2025 January(178) February(102) March(349) April(412) May(435) June(20) July(0) August(0) September(0)
DATE |
NAME | Info |
CATEG. |
WEB |
| 30.5.25 | Czechia blames China for Ministry of Foreign Affairs cyberattack | The Czech Republic says the Chinese-backed APT31 hacking group was behind cyberattacks targeting the country's Ministry of Foreign Affairs and critical infrastructure organizations. | BigBrothers | BleepingComputer |
| 30.5.25 | Microsoft introduces new Windows backup tool for businesses | Microsoft has introduced Windows Backup for Organizations, a new backup tool for enterprises that simplifies backups and makes the transition to Windows 11 easier. | OS | BleepingComputer |
| 30.5.25 | Microsoft wants Windows to update all software on your PC | Microsoft has introduced a new update orchestration platform built on the existing Windows Update infrastructure, which aims to unify the updating system for all apps, drivers, and system components on Windows systems. | OS | |
| 30.5.25 | Apple blocked over $9 billion in App Store fraud in five years | Apple says it blocked over $9 billion in fraudulent App Store transactions over the last five years, with over $2 billion in potentially fraudulent sanctions prevented in 2024 alone. | OS | |
| 30.5.25 | DragonForce ransomware abuses SimpleHelp in MSP supply chain attack | The DragonForce ransomware operation successfully breached a managed service provider and used its SimpleHelp remote monitoring and management (RMM) platform to steal data and deploy encryptors on downstream customers' systems. | Ransom | BleepingComputer |
| 30.5.25 | Iranian pleads guilty to RobbinHood ransomware attacks, faces 30 years | An Iranian national has pleaded guilty to participating in the Robbinhood ransomware operation, which was used to breach the networks, steal data, and encrypt devices of U.S. cities and organizations in an attempt to extort millions of dollars over a five-year span. | Ransom | BleepingComputer |
| 30.5.25 | Not Every CVE Deserves a Fire Drill: Focus on What’s Exploitable | Not every "critical" vulnerability is a critical risk. Picus Exposure Validation cuts through the noise by testing what's actually exploitable in your environment — so you can patch what matters. | Security | BleepingComputer |
| 30.5.25 | MATLAB dev confirms ransomware attack behind service outage | MathWorks, a leading developer of mathematical computing and simulation software, has revealed that a recent ransomware attack is behind an ongoing service outage. | Ransom | BleepingComputer |
| 30.5.25 | Russian Laundry Bear cyberspies linked to Dutch Police hack | A previously unknown Russian-backed cyberespionage group now tracked as Laundry Bear has been linked to a September 2024 Dutch police security breach. | APT | |
| 30.5.25 | Windows Server emergency update fixes Hyper-V VM freezes, restart issues | Microsoft has released an emergency update to address a known issue causing some Hyper-V virtual machines with Windows 10, Windows 11, and Windows Server to freeze or restart unexpectedly. | OS | |
| 30.5.25 | Adidas warns of data breach after customer service provider hack | German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and stole some customers' data. | Incindent | BleepingComputer |
| 30.5.25 | Glitch to end app hosting and user profiles on July 8 | Glitch has announced it is ending app hosting and user profiles on July 8, 2025, responding to changing market dynamics and extensive abuse problems that have raised operational costs. | Security | BleepingComputer |
| 30.5.25 | EDDIESTEALER Malware Uses ClickFix CAPTCHA to Steal Browser Data Across All Platforms | A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated | Virus | The Hacker News |
| 30.5.25 | China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil | The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks | Exploit | The Hacker News |
| 30.5.25 | U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud | The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against a Philippines-based company named Funnull Technology | Cryptocurrency | The Hacker News |
| 30.5.25 | ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach | ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said | Cyber | The Hacker News |
| 30.5.25 | Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas | Meta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China, and Romania during the first quarter of 2025. "We | Social | The Hacker News |
| 30.5.25 | Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools | Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the | AI | The Hacker News |
| 29.5.25 | New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers | Cybersecurity researchers have taken the wraps off an unusual cyber attack that leveraged malware with corrupted DOS and PE headers, according to new findings | Virus | The Hacker News |
| 29.5.25 | DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints | The threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider's (MSP) SimpleHelp remote monitoring and | Ransom | The Hacker News |
| 29.5.25 | Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations | Google on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google | APT | The Hacker News |
| 29.5.25 | Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin | Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited | Vulnerebility | The Hacker News |
| 29.5.25 | Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore | An Iranian national has pleaded guilty in the U.S. over his involvement in an international ransomware and extortion scheme involving the Robbinhood | Ransom | The Hacker News |
| 29.5.25 | Czech Republic Blames China-Linked APT31 Hackers for 2022 Cyberattack | The Czech Republic on Wednesday formally accused a threat actor associated with the People's Republic of China (PRC) of targeting its Ministry of Foreign Affairs. In a | BigBrothers | The Hacker News |
| 29.5.25 | Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File | Cybersecurity researchers have discovered a security flaw in Microsoft's OneDrive File Picker that, if successfully exploited, could allow websites to access a user's | Vulnerebility | The Hacker News |
| 28.5.25 | New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto | Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot . Written in Go, the botnet is designed to conduct | BotNet | The Hacker News |
| 28.5.25 | From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign | Stealer malware no longer just steals passwords. In 2025, it steals live sessions—and attackers are moving faster and more efficiently than ever. While many | Virus | The Hacker News |
| 28.5.25 | Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware | A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management | Exploit | The Hacker News |
| 28.5.25 | How 'Browser-in-the-Middle' Attacks Steal Sessions in Seconds | Would you expect an end user to log on to a cybercriminal's computer, open their browser, and type in their usernames and passwords? Hopefully not! But that's | CyberCrime | The Hacker News |
| 28.5.25 | 251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch | Cybersecurity researchers have disclosed details of a coordinated cloud-based scanning activity that targeted 75 distinct "exposure points" earlier this month. The | Exploit | The Hacker News |
| 28.5.25 | Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats | Apple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more than $2 billion in 2024 alone. The | CyberCrime | The Hacker News |
| 28.5.25 | New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency | Misconfigured Docker API instances have become the target of a new malware campaign that transforms them into a cryptocurrency mining botnet. The attacks, | Virus | The Hacker News |
| 28.5.25 | Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets | Cybersecurity researchers have disclosed a new malicious campaign that uses a fake website advertising antivirus software from Bitdefender to dupe victims into | Virus | The Hacker News |
| 27.5.25 | 60 Malicious npm Packages Leak Network and Host Data in Active Malware Campaign | Socket’s Threat Research Team has uncovered 60 npm packages using post-install scripts to silently exfiltrate hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint. | Malware blog | SOCKET DEV |
| 27.5.25 | Threat Spotlight: Hijacked Routers and Fake Searches Fueling Payroll Heist | ReliaQuest investigated a unique search engine optimization (SEO) poisoning attack targeting mobile devices, where attackers stole credentials via fake login pages to access the employee payroll portal and reroute paychecks. | Hacking blog | RELIAQUEST |
| 27.5.25 | Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages | Microsoft has shed light on a previously undocumented cluster of threat activity originating from a Russia-affiliated threat actor dubbed Void Blizzard (aka Laundry | Phishing | The Hacker News |
| 27.5.25 | Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers | Threat hunters have exposed a novel campaign that makes use of search engine optimization (SEO) poisoning techniques to target employee mobile devices and | Hack | The Hacker News |
| 27.5.25 | Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth's Stealth Phishing Campaign | The U.S. Federal Bureau of Investigation (FBI) has warned of social engineering attacks mounted by a criminal extortion actor known as Luna Moth targeting law | CyberCrime | The Hacker News |
| 27.5.25 | Russia-Linked Hackers Target Tajikistan Government with Weaponized Word Documents | The Russia-aligned threat actor known as TAG-110 has been observed conducting a spear-phishing campaign targeting Tajikistan using macro-enabled Word templates | APT | The Hacker News |
| 27.5.25 | Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto | As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS | Virus | The Hacker News |
| 27.5.25 | Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware | Cybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools like LetsVPN and QQ Browser to | Virus | The Hacker News |
