabilities | Recent Cyble reports have detailed dozens of vulnerabilities under active attack by threat actors and ransomware groups. | Vulnerebility blog | Cyble |
| 27.9.25 | Australia Urges Immediate Action on Post-Quantum Cryptography as CRQC Threat Looms | ACSC urges early action as CRQC threatens current encryption. Organizations must adopt post-quantum cryptography by 2030 to protect critical data. | Cyber blog | Cyble |
| 27.9.25 | Countdown to DPDP Rules: What to Expect from the Final DPDP Rules | The wait is almost over. The final Digital Personal Data Protection (DPDP) Rules are just days away, marking the next big step after the enactment of the DPDPA in 2023. With only a few days left, organizations must gear... | Cyber blog | Seqrite |
| 27.9.25 | Why Regional and Cooperative Banks Can No Longer Rely on Legacy VPNs | Virtual Private Networks (VPNs) have been the go-to solution for securing remote access to banking systems for decades. They created encrypted tunnels for employees, vendors, and auditors to connect with core banking applications. But as cyber threats become more... | Cyber blog | Seqrite |
| 27.9.25 | CYBER THREAT LANDSCAPE- SOUTH AFRICA | Executive Summary South Africa’s cyber threat landscape has intensified sharply in 2025, reflecting the country’s position as Africa’s most digitally integrated economy and a prime targe | Cyber blog | Cyfirma |
| 27.9.25 | Investigation Report on Jaguar Land Rover Cyberattack | Executive Summary CYFIRMA analyzed the September 2, 2025, Jaguar Land Rover (JLR) cyber incident, which caused widespread disruption by shutting down global IT systems and | Incident blog | Cyfirma |
| 27.9.25 | Qatar Threat Landscape Report | Executive Summary In this report, our researchers analysed recent cyber activity targeting Qatar, including data leaks, the sale of initial access, and ransomware incidents. We explain | Cyber blog | Cyfirma |
| 27.9.25 | From MUSE to Manual: Cyberattack Analysis on European Airport Operations | Executive Summary On 19 September 2025, multiple major European airports, including London Heathrow (LHR), Brussels (BRU), and Berlin Brandenburg (BER), experienced severe | Cyber blog | Cyfirma |
| 27.9.25 | Eclypsium Acknowledged for the Firmware Protection as A Service Category in two Gartner® Hype Cycle™ R | Firmware protection is gaining increased urgency as cyberattackers from ransomware gangs to nation state APTs target firmware vulnerabilities to maintain persistence in target environments. Eclypsium has been mentioned as a sample vendor in two Gartner Hype Cycles in 2025 under the Firmware Protection as a Service product category. | APT blog | Eclypsium |
| 27.9.25 | HybridPetya Ransomware Shows Why Firmware Security Can't Be an Afterthought | Like many in our field, I thought we’d seen the last of Petya-style attacks after the chaos of 2017. | Ransom blog | Eclypsium |
| 27.9.25 | XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory | Microsoft Threat Intelligence has uncovered a new variant of the XCSSET malware, which is designed to infect Xcode projects, typically used by software developers building Apple or macOS-related applications. | Malware blog | Microsoft blog |
| 27.9.25 | AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks | Trend™ Research’s analysis of Wondershare RepairIt reveals how the AI-driven app exposed sensitive user data due to unsecure cloud storage practices and hardcoded credentials, creating risks of model tampering and supply chain attacks. | AI blog | Trend Micro |
| 27.9.25 | Domino Effect: How One Vendor's AI App Breach Toppled Giants | A single AI chatbot breach at Salesloft-Drift exposed data from 700+ companies, including security leaders. The attack shows how AI integrations expand risk, and why controls like IP allow-listing, token security, and monitoring are critical. | AI blog | Trend Micro |
| 27.9.25 | This Is How Your LLM Gets Compromised | Poisoned data. Malicious LoRAs. Trojan model files. AI attacks are stealthier than ever—often invisible until it’s too late. Here’s how to catch them before they catch you. | AI blog | Trend Micro |
| 27.9.25 | New LockBit 5.0 Targets Windows, Linux, ESXi | Trend™ Research analyzed source binaries from the latest activity from notorious LockBit ransomware with their 5.0 version that exhibits advanced obfuscation, anti-analysis techniques, and seamless cross-platform capabilities for Windows, Linux, and ESXi systems. | Ransom blog | Trend Micro |