| 25.5.25 | “Anti-Ledger” malware: The battle for Ledger Live seed phrases | Hackers are increasingly exploiting the trust that crypto owners place in cold wallets, turning the very tools meant to secure assets into attack surfaces. The recent ByBit heist has shaken the crypto industry and is unlikely to be the last. However, more low-profile heists are already underway. | Malware blog | Moonlock-lab |
| 25.5.25 | A Sting on Bing: Bumblebee delivered through Bing SEO poisoning campaign | Bumblebee is a downloader malware which has become known for its sophistication and effectiveness. The malware was first discovered in 2022 and was believed to be a tool for ransomware groups due to the developer’s close ties with Conti. | Malware blog | Cyjax |
| 25.5.25 | Not content with attacking retailers, this aggressive group is fighting a turf war with other ransomware operators | Ransom blog | Sophos | |
| 25.5.25 | A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist | Another adversary picks up the email bombing / vishing Storm-1811 playbook, doing thorough reconnaissance to target specific employees with fake help desk call—this time, over the phone. | Spam blog | Sophos |
| 25.5.25 | Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool | Microsoft’s Digital Crimes Unit (DCU) and international partners are disrupting the leading tool used to indiscriminately steal sensitive personal and organizational information to facilitate cybercrime. | Malware blog | Microsoft blog |
| 25.5.25 | Hidden Threats of Dual-Function Malware Found in Chrome Extensions | An unknown actor has been continuously creating malicious Chrome Browser extensions since approximately February, 2024. | Malware blog | dti domain tools |
| 25.5.25 | FIN7: Silent Push unearths the largest group of FIN7 domains ever discovered | 4000+ IOFA domains and IPs found. Louvre, Meta, and Reuters targeted in massive global phishing and malware campaigns. | Phishing blog | Silent Push |
| 25.5.25 | Bumblebee malware distributed via Zenmap, WinMRT SEO poisoning | The Bumblebee SEO poisoning campaign uncovered earlier this week abusing the RVTools brand is using more typosquatting domains mimicking other popular open-source projects. | Virus | BleepingComputer |
| 25.5.25 | Dozens of malicious packages on NPM collect host and network data | 60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor. | Virus | BleepingComputer |
| 25.5.25 | Hacker steals $223 million in Cetus Protocol cryptocurrency heist | The decentralized exchange Cetus Protocol announced that hackers have stolen $223 million in cryptocurrency and is offering a deal to stop all legal action if the funds are returned. | Cryptocurrency | |
| 25.5.25 | FBI warns of Luna Moth extortion attacks targeting law firms | The FBI warned that an extortion gang known as the Silent Ransom Group has been targeting U.S. law firms over the last two years in callback phishing and social engineering attacks. | BigBrothers | |
| 25.5.25 | TikTok videos now push infostealer malware in ClickFix attacks | Cybercriminals are using TikTok videos to trick users into infecting themselves with Vidar and StealC information-stealing malware in ClickFix attacks. | Social | BleepingComputer |
| 25.5.25 | Police takes down 300 servers in ransomware supply-chain crackdown | In the latest phase of Operation Endgame, an international law enforcement operation, national authorities from seven countries seized 300 servers and 650 domains used to launch ransomware attacks. | CyberCrime | BleepingComputer |
| 25.5.25 | Claude 4 benchmarks show improvements, but context is still 200K | Today, OpenAI rival Anthropic announced Claude 4 models, which are significantly better than Claude 3 in benchmarks, but we're left disappointed with the same 200,000 context window limit. | AI | |
| 25.5.25 | US indicts leader of Qakbot botnet linked to ransomware attacks | The U.S. government has indicted Russian national Rustam Rafailevich Gallyamov, the leader of the Qakbot botnet malware operation that compromised over 700,000 computers and enabled ransomware attacks. | Ransom | |
| 25.5.25 | Hackers use fake Ledger apps to steal Mac users’ seed phrases | Cybercriminal campaigns are using fake Ledger apps to target macOS users and their digital assets by deploying malware that attempts to steal seed phrases that protect access to digital cryptocurrency wallets. | OS | BleepingComputer |
| 25.5.25 | Police arrests 270 dark web vendors, buyers in global crackdown | Police arrested 270 suspects following an international law enforcement action codenamed 'Operation RapTor' that targeted dark web vendors and customers from ten countries. | CyberCrime | |
| 25.5.25 | Ivanti EPMM flaw exploited by Chinese hackers to breach govt agencies | Chinese hackers have been exploiting a remote code execution flaw in Ivanti Endpoint Manager Mobile (EPMM) to breach high-profile organizations worldwide. | Exploit | |
| 25.5.25 | Chinese hackers breach US local governments using Cityworks zero-day | Chinese-speaking hackers have exploited a now-patched Trimble Cityworks zero-day to breach multiple local governing bodies across the United States. | APT | BleepingComputer |
| 25.5.25 | FTC finalizes order requiring GoDaddy to secure hosting services | The Federal Trade Commission (FTC) has finalized an order requiring web hosting giant GoDaddy to secure its services to settle charges of data security failures that led to several data breaches since 2018. | BigBrothers | BleepingComputer |
| 25.5.25 | Signal now blocks Microsoft Recall screenshots on Windows 11 | Signal has updated its Windows app to protect users' privacy by blocking Microsoft's AI-powered Recall feature from taking screenshots of their conversations. | OS | |
| 25.5.25 | Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE | Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems. | Vulnerebility | |
| 25.5.25 | Anthropic web config hints at Claude Sonnet 4 and Opus 4 | Anthropic is secretly working on two new models called Claude Sonnet 4 and Opus 4, which are believed to be the company's most advanced AI models. | AI | BleepingComputer |
| 25.5.25 | OpenAI hints at a big upgrade for ChatGPT Operator Agent | ChatGPT's Operator, which is still in research preview, will soon become a "very useful tool," according to Jerry Tworek, VP of Research at OpenAI. | AI | |
| 25.5.25 | Critical Samlify SSO flaw lets attackers log in as admin | A critical Samlify authentication bypass vulnerability has been discovered that allows attackers to impersonate admin users by injecting unsigned malicious assertions into legitimately signed SAML responses. | Vulnerebility | |
| 25.5.25 | Russian hackers breach orgs to track aid routes to Ukraine | A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine. | BigBrothers | |
| 25.5.25 | Russia to enforce location tracking app on all foreigners in Moscow | The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. | BigBrothers | BleepingComputer |
| 24.5.25 | 3AM ransomware uses spoofed IT calls, email bombing to breach networks | A 3AM ransomware affiliate is conducting highly targeted attacks using email bombing and spoofed IT support calls to socially engineer employees into giving credentials for remote access to corporate systems. | Ransom | |
| 24.5.25 | Lumma infostealer malware operation disrupted, 2,300 domains seized | Earlier this month, a coordinated disruption action targeting the Lumma malware-as-a-service (MaaS) information stealer operation seized thousands of domains, part of its infrastructure backbone worldwide. | Virus | |
| 24.5.25 | Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs | A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly. | Virus | |
| 24.5.25 | ThreatLocker Patch Management: A Security-First Approach to Closing Vulnerability Windows | Patching is basic cyber hygiene — but executing it at scale, securely, and fast? That's the real challenge. ThreatLocker's Patch Management flips the script with control, visibility, and Zero Trust workflows built for today's threat landscape. | Security | BleepingComputer |
| 24.5.25 | European Union sanctions Stark Industries for enabling cyberattacks | The European Union has imposed strict sanctions against web-hosting provider Stark Industries and the two individuals running it, CEO Iurie Neculiti and owner Ivan Neculiti, for enabling "destabilising activities" against the Union. | Hack | BleepingComputer |
| 24.5.25 | Kettering Health hit by system-wide outage after ransomware attack | Kettering Health, a healthcare network that operates 14 medical centers in Ohio, was forced to cancel inpatient and outpatient procedures following a cyberattack that caused a system-wide technology outage. | Ransom | |
| 24.5.25 | Marks & Spencer faces $402 million profit hit after cyberattack | British retailer giant Marks & Spencer (M&S) is bracing for a potential profit hit of up to £300 million £300 million ($402 million) following a recent cyberattack that led to widespread operational and sales disruptions. | Incindent | |
| 24.5.25 | Coinbase says recent data breach impacts 69,461 customers | Coinbase, a cryptocurrency exchange with over 100 million customers, revealed that a recent data breach in which cybercriminals stole customer and corporate data affected 69,461 individuals | Incindent | BleepingComputer |
| 24.5.25 | PowerSchool hacker pleads guilty to student data extortion scheme | A 19-year-old college student from Worcester, Massachusetts, has agreed to plead guilty to a massive cyberattack on PowerSchool that extorted millions of dollars in exchange for not leaking the personal data of millions of students and teachers. | Incindent | |
| 24.5.25 | Mobile carrier Cellcom confirms cyberattack behind extended outages | Wisconsin wireless provider Cellcom has confirmed that a cyberattack is responsible for the widespread service outage and disruptions that began on the evening of May 14, 2025. | Hack | |
| 24.5.25 | Premium WordPress 'Motors' theme vulnerable to admin takeover attacks | A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete control of websites. | Hack | |
| 24.5.25 | VanHelsing ransomware builder leaked on hacking forum | The VanHelsing ransomware-as-a-service operation published the source code for its affiliate panel, data leak blog, and Windows encryptor builder after an old developer tried to sell it on the RAMP cybercrime forum. | Ransom | BleepingComputer |
| 24.5.25 | SK Telecom says malware breach lasted 3 years, impacted 27 million numbers | SK Telecom says that a recently disclosed cybersecurity incident in April, first occurred all the way back in 2022, ultimately exposing the USIM data of 27 million subscribers. | Virus | |
| 24.5.25 | Hazy Hawk gang exploits DNS misconfigs to hijack trusted domains | A threat actor named 'Hazy Hawk' has been using DNS CNAME hijacking to hijack abandoned cloud endpoints of domains belonging to trusted organizations and incorporate them in large-scale scam delivery and traffic distribution systems (TDS). | Virus | |
| 24.5.25 | Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique | The malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector. | Virus | The Hacker News |
| 24.5.25 | Ransomware Roundup – VanHelsing | The VanHelsing ransomware was first identified in March 2025 and uses TOR sites for ransom negotiations and data leaks. | Ransom blog | FOTINET |
| 24.5.25 | Horabot Unleashed: A Stealthy Phishing Threat | FortiGuard Labs observed a phishing campaign "Horabot" resurfacing with a sophisticated multi-stage attack, blending phishing, credential theft, and propagation. | Phishing blog | FOTINET |
| 24.5.25 | WHILE TRUMP DISRUPTS THE WORLD ORDER, CHINA PREPARES FOR WAR OVER TAIWAN | With Donald Trump’s erratic style and his many isolationist tendencies, none of America’s allies can be 100% sure where they stand. Unlike Ukraine—which, despite America’s wavering | BigBrother blog | Cyfirma |
| 24.5.25 | GhostSpy Web-Based Android RAT : Advanced Persistent RAT with Stealthy Remote Control and Uninstall Resistance | EXECUTIVE SUMMARY At CYFIRMA, we are committed to delivering timely intelligence on emerging threats and attacker tactics. In this report, we analyze a high-risk Android | Malware blog | Cyfirma |
| 24.5.25 | Operation Sindoor – Anatomy of a Digital Siege | Overview Seqrite Labs, India’s largest Malware Analysis lab, has identified multiple cyber events linked to Operation Sindoor, involving state-sponsored APT activity and coordinated hacktivist operations. Observed tactics included spear phishing, deployment of malicious scripts, website defacements, and unauthorized data.. | APT blog | Seqrite |
| 24.5.25 | Enhanced Threat Detection: Bootloaders, Bootkits, and Secure Boot | The attack surface Eclypsium set out to defend extends to areas in our systems that many security teams and monitoring tools are either overlooking or trusting someone else has secured for them. This pre-operating system attack surface includes components such as UEFI and bootloaders. | Malware blog | Eclypsium |
| 24.5.25 | A Brief History of DanaBot, Longtime Ecrime Juggernaut Disrupted by Operation Endgame | DanaBot is a cybercrime malware-as-a-service that Proofpoint researchers first identified and named in May 2018. At the time, banking trojans were the most popular email-based cybercriminal malware threat, and DanaBot became one of the favored payloads by TA547 before being adopted by other notable cybercrime threat actors. | Malware blog | PROOFPOINT |
| 24.5.25 | Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer | Over the past year, Microsoft Threat Intelligence observed the persistent growth and operational sophistication of Lumma Stealer, an info-stealing malware used by multiple financially motivated threat actors to target various industries. | Malware blog | Microsoft blog |
| 24.5.25 | Earth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan | Trend™ Research discusses the evolving tradecraft of threat actor Earth Ammit, proven by the advanced toolset used in its TIDRONE and VENOM campaigns that targeted the drone supply chain. | APT blog | Trend Micro |
| 24.5.25 | Trend Micro Puts a Spotlight on AI at Pwn2Own Berlin | At Trend Micro, we believe we can make the digital world safer by proactively discovering threats and vulnerabilities that others haven’t yet seen. That’s why, every year, we invest millions of dollars in the Trend Zero Day Initiative™ (ZDI)—the world’s largest vendor-agnostic bug bounty program. | Cyber blog | Trend Micro |
| 24.5.25 | Trend Secures AI Infrastructure with NVIDIA | Organizations worldwide are racing to implement agentic AI solutions to drive innovation and competitive advantage. However, this revolution introduces security challenges—particularly for organizations in highly regulated industries that require data sovereignty and strict compliance. | AI blog | Trend Micro |
| 24.5.25 | Using Agentic AI & Digital Twin for Cyber Resilience | Learn how Trend is combining agentic AI and digital twin to transform the way organizations protect themselves from cyber threats. | AI blog | Trend Micro |
| 24.5.25 | Fake CAPTCHA Attacks Deploy Infostealers and RATs in a Multistage Payload Chain | We have detected a new tactic involving fake CAPTCHA pages that trick users into executing harmful commands in Windows. This scheme uses disguised files sent via phishing and other malicious methods. | Malware blog | Trend Micro |
| 24.5.25 | Earth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan | In July 2024, we disclosed the TIDRONE campaign, in which threat actors targeted Taiwan’s military and satellite industries. During our investigation, we discovered that multiple compromised entities were using the same enterprise resource planning (ERP) software. | APT blog | Trend Micro |
| 24.5.25 | TikTok Videos Promise Pirated Apps, Deliver Vidar and StealC Infostealers Instead | Trend Research has uncovered a novel social engineering campaign using TikTok’s vast user base to distribute information-stealing malware, specifically Vidar and StealC. Unlike the prevalent Fake CAPTCHA campaign — which relies on fake CAPTCHA pages and clipboard hijacking to trick users into running malicious scripts — this new campaign pivots to exploiting the popularity and viral nature of TikTok. | Social blog | Trend Micro |
| 24.5.25 | Critical SysAid XXE Vulnerabilities Expose Systems to Remote Exploitation (CVE-2025-2775–2777) | The SonicWall Capture Labs threat research team became aware of multiple critical XML External Entity (XXE) injection vulnerabilities in SysAid’s IT service management (ITSM) platform. SysAid is used by organizations to streamline and automate help desk operations, asset management and IT workflows, and is available as both a cloud-based and on-premises solution. | Vulnerebility blog | SonicWall |
| 24.5.25 | DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt | In January 2025, Unit 42 researchers identified a series of attacks distributing DarkCloud Stealer. The latest attack chain incorporated AutoIt to evade detection and used a file-sharing server to host the malware. This article explores the chain of events from these recent campaigns and analyzes the characteristics of these attacks. | Malware blog | Palo Alto |
| 24.5.25 | Threat Brief: CVE-2025-31324 (Updated May 23) | Update May 23, 2025: We have added further details and indicators of compromise (IoC) to this post, to provide defenders additional information to hunt with. This information can be found in the Appendix section. | Vulnerebility blog | Palo Alto |
| 24.5.25 | Threat Group Assessment: Muddled Libra (Updated May 16, 2025) | We’ve added an additional section to this article that describes the evolution of Muddled Libra activity since the beginning for 2024. This group is a dynamic one, and as members cycle in and out of the group, its knowledgebase and skill set naturally shift. Its toolbox has now expanded to include: | Malware blog | Palo Alto |
| 24.5.25 | Iranian Cyber Actors Impersonate Model Agency in Suspected Espionage Operation | Unit 42 recently identified suspected covert Iranian infrastructure impersonating a German model agency. This infrastructure hosted a fraudulent website designed to mimic the authentic agency’s branding and content. | APT blog | Palo Alto |
| 24.5.25 | Lampion Is Back With ClickFix Lures | Unit 42 researchers recently uncovered a highly focused malicious campaign targeting dozens of Portuguese organizations, particularly in the government, finance and transportation sectors. This campaign was orchestrated by the threat actors behind Lampion malware, an infostealer that focuses on sensitive banking information. This malware family has been active since at least 2019. | Malware blog | Palo Alto |
| 24.5.25 | Stealthy .NET Malware: Hiding Malicious Payloads as Bitmap Resources | This article highlights a new obfuscation technique threat actors are using to hide malware through steganography within bitmap resources embedded in otherwise benign 32-bit .NET applications. Upon execution, these files kick off a multi-stage chain of extracting, deobfuscating, loading and executing secondary payloads (dynamic-link libraries), eventually detonating the final payload (executable). | Malware blog | Palo Alto |
| 24.5.25 | The Sting of Fake Kling: Facebook Malvertising Lures Victims to Fake AI Generation Website | In early 2025, Check Point Research (cp<r>) started tracking a threat campaign that abuses the growing popularity of AI content generation platforms by impersonating Kling AI, a legitimate AI-powered image and video synthesis tool. Promoted through Facebook advertisements, the campaign directs users to a convincing spoof of Kling AI’s website, where visitors are invited to create AI-generated images or videos directly in the browser. | AI blog | Checkpoint |
| 24.5.25 | Scarcity signals: Are rare activities red flags? | Talos analyzed six months of PowerShell network telemetry and found that rare domains are over three times more likely to be malicious compared to frequently contacted ones. | Cyber blog | CISCO TALOS |
| 24.5.25 | UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware | Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader. | Exploit blog | CISCO TALOS |