| 27.9.25 | CNAPP is the Solution to Multi-cloud Flexibility | Cloud-native application protection platform (CNAPP) not only helps organizations protect, but offers the flexibility of multi-cloud. | Cyber blog | Trend Micro |
| 27.9.25 | Decrypting Gremlin: A Deep Dive Into The Info Stealer's Data Harvesting Engine | The SonicWall Capture Labs threat research team has recently been tracking the latest variants of Gremlin malware, a sophisticated .NET-based information stealer designed for comprehensive data exfiltration from infected Windows systems. | Malware blog | SonicWall |
| 27.9.25 | Exploited in the Wild: DELMIA Apriso Insecure Deserialization (CVE-2025-5086) | The SonicWall Capture Labs threat research team became aware of a deserialization of untrusted data vulnerability in DELMIA Apriso, assessed its impact and developed mitigation measures. | Vulnerebility blog | SonicWall |
| 27.9.25 | Nimbus Manticore Deploys New Malware Targeting Europe | Check Point Research is tracking a long‑running campaign by the Iranian threat actor Nimbus Manticore, which overlaps with UNC1549, Smoke Sandstorm, and the “Iranian Dream Job” operations. The ongoing campaign targets defense manufacturing, telecommunications, and aviation that are aligned with IRGC strategic priorities. | APT blog | Checkpoint |
| 27.9.25 | How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking | Talos discovered that a new PlugX variant’s features overlap with both the RainyDay and Turian backdoors | Malware blog | CISCO TALOS |
| 27.9.25 | Great Scott, I’m tired | Hazel celebrates unseen effort in cybersecurity and shares some PII. Completely unrelated, but did you know “Back to the Future” turns 40 this year? | Cyber blog | CISCO TALOS |
| 27.9.25 | What happens when you engage Cisco Talos Incident Response? | What happens when you bring in a team of cybersecurity responders? How do we turn chaos into control, and what is the long-term value that Talos IR provides to the organizations we work with? | Cyber blog | CISCO TALOS |
| 27.9.25 | ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices | Cisco is aware of new activity targeting certain Cisco Adaptive Security Appliances (ASA) 5500-X Series and has released three CVEs related to the event. We assess with high confidence this activity is related to same threat actor as ArcaneDoor in 2024. | Malware blog | CISCO TALOS |
| 27.9.25 | Put together an IR playbook — for your personal mental health and wellbeing | This edition pulls the curtain aside to show the realities of the VPN Filter campaign. Joe reflects on the struggle to prevent burnout in a world constantly on fire. | Cyber blog | CISCO TALOS |
| 27.9.25 | Alex Ryan: From zero chill to quiet confidence | Discover how a Cisco Talos Incident Response expert transitioned from philosophy to the high-stakes world of incident command, offering candid insights into managing burnout and finding a supportive team. | Cyber blog | CISCO TALOS |
| 27.9.25 | Roblox executors: It’s all fun and games until someone gets hacked | You could be getting more than you bargained for when you download that cheat tool promising quick wins | Cyber blog | Eset |
| 27.9.25 | DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception | Malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers | AI blog | Eset |
| 27.9.25 | Watch out for SVG files booby-trapped with malware | What you see is not always what you get as cybercriminals increasingly weaponize SVG files as delivery vectors for stealthy malware | Malware blog | Eset |
| 27.9.25 | Pointer leaks through pointer-keyed data structures | Some time in 2024, during a Project Zero team discussion, we were talking about how remote ASLR leaks would be helpful or necessary for exploiting some types of memory corruption bugs, specifically in the context of Apple devices. | Hacking blog | Project Zero |
| 27.9.25 | npm Account Hijacking and the Rise of Supply Chain Attacks | Trellix provides an in-depth examination of the Shai-Hulud worm campaign, with guidance for organizations to better protect themselves | Hacking blog | Trelix |
| 27.9.25 | When AD Gets Breached: Detecting NTDS.dit Dumps and Exfiltration with Trellix NDR | This blog describes a real-world scenario in which threat actors gained access to a system, dumped the NTDS.dit file, and attempted to exfiltrate it while avoiding common defenses. | Cyber blog | Trelix |
| 27.9.25 | Unmasking Hidden Threats: Spotting a DPRK IT-Worker Campaign | In the North Korean IT worker employment campaign, skilled operatives from the DPRK (North Korea) pose as remote IT professionals to get hired at Western companies. | APT blog | Trelix |