| 24.5.25 | Ghosted by a cybercriminal | Hazel observes that cybercriminals often fumble teamwork, with fragile alliances crumbling over missed messages. Plus, how UAT-6382 is exploiting Cityworks and what you can do to stay secure. | Cyber blog | CISCO TALOS |
| 24.5.25 | Duping Cloud Functions: An emerging serverless attack vector | Cisco Talos built on Tenable’s discovery of a Google Cloud Platform vulnerability to uncover how attackers could exploit similar techniques across AWS and Azure. | Exploit blog | CISCO TALOS |
| 24.5.25 | Xoxo to Prague | In this week’s newsletter, Thor inspects the LockBit leak, finding $10,000 “security tips,” ransom negotiations gone wrong and a rare glimpse into the human side of cybercrime. | Ransom blog | CISCO TALOS |
| 24.5.25 | Microsoft Patch Tuesday for May 2025 — Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for May of 2025 which includes 78 vulnerabilities affecting a range of products, including 11 that Microsoft marked as “critical”. Microsoft noted five vulnerabilities that have been observed to be exploited in the wild | OS Blog | CISCO TALOS |
| 24.5.25 | Defining a new methodology for modeling and tracking compartmentalized threats | How do you profile actors and defend your systems when multiple threat actors are working together? In Part 2, Cisco Talos proposes an extended Diamond Model to analyze complex relationships between attackers. | Security blog | CISCO TALOS |
| 24.5.25 | Danabot under the microscope | ESET Research has been tracking Danabot’s activity since 2018 as part of a global effort that resulted in a major disruption of the malware’s infrastructure | Malware blog | Eset |
| 24.5.25 | Danabot: Analyzing a fallen empire | Malware blog | Eset | |
| 24.5.25 | Lumma Stealer: Down for the count | The bustling cybercrime enterprise has been dealt a significant blow in a global operation that relied on the expertise of ESET and other technology companies | Malware blog | Eset |
| 24.5.25 | ESET takes part in global operation to disrupt Lumma Stealer | Our intense monitoring of tens of thousands of malicious samples helped this global disruption operation | Malware blog | Eset |
| 24.5.25 | The who, where, and how of APT attacks in Q4 2024–Q1 2025 | An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2024 and Q1 2025 | APT blog | Eset |
| 24.5.25 | ESET APT Activity Report Q4 2024–Q1 2025 | An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2024 and Q1 2025 | APT blog | Eset |
| 24.5.25 | Canary Exploit Tool for CVE-2025-30065 Apache Parquet Avro Vulnerability | Investigating a schema parsing concern in the parquet-avro module of Apache Parquet Java. | Vulnerebility blog | F5 |
| 24.5.25 | Copyright Phishing Lures Leading to Rhadamanthys Stealer Now Targeting Europe | Analysis of new Rhadamanthys infostealer campaign in Europe and malware breakdown | Malware blog | Cybereason |
| 24.5.25 | Genesis Market - Malicious Browser Extension | In this Threat Alert, Cybereason identifies a malware infection exhibiting similarities to a previous Genesis Market campaign. | Malware blog | Cybereason |
| 24.5.25 | The Windows Registry Adventure #7: Attack surface analysis | In the first three blog posts of this series, I sought to outline what the Windows Registry actually is, its role, history, and where to find further information about it. In the subsequent three posts, my goal was to describe in detail how this mechanism works internally – from the perspective of its clients (e.g., user-mode applications running on Windows), the regf format used to encode hives, and finally the kernel itself, which contains its canonical implementation. | OS Blog | Project Zero |
| 23.5.25 | Trojanized RVTools push Bumblebee malware in SEO poisoning campaign | The official website for the RVTools VMware management tool was taken offline in what appears to be a supply chain attack that distributed a trojanized installer to drop the Bumblebee malware loader on users' machines. | Virus | BleepingComputer |
| 23.5.25 | OpenAI plans to combine multiple models into GPT-5 | OpenAI is planning to combine multiple products (features or models) into its next foundational model, which is called GPT-5. | AI | BleepingComputer |
| 23.5.25 | Fake KeePass password manager leads to ESXi ransomware attack | Threat actors have been distributing trojanized versions of the KeePass password manager for at least eight months to install Cobalt Strike beacons, steal credentials, and ultimately, deploy ransomware on the breached network. | Ransom | BleepingComputer |
| 23.5.25 | O2 UK patches bug leaking mobile user location from call metadata | A flaw in O2 UK's implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target. | Vulnerebility | |
| 23.5.25 | Windows 10 emergency updates fix BitLocker recovery issues | Microsoft has released out-of-band updates to fix a known issue causing Windows 10 systems to boot into BitLocker recovery after installing the May 2025 security updates. | OS | |
| 23.5.25 | Arla Foods confirms cyberattack disrupts production, causes delays | Arla Foods has confirmed to BleepingComputer that it was targeted by a cyberattack that has disrupted its production operations. | Incindent | BleepingComputer |
| 23.5.25 | Microsoft unveils Windows AI Foundry for AI-powered PC apps | Microsoft is replacing 'Copilot Runtime' with Windows AI Foundry to help developers build, experiment, and reach users with AI experiences in their apps. | OS | BleepingComputer |
| 23.5.25 | Microsoft confirms new "Advanced" Settings for Windows 11 | At the Build 2025 developer conference, Microsoft announced a new 'Advanced Settings' feature to help users and developers personalize the OS experience. | OS | |
| 23.5.25 | Microsoft open-sources Windows Subsystem for Linux at Build 2025 | Microsoft has open-sourced the Windows Subsystem for Linux (WSL), making its source code available on GitHub, except for a few components that are part of Windows. | OS | |
| 23.5.25 | UK Legal Aid Agency confirms applicant data stolen in data breach | The United Kingdom's Legal Aid Agency (LAA) has confirmed that a recent cyberattack is more serious than first believed, with hackers stealing a large trove of sensitive applicant data in a data breach. | Incindent | BleepingComputer |
| 23.5.25 | Mozilla fixes Firefox zero-days exploited at hacking contest | Mozilla released emergency security updates to address two Firefox zero-day vulnerabilities demonstrated in the recent Pwn2Own Berlin 2025 hacking competition. | Exploit | |
| 23.5.25 | Hackers earn $1,078,750 for 28 zero-days at Pwn2Own Berlin | The Pwn2Own Berlin 2025 hacking competition has concluded, with security researchers earning $1,078,750 after exploiting 29 zero-day vulnerabilities and encountering some bug collisions. | Cyber | |
| 23.5.25 | ViciousTrap – Infiltrate, Control, Lure: Turning edge devices into honeypots en masse | In a previous blogpost, Sekoia’s Threat Detection & Research (TDR) team documented the exploitation of the CVE-2023-20118 vulnerability, which was used to deploy two distinct threats: a webshell and the PolarEdge malware. | Vulnerebility | SEKOIA |
| 23.5.25 | CrowdStrike Collaborates with U.S. Department of Justice on DanaBot Takedown | Sixteen defendants were federally charged in connection with the DanaBot malware scheme that infected computers worldwide | Virus | CROWDSTRIKE |
| 23.5.25 | Inside DanaBot’s Infrastructure: In Support of Operation Endgame II | DanaBot first emerged in 2018 as a banking trojan but has since evolved into a versatile and persistent threat. While it initially focused on financial credential theft, it is now used for a range of purposes including information stealing and establishing access for follow-on activity such as ransomware. | Virus | Lumen |
| 23.5.25 | Remote Prompt Injection in GitLab Duo Leads to Source Code Theft | GitLab Duo, the AI assistant integrated into GitLab and powered by Anthropic’s Claude, is designed to help developers with tasks like code suggestions, security reviews, and merge request analysis. But what if the same AI meant to secure your code could be manipulated into leaking it? | AI | LegitSecurity |
| 23.5.25 | Exploring PLeak: An Algorithmic Method for System Prompt Leakage | What is PLeak, and what are the risks associated with it? We explored this algorithmic technique and how it can be used to jailbreak LLMs, which could be leveraged by threat actors to manipulate systems and steal sensitive data. | AI | Trend Micro |
| 23.5.25 | ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices | Cybersecurity researchers have disclosed that a threat actor codenamed ViciousTrap has compromised nearly 5,300 unique network edge devices across 84 | Hack | The Hacker News |
| 23.5.25 | 300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide | As part of the latest "season" of Operation Endgame , a coalition of law enforcement agencies have taken down about 300 servers worldwide, neutralized 650 domains, | Ransom | The Hacker News |
| 23.5.25 | U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation | The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed | CyberCrime | The Hacker News |
| 23.5.25 | CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday revealed that Commvault is monitoring cyber threat activity targeting applications | Exploit | The Hacker News |
| 23.5.25 | GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts | Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to | AI | The Hacker News |
| 22.5.25 | Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks | A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble | Exploit | The Hacker News |
| 22.5.25 | China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile (CVE-2025-4428) Vulnerability | On Thursday, May 15, 2025, Ivanti disclosed two critical vulnerabilities - CVE-2025-4427 and CVE-2025-4428 - affecting Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier. [1] These vulnerabilities can be chained to achieve unauthenticated remote code execution (RCE) on exposed systems. | Exploit | EclectiIQ |