| 20.9.25 | Self-replicating Shai-hulud worm spreads token-stealing malware on npm | RL researchers have detected the first self-replicating worm compromising popular npm packages with cloud token-stealing malware. | Malware blog | REVERSINGLABS |
| 20.9.25 | Ethereum smart contracts used to push malicious code on npm | RL discovered how the crypto contracts were abused — and how this incident is tied to a larger campaign to promote malicious packages on top repositories. | Cryptocurrency blog | REVERSINGLABS |
| 20.9.25 | The emerging group demonstrates competent tradecraft using a familiar ransomware playbook and hints of ingenuity | Ransom blog | SOPHOS | |
| 20.9.25 | CountLoader: Silent Push Discovers New Malware Loader Being Served in 3 Different Versions | Silent Push has discovered a new malware loader that is strongly associated with Russian ransomware gangs that we are naming: “CountLoader.” | Malware blog | Silent Push |
| 20.9.25 | Advanced Queries For Real Malware Detection in Silent Push | The Silent Push platform is capable of powerful queries for threat hunting and preemptive discovery of malicious infrastructure. Our team uses this platform every day to proactively hunt and discover infrastructure for our customers, enabling blocking and discovery of threats before they are fully operationalized. | Malware blog | Silent Push |
| 20.9.25 | The Week in Vulnerabilities: 1000+ Bugs with 135 Publicly Known PoCs | This week, critical vulnerabilities in Apple, Zimbra, Samsung, and Adobe demand urgent attention as exploits surface in the wild and underground communities weaponize flaws. | Vulnerebility blog | Cyble |
| 20.9.25 | Ransomware Landscape August 2025: Qilin Dominates as Sinobi Emerges | Qilin led in ransomware attacks in all global regions in August, but the rapid rise of Sinobi and The Gentlemen also merits attention by security teams. | Ransom blog | Cyble |
| 20.9.25 | Inside Maranhão Stealer: Node.js-Powered InfoStealer Using Reflective DLL Injection | Vulnerabilities in SAP, Sophos, Adobe and Android were among the fixes issued by vendors during a very busy Patch Tuesday week. | Malware blog | Cyble |
| 20.9.25 | DeerStealer Malware Campaign: Stealth, Persistence, and Rootkit-Like Capabilities | Executive Summary At CYFIRMA, we are dedicated to providing current insights into prevalent threats and the strategies employed by malicious entities targeting both organizations | Malware blog | Cyfirma |
| 20.9.25 | CYFIRMA : Defence Industry Threat Report | EXECUTIVE SUMMARY Between May and August 2025, CYFIRMA observed sustained cyber operations against the global defence sector, driven by both state-aligned groups and | Cyber blog | Cyfirma |
| 20.9.25 | UNMASKING A PYTHON STEALER – “XillenStealer” | EXECUTIVE SUMMARY Cyfirma’s threat intelligence assessment of XillenStealer identifies it as an open-source, Python-based information stealer publicly available on GitHub. The malware is designed to harvest sensitive system and user… | Malware blog | Cyfirma |
| 20.9.25 | DIGITAL FRONTLINES : INDIA UNDER MULTI-NATION HACKTIVIST ATTACK | DIGITAL FRONTLINES : INDIA UNDER MULTI-NATION HACKTIVIST ATTACK EXECUTIVE SUMMARY At CYFIRMA, we are committed to offering up-to-date insights into prevalent threats and tactics | Hacking blog | Cyfirma |
| 20.9.25 | Surge in Cisco ASA Scanning Hints At Coming Cyberattacks | A massive surge in scans targeting Cisco Adaptive Security Appliance (ASA) devices was observed by GreyNoise in late August 2025, with over 25,000 unique IPs probing ASA login portals in a single burst. | Hacking blog | Eclypsium |
| 20.9.25 | Going Underground: China-aligned TA415 Conducts U.S.-China Economic Relations Targeting Using VS Code Remote Tunnels | Throughout July and August 2025, TA415 conducted spearphishing campaigns targeting United States government, think tank, and academic organizations utilizing U.S.-China economic-themed lures. | APT blog | PROOFPOINT |
| 20.9.25 | EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks | Combining AI-generated code and social engineering, EvilAI operators are executing a rapidly expanding campaign, disguising their malware as legitimate applications to bypass security, steal credentials, and persistently compromise organizations worldwide. | AI blog | Trend Micro |
| 20.9.25 | What We Know About the NPM Supply Chain Attack | Trend™ Research outlines the critical details behind the ongoing NPM supply chain attack and offers essential steps to stay protected against potential compromise. | Hacking blog | Trend Micro |
| 20.9.25 | How AI-Native Development Platforms Enable Fake Captcha Pages | Cybercriminals are abusing AI-native platforms like Vercel, Netlify, and Lovable to host fake captcha pages that deceive users, bypass detection, and drive phishing campaigns. | AI blog | Trend Micro |
| 20.9.25 | Critical ViewState Deserialization Zero-Day in Sitecore (CVE-2025-53690) | The SonicWall Capture Labs threat research team identified CVE-2025-53690 and assessed its impact. Sitecore is a widely used digital experience platform (DXP) that provides content management, personalization and e-commerce capabilities for enterprises. | Vulnerebility blog | SonicWall |
| 20.9.25 | The Risks of Code Assistant LLMs: Harmful Content, Misuse and Deception | We recently looked into AI code assistants that connect with integrated development environments (IDEs) as a plugin, much like GitHub Copilot. | Cyber blog | Palo Alto |
| 20.9.25 | Myth Busting: Why "Innocent Clicks" Don't Exist in Cybersecurity | Picture this: You snag the last spot in a parking lot and find the QR code to pay on the lamppost directly in front of you. Score! You go to pay on the website, but wait…the page is full of ads and looks very suspicious. | Cyber blog | Palo Alto |
| 20.9.25 | "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated September 19) | Palo Alto Networks Unit 42 is investigating an active and widespread software supply chain attack targeting the Node Package Manager (npm) ecosystem. | Malware blog | Palo Alto |
| 20.9.25 | Under the Pure Curtain: From RAT to Builder to Coder | Check Point Research conducted a forensic analysis of a ClickFix campaign that lured victims with fake job offers that resulted in an eight-day intrusion. | Malware blog | Checkpoint |
| 20.9.25 | Why a Cisco Talos Incident Response Retainer is a game-changer | With a Cisco Talos IR Retainer, your organization can stay resilient and ahead of tomorrow's threats. Here's how. | Cyber blog | CISCO TALOS |
| 20.9.25 | Put together an IR playbook — for your personal mental health and wellbeing | This edition pulls the curtain aside to show the realities of the VPN Filter campaign. Joe reflects on the struggle to prevent burnout in a world constantly on fire. | Cyber blog | CISCO TALOS |
| 20.9.25 | Alex Ryan: From zero chill to quiet confidence | Discover how a Cisco Talos Incident Response expert transitioned from philosophy to the high-stakes world of incident command, offering candid insights into managing burnout and finding a supportive team. | Cyber blog | CISCO TALOS |
| 20.9.25 | Maturing the cyber threat intelligence program | The Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) helps organizations assess and improve their threat intelligence programs by outlining 11 key areas and specific missions where CTI can support decision-making. | Cyber blog | CISCO TALOS |
| 20.9.25 | Beaches and breaches | Thor examines why supply chain and identity attacks took center stage in this week’s headlines, rather than AI and ransomware. | Cyber blog | CISCO TALOS |
| 20.9.25 | Microsoft Patch Tuesday for September 2025 – Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for September 2025, which includes 86 vulnerabilities affecting a range of products. | Vulnerebility blog | CISCO TALOS |
| 20.9.25 | Gamaredon X Turla collab | Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine | APT blog | Eset |
| 20.9.25 | Small businesses, big targets: Protecting your business against ransomware | Long known to be a sweet spot for cybercriminals, small businesses are more likely to be victimized by ransomware than large enterprises | Ransom blog | Eset |
| 20.9.25 | HybridPetya: The Petya/NotPetya copycat comes with a twist | HybridPetya is the fourth publicly known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality | Vulnerebility blog | Eset |
| 20.9.25 | Dark Web Roast - August 2025 Edition | The August 2025 edition of the Advanced Research Center Dark Web Roast delivers a masterclass in how not to run a criminal enterprise, showcasing threat actors who've somehow managed to combine the worst aspects of amateur hour operations with delusions of professional grandeur. | Cyber blog | Trelix |
| 13.9.25 | Go Get ‘Em: Updates to Volexity Golang Tooling | This blog post was the final deliverable for a summer internship project, which was completed under the direction of the Volexity Threat Intelligence team. If you’d like more information about | Cyber blog | VELOXITY |