| 22.5.25 | Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise | A privilege escalation flaw has been demonstrated in Windows Server 2025 that makes it possible for attackers to compromise any user in Active Directory (AD). | OS | The Hacker News |
| 22.5.25 | Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks | A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexus threat actor to target a wide | Exploit | The Hacker News |
| 22.5.25 | Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise Host | Cybersecurity researchers have uncovered multiple critical security vulnerabilities impacting the Versa Concerto network security and SD-WAN orchestration platform | Vulnerebility | The Hacker News |
| 22.5.25 | FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million Infections | A sprawling operation undertaken by global law enforcement agencies and a consortium of private sector firms has disrupted the online infrastructure | BigBrothers | The Hacker News |
| 22.5.25 | Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics | Russian cyber threat actors have been attributed to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022. The | APT | The Hacker News |
| 21.5.25 | PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian Firms | Russian organizations have become the target of a phishing campaign that distributes malware called PureRAT, according to new findings from Kaspersky. | Virus | The Hacker News |
| 21.5.25 | Fake Kling AI Facebook Ads Deliver RAT Malware to Over 22 Million Potential Victims | Counterfeit Facebook pages and sponsored ads on the social media platform are being employed to direct users to fake websites masquerading as Kling AI with the | AI | The Hacker News |
| 21.5.25 | Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps | Cybersecurity researchers have discovered a new campaign that employs malicious JavaScript injections to redirect site visitors on mobile devices to a Chinese adult- | Attack | The Hacker News |
| 21.5.25 | Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager | Google has announced a new feature in its Chrome browser that lets its built-in Password Manager automatically change a user's password when it detects the | Security | The Hacker News |
| 20.5.25 | Cloudy with a Chance of Hijacking Forgotten DNS Records Enable Scam Actor | Hazy Hawk is a DNS-savvy threat actor that hijacks abandoned cloud resources of high-profile organizations. By “cloud resources” we mean things like S3 buckets and Azure endpoints. You might have read about domain hijacking; | Hack | Infoblox |
| 20.5.25 | Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery | A threat actor known as Hazy Hawk has been observed hijacking abandoned cloud resources of high-profile organizations, including Amazon S3 buckets and Microsoft | Exploit | The Hacker News |
| 20.5.25 | 100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads | An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign | Hack | |
| 20.5.25 | AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation | Cybersecurity researchers have discovered risky default identity and access management (IAM) roles impacting Amazon Web Services that could open the door | Exploit | The Hacker News |
| 20.5.25 | South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware | High-level government institutions in Sri Lanka, Bangladesh, and Pakistan have emerged as the target of a new campaign orchestrated by a threat actor known as | APT | The Hacker News |
| 20.5.25 | Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization | Threat hunters have exposed the tactics of a China-aligned threat actor called UnsolicitedBooker that targeted an unnamed international organization in Saudi | Virus | The Hacker News |
| 20.5.25 | Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse | Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that's targeting publicly accessible Redis servers. The malicious activity | Virus | The Hacker News |
| 20.5.25 | Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts | Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen | Exploit | |
| 20.5.25 | RVTools Official Site Hacked to Deliver Bumblebee Malware via Trojanized Installer | The official site for RVTools has been hacked to serve a compromised installer for the popular VMware environment reporting utility. "Robware.net and RVTools.com | Virus | The Hacker News |
| 20.5.25 | Ransomware Gangs Use Skitnet Malware for Stealthy Data Theft and Remote Access | Several ransomware actors are using a malware called Skitnet as part of their post-exploitation efforts to steal sensitive data and establish remote control over | Ransom | The Hacker News |
| 20.5.25 | Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards | Mozilla has released security updates to address two critical security flaws in its Firefox browser that could be potentially exploited to access sensitive data or | Exploit | The Hacker News |
| 18.5.25 | New 'Defendnot' tool tricks Windows into disabling Microsoft Defender | A new tool called 'Defendnot' can disable Microsoft Defender on Windows devices by registering a fake antivirus product, even when no real AV is installed. | Hack | BleepingComputer |
| 18.5.25 | Microsoft confirms May Windows 10 updates trigger BitLocker recovery | Microsoft has confirmed that some Windows 10 and Windows 10 Enterprise LTSC 2021 systems will boot into BitLocker recovery after installing the May 2025 security updates. | OS | BleepingComputer |
| 18.5.25 | Israel arrests new suspect behind Nomad Bridge $190M crypto hack | An American-Israeli national namedAlexander Gurevich has been arrested in Israel for his alleged involvement in exploiting the Nomad bridge smart-contract in August 2022 that allowed hackers to siphon $190 million. | Cryptocurrency | BleepingComputer |
| 18.5.25 | ChatGPT rolls out Codex, an AI tool for software programming | OpenAI is rolling out 'Codex' for ChatGPT, which is an AI agent that automates and delegates programming tasks for software engineers. | AI | |
| 18.5.25 | Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own | During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. | Cyber | |
| 18.5.25 | Printer maker Procolored offered malware-laced drivers for months | For at least half a year, the official software supplied with Procolored printers included malware in the form of a remote access trojan and a cryptocurrency stealer. | Virus | BleepingComputer |
| 18.5.25 | Ransomware gangs increasingly use Skitnet post-exploitation malware | Ransomware gang members increasingly use a new malware called Skitnet ("Bossnet") to perform stealthy post-exploitation activities on breached networks. | Ransom | BleepingComputer |
| 18.5.25 | US charges 12 more suspects linked to $230 million crypto theft | Twelve more suspects were charged in a RICO conspiracy for their alleged involvement in the theft of over $230 million in cryptocurrency and laundering the funds using crypto exchanges and mixing services. | Cryptocurrency | |
| 18.5.25 | CISA tags recently patched Chrome bug as actively exploited | On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser. | Exploit | |
| 18.5.25 | Leak confirms OpenAI's ChatGPT will integrate MCP | ChatGPT is testing support for Model Context Protocol (MCP), which will allow the AI to connect to third-party services and use them as context. | AI | |
| 18.5.25 | ChatGPT will soon record, transcribe, and summarize your meetings | OpenAI may be planning to challenge Microsoft Teams Copilot integration with a new "Record" feature in ChatGPT. | AI | |
| 18.5.25 | Windows 10 KB5058379 update triggers BitLocker recovery on some devices | The Windows 10 KB5058379 cumulative update is triggering unexpected BitLocker recovery prompts on some devices afters it's installed and the computer restarted. | OS | BleepingComputer |
| 18.5.25 | Government webmail hacked via XSS bugs in global spy campaign | Hackers are running a worldwide cyberespionage campaign dubbed 'RoundPress,' leveraging zero-day and n-day flaws in webmail servers to steal email from high-value government organizations. | APT | BleepingComputer |
| 18.5.25 | FBI: US officials targeted in voice deepfake attacks since April | The FBI warned that cybercriminals using AI-generated audio deepfakes to target U.S. officials in voice phishing attacks that started in April. | AI | BleepingComputer |
| 18.5.25 | Nova Scotia Power confirms hackers stole customer data in cyberattack | Nova Scotia Power confirms it suffered a data breach after threat actors stole sensitive customer data in a cybersecurity incident discovered last month. | Incindent | BleepingComputer |
| 18.5.25 | Windows 11 and Red Hat Linux hacked on first day of Pwn2Own | On the first day of Pwn2Own Berlin 2025, security researchers were awarded $260,000 after successfully demonstrating zero-day exploits for Windows 11, Red Hat Linux, Docker Desktop, and Oracle VirtualBox. | Cyber | BleepingComputer |
| 18.5.25 | New Tor Oniux tool anonymizes any Linux app's network traffic | Tor has announced Oniux, a new command-line tool for routing any Linux application securely through the Tor network for anonymized network connections. | Safety | |
| 18.5.25 | Malicious NPM package uses Unicode steganography to evade detection | A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location. | Virus | |
| 18.5.25 | Coinbase data breach exposes customer info and government IDs | Coinbase, a cryptocurrency exchange with over 100 million customers, has disclosed that cybercriminals working with rogue support agents stole customer data and demanded a $20 million ransom not to publish the stolen information. | Cryptocurrency | BleepingComputer |
| 18.5.25 | Google fixes high severity Chrome flaw with public exploit | Google has released emergency security updates to patch a high-severity Chrome vulnerability that has a public exploit and can let attackers hijack accounts. | Exploit | BleepingComputer |
| 18.5.25 | Google Chrome to block admin-level browser launches for better security | Google is rolling out a change to Chromium that "de-elevates" Google Chrome so it does not run as an administrator to increase security in Windows. | Security | |