| 13.9.25 | SEO Poisoning Attack Targets Chinese-Speaking Users with Fake Software Sites | FortiGuard Labs uncovered an SEO poisoning campaign targeting Chinese users with fake software sites delivering Hiddengh0st and Winos malware. | Attack blog | FORTINET |
| 13.9.25 | MostereRAT Deployed AnyDesk/TightVNC for Covert Full Access | FortiGuard Labs uncovers MostereRAT’s use of phishing, EPL code, and remote access tools like AnyDesk and TightVNC to evade defenses and seize full system control. | Malware blog | FORTINET |
| 13.9.25 | Advanced Queries For Real Malware Detection in Silent Push | The Silent Push platform is capable of powerful queries for threat hunting and preemptive discovery of malicious infrastructure. Our team uses this platform every day to proactively hunt and discover infrastructure for our customers, enabling blocking and discovery of threats before they are fully operationalized. | Cyber blog | Silent Push |
| 13.9.25 | Salt Typhoon and UNC4841: Silent Push Discovers New Domains; Urges Defenders to Check Telemetry and Log Data | It’s extremely rare for our team to publicly share details on how we found the technical fingerprints for an Advanced Persistent Threat (APT) group. We are making these details public now due to our belief that these are legacy fingerprints unlikely to appear again. | APT blog | Silent Push |
| 13.9.25 | ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) | In a recent investigation, Mandiant Threat Defense discovered an active ViewState deserialization attack affecting Sitecore deployments leveraging a sample machine key that had been exposed in Sitecore deployment guides from 2017 and earlier. An attacker leveraged the exposed ASP.NET machine key to perform remote code execution. | Vulnerebility blog | Google Threat Intelligence |
| 13.9.25 | The Week in Vulnerabilities: ‘Patch Tuesday’ Yields 1,200 New Flaws | Vulnerabilities in SAP, Sophos, Adobe and Android were among the fixes issued by vendors during a very busy Patch Tuesday week. | Vulnerebility blog | Cyble |
| 13.9.25 | Australian Cyber Authorities Warn of Active Exploitation of SonicWall SSL Vulnerability (CVE-2024-40766) | ASD’s ACSC warns of active CVE-2024-40766 exploits in SonicWall SSL VPNs, allowing unauthorized access and firewall crashes across multiple device generations. | Vulnerebility blog | Cyble |
| 13.9.25 | Canadian Government’s IT Arm Flags Digital Risks, Cyber Threats, and Strategic Priorities | Shared Services Canada urges IT modernization as it blocks 6.5T cyber threats yearly, highlighting urgent cybersecurity needs across federal systems. | Cyber blog | Cyble |
| 13.9.25 | LunoBotnet: A Self-Healing Linux Botnet with Modular DDoS and Cryptojacking Capabilities | LunoBotnet is an actively evolving Linux botnet combining crypto-mining and DDoS with modular updates and monetization. | BotNet blog | Cyble |
| 13.9.25 | International Guidance Promotes SBOM Adoption to Enhance Software Supply Chain Security | New global SBOM guidance aims to boost software supply chain security, enhance transparency, and improve vulnerability and risk management across industries. | Security blog | Cyble |
| 13.9.25 | TRACKING RANSOMWARE : August 2025 | EXECUTIVE SUMMARY In Aug 2025, ransomware activity remained elevated with 522 global victims, a slight decline from July but still far above 2023–2024 levels. Professional services, consumer services, and manufacturing… | Ransom blog | Cyfirma |
| 13.9.25 | Deconstructing a Cyber Deception: An Analysis of the Clickfix HijackLoader Phishing Campaign | Table of Contents Introduction The Evolving Threat of Attack Loaders Objective of This Blog Technical Methodology and Analysis Initial Access and Social Engineering Multi-Stage Obfuscation and De-obfuscation Anti-Analysis Techniques The Final Payload Conclusion IOCs Quick Heal \ Seqrite Protection ... | Hacking blog | Seqrite |
| 13.9.25 | Echoleak- Send a prompt , extract secret from Copilot AI!( CVE-2025-32711) | Introduction: What if your Al assistant wasn’t just helping you – but quietly helping someone else too? A recent zero-click exploit known as EchoLeak revealed how Microsoft 365 Copilot could be manipulated to exfiltrate sensitive information – without the... | AI blog | Seqrite |
| 13.9.25 | Malware Campaign Leverages SVGs, Email Attachments, and CDNs to Drop XWorm and Remcos via BAT Scripts | Table of Content: Introduction Infection Chain Process Tree Campaign 1: – Persistence – BATCH files – PowerShell script – Loader – Xworm/Remcos Campaign 2 Conclusion IOCS Detections MITRE ATTACK TTPs Introduction: Recent threat campaigns have revealed an evolving use... | Malware blog | Seqrite |