| 18.5.25 | Hackers behind UK retail attacks now targeting US companies | Google warned today that hackers using Scattered Spider tactics against retail chains in the United Kingdom have also started targeting retailers in the United States. | CyberCrime | |
| 18.5.25 | Ransomware gangs join ongoing SAP NetWeaver attacks | Ransomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers. | Ransom | BleepingComputer |
| 18.5.25 | Australian Human Rights Commission leaks docs to search engines | The Australian Human Rights Commission (AHRC) disclosed a data breach incident where private documents leaked online and were indexed by major search engines. | Security | BleepingComputer |
| 18.5.25 | Microsoft fixes Linux boot issues on dual-boot Windows systems | Microsoft has fixed a known issue preventing Linux from booting on dual-boot systems with Secure Boot enabled after installing the August 2024 Windows security updates. | OS | |
| 17.5.25 | Steel giant Nucor Corporation facing disruptions after cyberattack | A cybersecurity incident on Nucor Corporation's systems forced the company to take offline parts of its networks and implement containment measures. | Cyber | |
| 17.5.25 | Focused Phishing: Attack Targets Victims With Trusted Sites and Live Validation | New phishing tactics are abusing trusted domains, real CAPTCHAs, and server-side email validation to selectively target victims with customized fake login pages. Keep Aware's latest research breaks down the full attack chain and how these zero-day phish operate. | Phishing | BleepingComputer |
| 17.5.25 | Fashion giant Dior discloses cyberattack, warns of data breach | House of Dior, the French luxury fashion brand commonly referred to as Dior, has disclosed a cybersecurity incident that has exposed customer information. | Incindent | BleepingComputer |
| 17.5.25 | Kosovo extradites BlackDB admin to face US cybercrime charges | A Kosovo national has been extradited to the United States to face charges of running an online cybercrime marketplace active since 2018. | CyberCrime | BleepingComputer |
| 17.5.25 | SAP patches second zero-day flaw exploited in recent attacks | SAP has released patches to address a second vulnerability exploited in recent attacks targeting SAP NetWeaver servers as a zero-day. | Vulnerebility | BleepingComputer |
| 17.5.25 | North Korea ramps up cyberspying in Ukraine to assess war risk | The state-backed North Korean threat group Konni (Opal Sleet, TA406) was observed targeting Ukrainian government entities in intelligence collection operations. | APT | BleepingComputer |
| 17.5.25 | Twilio denies breach following leak of alleged Steam 2FA codes | Twilio has denied in a statement for BleepingComputer that it was breached after a threat actor claimed to be holding over 89 million Steam user records with one-time access codes | Incindent | |
| 17.5.25 | Ivanti fixes EPMM zero-days chained in code execution attacks | Ivanti warned customers today to patch their Ivanti Endpoint Manager Mobile (EPMM) software against two security vulnerabilities chained in attacks to gain remote code execution. | Exploit | |
| 17.5.25 | Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws | Today is Microsoft's May 2025 Patch Tuesday, which includes security updates for 72 flaws, including five actively exploited and two publicly disclosed zero-day vulnerabilities. | OS | BleepingComputer |
| 17.5.25 | Windows 11 KB5058411 and KB5058405 cumulative updates released | Microsoft has released Windows 11 KB5058411 and KB5058405 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. | OS | BleepingComputer |
| 17.5.25 | Android 16 expands 'Advanced Protection' with device-level security | Google is announcing improvements for the Advanced Protection feature in Android 16 that strengthen defenses against sophisticated spyware attacks. | OS | |
| 17.5.25 | Windows 10 KB5058379 update fixes SgrmBroker errors in Event Viewer | Microsoft has released the KB5058379 cumulative update for Windows 10 22H2 and Windows 10 21H2, with four fixes and changes, including one for an SGRMBroker bug. | OS | |
| 17.5.25 | Fortinet fixes critical zero-day exploited in FortiVoice attacks | Fortinet released security updates to patch a critical remote code execution vulnerability exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. | Vulnerebility | BleepingComputer |
| 17.5.25 | Ivanti warns of critical Neurons for ITSM auth bypass flaw | Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability. | Vulnerebility | BleepingComputer |
| 17.5.25 | Ransomware Roundup – VanHelsing | The VanHelsing ransomware was first identified in March 2025 and uses TOR sites for ransom negotiations and data leaks. | Ransom blog | FOTINET |
| 17.5.25 | Horabot Unleashed: A Stealthy Phishing Threat | FortiGuard Labs observed a phishing campaign "Horabot" resurfacing with a sophisticated multi-stage attack, blending phishing, credential theft, and propagation. | Phishing blog | FOTINET |
| 17.5.25 | APT GROUP123 | Group123 is a North Korean state-sponsored advanced persistent threat (APT) group active since at least 2012. | APT blog | Cyfirma |
| 17.5.25 | APT PROFILE : Transparent Tribe aka APT36 | APT36, also known as Transparent Tribe, is a Pakistan-based advanced persistent threat (APT) group active since at least 2013. | APT blog | Cyfirma |
| 17.5.25 | Earth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan | Trend™ Research discusses the evolving tradecraft of threat actor Earth Ammit, proven by the advanced toolset used in its TIDRONE and VENOM campaigns that targeted the drone supply chain. | APT blog | Trend Micro |
| 17.5.25 | Trend Micro Puts a Spotlight on AI at Pwn2Own Berlin | Get a sneak peak into how Trend Micro's Pwn2Own Berlin 2025 is breaking new ground, focusing on AI infrastructure and finding the bugs to proactively safeguard the future of computing. | AI blog | Trend Micro |
| 17.5.25 | Microsoft Security Bulletin Coverage for May 2025 | Microsoft’s May 2025 Patch Tuesday has 76 vulnerabilities, 28 of which are Remote Code Execution. The SonicWall Capture Labs' threat research team has analyzed and addressed Microsoft’s security advisories for the month of May 2025 and has produced coverage for 11 of the reported vulnerabilities. | OS Blog | SonicWall |
| 17.5.25 | LCRYX Ransomware Utilizes Weak Encryption, Demands $500 Bitcoin Payment | The SonicWall Capture Labs threat research team has recently been tracking LCRYX ransomware. LCRYX is a VBScript-based ransomware strain that first emerged in November 2024 and reappeared in February 2025 with enhanced capabilities. It specifically targets Windows systems, employing a combination of Caesar cipher and XOR encryption to lock files before demanding a $500 ransom in Bitcoin for decryption. While it made its resurgence in February, it is still being seen in the wild today. | Ransom blog | SonicWall |
| 17.5.25 | DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt | In January 2025, Unit 42 researchers identified a series of attacks distributing DarkCloud Stealer. The latest attack chain incorporated AutoIt to evade detection and used a file-sharing server to host the malware. This article explores the chain of events from these recent campaigns and analyzes the characteristics of these attacks. | Malware blog | Palo Alto |
| 17.5.25 | Threat Brief: CVE-2025-31324 | On April 24, 2025, SAP disclosed CVE-2025-31324, a critical vulnerability with a CVSS score of 10.0 affecting the SAP NetWeaver's Visual Composer Framework, version 7.50. This threat brief shares a brief overview of the vulnerability and our analysis, and also includes details of what we’ve observed through our incident response services and telemetry. | Vulnerebility blog | Palo Alto |
| 17.5.25 | Stealthy .NET Malware: Hiding Malicious Payloads as Bitmap Resources | This article highlights a new obfuscation technique threat actors are using to hide malware through steganography within bitmap resources embedded in otherwise benign 32-bit .NET applications. Upon execution, these files kick off a multi-stage chain of extracting, deobfuscating, loading and executing secondary payloads (dynamic-link libraries), eventually detonating the final payload (executable). | Malware blog | Palo Alto |
| 17.5.25 | Iranian Cyber Actors Impersonate Model Agency in Suspected Espionage Operation | Unit 42 recently identified suspected covert Iranian infrastructure impersonating a German model agency. This infrastructure hosted a fraudulent website designed to mimic the authentic agency’s branding and content. | APT blog | Palo Alto |
| 17.5.25 | Redefining IABs: Impacts of compartmentalization on threat tracking and modeling | Threat actors are teaming up, splitting attacks into stages and making defense harder than ever. In Part 1, Cisco Talos examines their tactics and defines their motivations. | Cyber blog | CISCO TALOS |
| 17.5.25 | Defining a new methodology for modeling and tracking compartmentalized threats | How do you profile actors and defend your systems when multiple threat actors are working together? In Part 2, Cisco Talos proposes an extended Diamond Model to analyze complex relationships between attackers. | Hacking blog | CISCO TALOS |
| 17.5.25 | Spam campaign targeting Brazil abuses Remote Monitoring and Management tools | A new spam campaign is targeting Brazilian users with a clever twist — abusing the free trial period of trusted remote monitoring tools and the country’s electronic invoice system to spread malicious agents. | Spam blog | CISCO TALOS |
| 17.5.25 | Microsoft Patch Tuesday for May 2025 — Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for May of 2025 which includes 78 vulnerabilities affecting a range of products, including 11 that Microsoft marked as “critical”. Microsoft noted five vulnerabilities that have been observed to be exploited in the wild. CVE-2 | OS Blog | CISCO TALOS |
| 17.5.25 | Understanding the challenges of securing an NGO | Joe talks about how helping the helpers can put a fire in you and the importance of keeping nonprofits cybersecure. | Cyber blog | CISCO TALOS |