| 13.9.25 | SAP NetWeaver Metadata Uploader Vulnerability (CVE-2025-31324) | Executive Summary CVE-2025-31324 is a critical remote code execution (RCE) vulnerability affecting the SAP NetWeaver Development Server, one of the core components used in enterprise environments for application development and integration. The vulnerability stems from improper validation of uploaded... | Vulnerebility blog | Seqrite |
| 13.9.25 | The Rise of SBOM Requirements In Cybersecurity Guidelines and Laws | Software bills of materials (SBOMs) have been around for years, but they’re historically ill defined, hard to generate, update, and use. So most organizations don’t. | Cyber blog | Eclypsium |
| 13.9.25 | Golden Dome Requires Firmware Bills of Materials, SBOMs, and Other Supply Chain Security Measures | In May, 2025 the U.S. Secretary of Defense announced support for the Golden Dome for America (GDA). The project is a next-generation missile defense shield to be integrated with existing U.S. air and missile defense systems. | Cyber blog | Eclypsium |
| 13.9.25 | Securing Higher Education: Top College Switches from Abnormal to Proofpoint | When you represent a historic educational institution with a reputation to protect, you can’t afford gaps in email security. This is the reality for many higher education security teams. It was also the case for one liberal arts college on the East Coast that recently made the switch from Abnormal AI to Proofpoint’s API-deployed Core Email Protection. | Cyber blog | PROOFPOINT |
| 13.9.25 | Insider Threats Unfold in Two Ways—With Impact or Intervention | Every insider threat has a cause, whether it’s a lapse in judgment or rushed mistake, growing resentment, a change in ideology, or desire for personal gain. Left unchecked, these small cracks can widen into corporate crises that make headlines. | Cyber blog | PROOFPOINT |
| 13.9.25 | Apache NiFi Code Injection (CVE-2023-34468) | The SonicWall Capture Labs threat research team became aware of the threat CVE-2023-34468, assessed its impact and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
| 13.9.25 | Microsoft Security Bulletin Coverage for September 2025 | Microsoft’s September 2025 Patch Tuesday has 81 vulnerabilities, of which 38 are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of September 2025 and has produced coverage for seven of the reported vulnerabilities. | OS Blog | SonicWall |
| 13.9.25 | Trusted Connections, Hidden Risks: Token Management in the Third-Party Supply Chain | You are about to log off for the weekend when a high-severity alert flashes on your cloud security tool’s dashboard. A single, unfamiliar OAuth token is making hundreds of connections from three different IP addresses, two of which are flagged as belonging to an unknown VPN service. | Hacking blog | Palo Alto |
| 13.9.25 | AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks | In early May 2025, Unit 42 researchers observed that AdaptixC2 was used to infect several systems. | Hacking blog | Palo Alto |
| 13.9.25 | Data Is the New Diamond: Latest Moves by Hackers and Defenders | There have been several notable developments in recent weeks related to data theft activity from cybercriminals targeting Salesforce instances, including via the Salesloft Drift supply chain attack detailed in a recent Unit 42 Threat Brief. | Cyber blog | Palo Alto |
| 13.9.25 | Yurei & The Ghost of Open Source Ransomware | First observed on September 5, Yurei is a newly emerged ransomware group that targeted a Sri Lankan food manufacturing company as its first leaked victim. The group follows a double-extortion model: they encrypt the victim’s files and exfiltrate sensitive data, and then demand a ransom payment to decrypt and refrain from publishingthe stolen information. | Ransom blog | Checkpoint |
| 13.9.25 | Stopping ransomware before it starts: Lessons from Cisco Talos Incident Response | Explore lessons learned from over two years of Talos IR pre-ransomware engagements, highlighting the key security measures, indicators and recommendations that have proven effective in stopping ransomware attacks before they begin. | Ransom blog | CISCO TALOS |
| 13.9.25 | Beaches and breaches | Thor examines why supply chain and identity attacks took center stage in this week’s headlines, rather than AI and ransomware. | Incident blog | CISCO TALOS |
| 13.9.25 | Maturing the cyber threat intelligence program | The Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) helps organizations assess and improve their threat intelligence programs by outlining 11 key areas and specific missions where CTI can support decision-making. | Cyber blog | CISCO TALOS |
| 13.9.25 | Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass | UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal | Vulnerebility blog | Eset |
| 13.9.25 | Are cybercriminals hacking your systems – or just logging in? | As bad actors often simply waltz through companies’ digital front doors with a key, here’s how to keep your own door locked tight | Hacking blog | Eset |
| 13.9.25 | Preventing business disruption and building cyber-resilience with MDR | Given the serious financial and reputational risks of incidents that grind business to a halt, organizations need to prioritize a prevention-first cybersecurity strategy | Cyber blog | Eset |
| 13.9.25 | Behind the Mask of Madgicx Plus: A Chrome Extension Campaign Targeting Meta Advertisers | In this Threat Analysis Report, Cybereason analyzes an investigation into a new malicious Chrome extension campaign | Hacking blog | Cybereason |
| 13.9.25 | Silent Pivot: Detecting Fileless Lateral Movement via Service Manager with Trellix NDR | The tactics of cyber adversaries continue to evolve as they attempt to bypass security vendors. | APT blog | Trelix |
| 6.9.25 | ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) | In a recent investigation, Mandiant Threat Defense discovered an active ViewState deserialization attack affecting Sitecore deployments leveraging a sample machine key that had been exposed in Sitecore deployment guides from 2017 and earlier. An attacker leveraged the exposed ASP.NET machine key to perform remote code execution. | Vulnerebility blog | Google Threat Intelligence |
| 6.9.25 | Massive IPTV Piracy Network Uncovered by Silent Push | Security analysts face the constant challenge of gaining immediate and accurate context on IP addresses that pop up during an investigation, to minimize risk and prevent loss. | Hacking blog | Silent Push |
| 6.9.25 | Unmasking SocGholish: Silent Push Untangles the Malware Web Behind the “Pioneer of Fake Updates” and Its Operator, TA569 | SocGholish, operated by TA569, actually functions as a Malware-as-a-Service (MaaS) vendor, selling access to compromised systems to various financially motivated cybercriminal clients. | Malware blog | Silent Push |
| 6.9.25 | IP Tagging in Silent Push: VPN, Proxy and Sinkhole Detection | Silent Push has uncovered a massive Internet Protocol Television (IPTV)-based piracy network that has been active for several years and is currently hosted across more than 1,000 domains and over 10,000 IP addresses. | Malware blog | Silent Push |
| 6.9.25 | Hexstrike-AI: When LLMs Meet Zero-Day Exploitation | Key Findings: Newly released framework called Hexstrike-AI provides threat actors with an orchestration “brain” that ... | AI blog | Checkpoint |
| 6.9.25 | The Week in Vulnerabilities: Apple, Citrix Flaws Draw Threat Actor Interest | Several vulnerabilities this week were the focus of intense online discussion and face active exploitation. | Vulnerebility blog | Cyble |
| 6.9.25 | How Chinese State-Sponsored APT Actors Exploit Routers for Stealthy Cyber Espionage | Chinese state-sponsored APT groups target global telecom, government, and military networks, exploiting router vulnerabilities for stealthy, long-term cyber espionage since 2021. | APT blog | Cyble |
| 6.9.25 | Supply Chain Attacks Have Doubled. What’s Driving the Increase? | Threat actors have been able to access the most sensitive data of suppliers and their customers, serving as a wakeup call for third-party risks. | Hacking blog | Cyble |
| 6.9.25 | Google Salesforce Breach: A Deep dive into the chain and extent of the compromise | Executive Summary In early June 2025, Google’s corporate Salesforce instance (used to store contact data for small‑ and medium‑sized business clients) was compromised through a sophisticated vishing‑extortion campaign orchestrated by the threat‑group tracked as UNC6040 & UNC6240 (online cybercrime collective known | Vulnerebility blog | Seqrite |
| 6.9.25 | PromptLock: The First AI-Powered Ransomware & How It Works | Introduction AI-powered malware has become quite a trend now. We have always been discussing how threat actors could perform attacks by leveraging AI models, and here we have a PoC demonstrating exactly that. Although it has not yet been | AI blog | Seqrite |
| 6.9.25 | TYPHOON IN THE FIFTH DOMAIN : CHINA’S EVOLVING CYBER STRATEGY | EXECUTIVE SUMMARY China’s cyber operations have evolved from economic espionage to strategic, politically driven campaigns that pose significant threats to Western critical | APT blog | Cyfirma |