| 17.5.25 | Sednit abuses XSS flaws to hit gov't entities, defense companies | Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU | Vulnerebility blog | Eset |
| 17.5.25 | Operation RoundPress | Cyber blog | Eset | |
| 17.5.25 | How can we counter online disinformation? | Unlocked 403 cybersecurity podcast (S2E2) | Ever wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and how we can fight one of the most pressing challenges facing our digital world. | Cyber blog | Eset |
| 17.5.25 | Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages | Every second, highly-privileged MacOS system daemons accept and process hundreds of IPC messages. In some cases, these message handlers accept data from sandboxed or unprivileged processes. | OS Blog | Project Zero |
| 16.5.25 | New Intel CPU flaws leak sensitive data from privileged memory | A new "Branch Privilege Injection" flaw in all modern Intel CPUs allows attackers to leak sensitive data from memory regions allocated to privileged software like the operating system kernel. | Vulnerebility | BleepingComputer |
| 16.5.25 | Microsoft will update Office apps on Windows 10 until 2028 | Microsoft has backtracked on its plan to end support for Office apps on Windows 10 later this year and announced that it will continue providing security updates for three more years, until 2028. | OS | BleepingComputer |
| 16.5.25 | Increase Red Team Operations 10X with Adversarial Exposure Validation | Red teams uncover what others miss — but they can't be everywhere, all the time. Adversarial Exposure Validation combines BAS + Automated Pentesting to extend red team impact, uncover real attack paths, and validate defenses continuously. Learn more from Picus Security on how AEV can help protect your network. | Cyber | BleepingComputer |
| 16.5.25 | M&S says customer data stolen in cyberattack, forces password resets | Marks and Spencer (M&S) confirms that customer data was stolen in a cyberattack last month, when ransomware was used to encrypt servers. | Incindent | |
| 16.5.25 | ASUS DriverHub flaw let malicious sites run commands with admin rights | The ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed. | Vulnerebility | |
| 16.5.25 | Windows 11 upgrade block lifted after Safe Exam Browser fix | Microsoft has removed an upgrade block that prevented some Safe Exam Browser users from installing the Windows 11 2024 Update due to incompatibility issues. | OS | BleepingComputer |
| 16.5.25 | Hackers now testing ClickFix attacks against Linux targets | A new campaign employing ClickFix attacks has been spotted targeting both Windows and Linux systems using instructions that make infections on either operating system possible. | Virus | BleepingComputer |
| 16.5.25 | Output Messenger flaw exploited as zero-day in espionage attacks | A Türkiye-backed cyberespionage group exploited a zero-day vulnerability to attack Output Messenger users linked to the Kurdish military in Iraq. | Exploit | BleepingComputer |
| 16.5.25 | Moldova arrests suspect linked to DoppelPaymer ransomware attacks | Moldovan authorities have detained a 45-year-old suspect linked to DoppelPaymer ransomware attacks targeting Dutch organizations in 2021. | CyberCrime | BleepingComputer |
| 16.5.25 | Google to pay $1.375 billion to settle Texas data privacy violations | Google has agreed to a $1.375 billion settlement with the state of Texas over a 2022 lawsuit that alleged it had been collecting and using biometric data of millions of Texans without properly acquiring their consent. | Security | BleepingComputer |
| 16.5.25 | Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals | 99% of enterprise users have browser extensions but over half carry high-risk permissions. LayerX's 2025 report reveals how everyday extensions expose sensitive data, and what security teams must do now. | Security | |
| 16.5.25 | Bluetooth 6.1 enhances privacy with randomized RPA timing | The Bluetooth Special Interest Group (SIG) has announced Bluetooth Core Specification 6.1, bringing important improvements to the popular wireless communication protocol. | Security | |
| 16.5.25 | ChatGPT is finally adding Download as PDF for Deep Research | ChatGPT's Deep Research, which allows you to conduct multi-step research for complex tasks, is finally getting an option to save the report as a PDF. | AI | BleepingComputer |
| 16.5.25 | iClicker site hack targeted students with malware via fake CAPTCHA | The website of iClicker, a popular student engagement platform, was compromised in a ClickFix attack that used a fake CAPTCHA prompt to trick students and instructors into installing malware on their devices. | Virus | BleepingComputer |
| 16.5.25 | Fake AI video generators drop new Noodlophile infostealer malware | Fake AI-powered video generation tools are being used to distribute a new information-stealing malware family called 'Noodlophile,' under the guise of generated media content. | AI | BleepingComputer |
| 16.5.25 | Ascension says recent data breach affects over 430,000 patients | Ascension, one of the largest private healthcare systems in the United States, has revealed that the personal and healthcare information of over 430,000 patients was exposed in a data breach disclosed last month. | Incindent | BleepingComputer |
| 16.5.25 | Google Chrome to use on-device AI to detect tech support scams | Google is implementing a new Chrome security feature that uses the built-in 'Gemini Nano' large-language model (LLM) to detect and block tech support scams while browsing the web. | AI | BleepingComputer |
| 16.5.25 | Police dismantles botnet selling hacked routers as residential proxies | Law enforcement authorities have dismantled a botnet that infected thousands of routers over the last 20 years to build two networks of residential proxies known as Anyproxy and 5socks. | CyberCrime | |
| 16.5.25 | Chinese hackers behind attacks targeting SAP NetWeaver servers | Forescout Vedere Labs security researchers have linked ongoing attacks targeting a maximum severity vulnerability impacting SAP NetWeaver instances to a Chinese threat actor. | Hack | |
| 16.5.25 | Germany takes down eXch cryptocurrency exchange, seizes servers | The Federal police in Germany (BKA) seized the server infrastructure and shut down the 'eXch' cryptocurrency exchange platform for alleged money laundering cybercrime proceeds. | Cryptocurrency | BleepingComputer |
| 16.5.25 | FBI: End-of-life routers hacked for cybercrime proxy networks | The FBI warns that threat actors are deploying malware on end-of-life (EoL) routers to convert them into proxies sold on the 5Socks and Anyproxy networks. | CyberCrime | BleepingComputer |
| 16.5.25 | Cisco fixes max severity IOS XE flaw letting attackers hijack devices | Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices. | Vulnerebility | BleepingComputer |
| 16.5.25 | Education giant Pearson hit by cyberattack exposing customer data | Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned. | Incindent | BleepingComputer |
| 16.5.25 | Supply chain attack hits npm package with 45,000 weekly downloads | An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user's system. | Hack | BleepingComputer |
| 16.5.25 | Malicious PyPi package hides RAT malware, targets Discord devs since 2022 | A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years. | Virus | |
| 16.5.25 | Kickidler employee monitoring software abused in ransomware attacks | Ransomware operations are using legitimate Kickidler employee monitoring software for reconnaissance, tracking their victims' activity, and harvesting credentials after breaching their networks. | Ransom | |
| 16.5.25 | VC giant Insight Partners confirms investor data stolen in breach | Venture capital firm Insight Partners has confirmed that sensitive data for employees and limited partners was stolen in a January 2025 cyberattack. | Incindent | BleepingComputer |
| 16.5.25 | New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors | Cybersecurity researchers are calling attention to a new botnet malware called HTTPBot that has been used to primarily single out the gaming industry, as well as | BotNet | The Hacker News |
| 16.5.25 | Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks | Researchers at ETH Zürich have discovered yet another security flaw that they say impacts all modern Intel CPUs and causes them to leak sensitive data from | Vulnerebility | |
| 16.5.25 | Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks | Cybersecurity researchers have shed light on a new malware campaign that makes use of a PowerShell-based shellcode loader to deploy a remote access trojan called | Virus | The Hacker News |
| 16.5.25 | Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit | Austrian privacy non-profit noyb (none of your business) has sent Meta's Irish headquarters a cease-and-desist letter, threatening the company with a class action | Social | The Hacker News |
| 16.5.25 | Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails | Cryptocurrency exchange Coinbase has disclosed that unknown cyber actors broke into its systems and stole account data for a small subset of its customers. | Cryptocurrency | The Hacker News |
| 15.5.25 | New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy | Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the | Exploit | The Hacker News |
| 15.5.25 | Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers | A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via | APT | |
| 15.5.25 | Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper | Cybersecurity researchers have discovered a malicious package named "os-info-checker-es6" that disguises itself as an operating system information utility to | Virus | The Hacker News |
| 15.5.25 | Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit | Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, | Vulnerebility | The Hacker News |
| 15.5.25 | BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan | At least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver tracked as CVE-2025- | Ransom | The Hacker News |