| 6.9.25 | Unmasked: Salat Stealer – A Deep Dive into Its Advanced Persistence Mechanisms and C2 Infrastructure | EXECUTIVE SUMMARY CYFIRMA has identified Salat Stealer (also known as WEB_RAT), a sophisticated Go-based infostealer targeting Windows systems. The malware exfiltrates browser credentials, cryptocurrency wallet data, and session | Malware blog | Cyfirma |
| 6.9.25 | EOL Devices: Exploits Will Continue Until Security Improves | Something that has caught my attention lately, both in the news and from recent leaks of threat actor groups, is that attackers continue to use what works. The technique could be something elaborate or straightforward. | Exploit blog | Eclypsium |
| 6.9.25 | Not Safe for Work: Tracking and Investigating Stealerium and Phantom Infostealers | Proofpoint researchers observed an increase in opportunistic cybercriminals using malware based on Stealerium, an open-source malware that is available “for educational purposes.” | Malware blog | PROOFPOINT |
| 6.9.25 | Three Critical Facts About Cyber Risk Management | For CISOs responsible for cyber risk management, these three insights will help build a strong and reliable foundation for your proactive security strategy. | Cyber blog | Trend Micro |
| 6.9.25 | An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps | Trend™ Research analyzed a campaign distributing Atomic macOS Stealer (AMOS), a malware family targeting macOS users. Attackers disguise the malware as “cracked” versions of legitimate apps, luring users into installation. | Malware blog | Trend Micro |
| 6.9.25 | LummaC Attacks Directly and Indirectly | This week, the SonicWall Capture Labs threat research team analyzed a sample of LummaC, a prolific infostealer. The multi-stage infection uses a combination of techniques to avoid detection, create persistence, and exfiltrate data using encryption and network methods. It is also built to resist analysis, with layers of obfuscation and code traps designed to break tools. | Malware blog | SonicWall |
| 6.9.25 | Apache NiFi Code Injection (CVE-2023-34468) | The SonicWall Capture Labs threat research team became aware of the threat CVE-2023-34468, assessed its impact and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
| 6.9.25 | Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances | Unit 42 has observed activity consistent with a specific threat actor campaign leveraging the Salesloft Drift integration to compromise customer Salesforce instances. This brief provides information about our observations and guidance for potentially affected organizations. | Cyber blog | Palo Alto |
| 6.9.25 | Model Namespace Reuse: An AI Supply-Chain Attack Exploiting Model Name Trust | Our research uncovered a fundamental flaw in the AI supply chain that allows attackers to gain Remote Code Execution (RCE) and additional capabilities on major platforms like Microsoft’s Azure AI Foundry, Google’s Vertex AI and thousands of open-source projects. We refer to this issue as Model Namespace Reuse. | Cyber blog | Palo Alto |
| 6.9.25 | Under lock and key: Safeguarding business data with encryption | As the attack surface expands and the threat landscape grows more complex, it’s time to consider whether your data protection strategy is fit for purpose | Eset | |
| 6.9.25 | GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes | ESET researchers have identified a new threat actor targeting Windows servers with a passive C++ backdoor and a malicious IIS module that manipulates Google search results | Malware blog | Eset |
| 6.9.25 | ToolShell Unleashed: Decoding the SharePoint Attack Chain | A wave of active exploitation is targeting recently disclosed vulnerabilities in Microsoft SharePoint Server (CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771). Collectively referred to as ToolShell, these vulnerabilities impact self-hosted SharePoint Server 2016, 2019, and Subscription Edition, enabling unauthenticated remote code execution and security bypasses. | Vulnerebility blog | Trelix |
| 6.9.25 | XWorm’s Evolving Infection Chain: From Predictable to Deceptive | The Trellix Advanced Research Center has uncovered a new XWorm backdoor campaign using evolved deployment methods. Unlike previous versions, this campaign employs sophisticated, deceptive techniques to bypass detection. Moving beyond simple email attacks, it now uses authentic-looking .exe filenames and blends social engineering with technical attack vectors. | Malware blog | Trelix |