| 15.5.25 | Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering | A Chinese-language, Telegram-based marketplace called Xinbi Guarantee has facilitated no less than $8.4 billion in transactions since 2022, making it the second | Cryptocurrency | The Hacker News |
| 15.5.25 | CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users | A new global phishing threat called " Meta Mirage " has been uncovered, targeting businesses using Meta's Business Suite. This campaign specifically aims at | Phishing | The Hacker News |
| 14.5.25 | Earth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan | Trend™ Research discusses the evolving tradecraft of threat actor Earth Ammit, proven by the advanced toolset used in its TIDRONE and VENOM campaigns that targeted the drone supply chain. | APT | Trend Micro |
| 14.5.25 | Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns | A cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to 2024 targeting various entities in Taiwan and | APT | The Hacker News |
| 14.5.25 | Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails | Cybersecurity researchers have discovered a new phishing campaign that's being used to distribute malware called Horabot targeting Windows users in Latin | Virus | |
| 14.5.25 | Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server | Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active | Vulnerebility | The Hacker News |
| 14.5.25 | Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems | Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The vulnerability, | Vulnerebility | The Hacker News |
| 14.5.25 | Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks | Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained in attacks to gain remote | Vulnerebility | The Hacker News |
| 14.5.25 | China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide | A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure | APT | The Hacker News |
| 14.5.25 | Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads | Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the | Virus | |
| 13.5.25 | North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress | The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat | APT | The Hacker News |
| 13.5.25 | Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency | Moldovan law enforcement authorities have arrested a 45-year-old foreign man suspected of involvement in a series of ransomware attacks targeting Dutch | CyberCrime | The Hacker News |
| 13.5.25 | Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers | A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber | Vulnerebility | The Hacker News |
| 13.5.25 | ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files | ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the | Vulnerebility | The Hacker News |
| 13.5.25 | Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures | Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware | AI | The Hacker News |
| 11.5.25 | Google links new LostKeys data theft malware to Russian cyberspies | Since the start of the year, the Russian state-backed ColdRiver hacking group has been using new LostKeys malware to steal files in espionage attacks targeting Western governments, journalists, think tanks, and non-governmental organizations. | Virus | BleepingComputer |
| 11.5.25 | SonicWall urges admins to patch VPN flaw exploited in attacks | SonicWall has urged its customers to patch three security vulnerabilities affecting its Secure Mobile Access (SMA) appliances, one of them tagged as exploited in attacks | Exploit | BleepingComputer |
| 11.5.25 | LockBit ransomware gang hacked, victim negotiations exposed | The LockBit ransomware gang has suffered a data breach after its dark web affiliate panels were defaced and replaced with a message linking to a MySQL database dump. | Ransom | BleepingComputer |
| 11.5.25 | PowerSchool hacker now extorting individual school districts | PowerSchool is warning that the hacker behind its December cyberattack is now individually extorting schools, threatening to release the previously stolen student and teacher data if a ransom is not paid. | Ransom | |
| 11.5.25 | CoGUI phishing platform sent 580 million emails to steal credentials | A new phishing kit named 'CoGUI' sent over 580 million emails to targets between January and April 2025, aiming to steal account credentials and payment data. | Phishing | |
| 11.5.25 | Hackers exploit OttoKit WordPress plugin flaw to add admin accounts | Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites. | Exploit | BleepingComputer |
| 11.5.25 | Play ransomware exploited Windows logging flaw in zero-day attacks | The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems. | Exploit | BleepingComputer |
| 11.5.25 | NSO Group fined $167M for spyware attacks on 1,400 WhatsApp users | A U.S. federal jury has ordered Israeli spyware vendor NSO Group to pay WhatsApp $167,254,000 in punitive damages and $444,719 in compensatory damages for a 2019 campaign that targeted 1,400 users of the communication app. | Social | BleepingComputer |
| 11.5.25 | Doubling down: How Universal 2nd Factor (U2F) boosts online security | Passwords alone aren't cutting it—31% of breaches involve stolen credentials. Learn from Specops Software about how Universal 2nd Factor (U2F) and strong password policies can work together to keep your organization secure. | Safety | BleepingComputer |
| 11.5.25 | Medical device maker Masimo warns of cyberattack, manufacturing delays | Medical device company Masimo Corporation warns that a cyberattack is impacting production operations and causing delays in fulfilling customers' orders. | Security | |
| 11.5.25 | CISA warns of hackers targeting critical oil infrastructure | CISA warned critical infrastructure organizations of "unsophisticated" threat actors actively targeting the U.S. oil and natural gas sectors. | BigBrothers | |
| 11.5.25 | Police takes down six DDoS-for-hire services, arrests admins | Polish authorities have detained four suspects linked to six DDoS-for-hire platforms, believed to have facilitated thousands of attacks targeting schools, government services, businesses, and gaming platforms worldwide since 2022. | CyberCrime | BleepingComputer |
| 11.5.25 | Microsoft: April updates cause Windows Server auth issues | Microsoft says the April 2025 security updates are causing authentication issues on some Windows Server 2025 domain controllers. | Vulnerebility | BleepingComputer |
| 11.5.25 | Apache Parquet exploit tool detect servers vulnerable to critical flaw | A proof-of-concept exploit tool has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers. | Vulnerebility | BleepingComputer |
| 11.5.25 | Samsung MagicINFO 9 Server RCE flaw now exploited in attacks | Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware. | Exploit | |
| 11.5.25 | UK Legal Aid Agency investigates cybersecurity incident | The Legal Aid Agency (LAA), an executive agency of the UK's Ministry of Justice that oversees billions in legal funding, warned law firms of a security incident and said the attackers might have accessed financial information. | Incindent | |
| 11.5.25 | Critical Langflow RCE flaw exploited to hack AI app servers | The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible. | AI | BleepingComputer |
| 11.5.25 | New Microsoft 365 outage impacts Teams and other services | Microsoft is investigating a new Microsoft 365 outage affecting multiple services across North America, including the company's Teams collaboration platform. | Security | BleepingComputer |
| 10.5.25 | Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection | Google has agreed to pay the U.S. state of Texas nearly $1.4 billion to settle two lawsuits that accused the company of tracking users' personal location and | BigBrothers | BleepingComputer |
| 10.5.25 | Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data | Germany's Federal Criminal Police Office (aka Bundeskriminalamt or BKA) has seized the online infrastructure and shutdown linked to the eXch cryptocurrency | Cryptocurrency | |
| 10.5.25 | BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. - Dutch Operation | A joint law enforcement operation undertaken by Dutch and U.S. authorities has dismantled a criminal proxy network that's powered by thousands of infected | BotNet | The Hacker News |
| 10.5.25 | OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities | The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called | APT | The Hacker News |
| 10.5.25 | Multilayered Email Attack: How a PDF Invoice and Geo-Fencing Led to RAT Malware | FortiGuard Labs highlights a malware campaign's increasing sophistication of attack methodologies, leveraging the legitimate functionalities of remote administration tools for malicious purposes. | Attack blog | FOTINET |
| 10.5.25 | FortiGuard Incident Response Team Detects Intrusion into Middle East Critical National Infrastructure | The FortiGuard Incident Response (FGIR) team recently investigated a long-term cyber intrusion targeting critical national infrastructure (CNI) in the Middle East, attributed to an Iranian state-sponsored threat group. | Incident blog | FOTINET |
| 10.5.25 | New Finance Scam Discovered Abusing Niche X/Twitter Advertising Loophole | Silent Push Threat Analysts have uncovered a new finance scam exploiting an X/Twitter advertising display URL feature to spoof “cnn[.]com” while directing visitors to a crypto scam website impersonating Apple’s brand. | Social blog | Silent Push |
| 10.5.25 | How To Defend Against Threats With A Cyber Early Warning System | Security teams are constantly on the lookout for hidden threat infrastructure that isn’t already widely known, and doesn’t appear on anyone’s radar. This usually involves analyzing a significant amount of alert data and hunting for emerging domains and IPs that are in the process of being setup, across linked malicious hosting clusters. | Cyber blog | Silent Push |
| 10.5.25 | India Experiences Surge in Hacktivist Group Activity Amid Military Tensions | 40+ hacktivist groups united in cyberattacks against India after a terror attack in the Indian state... | Hacking blog | Cyble |
| 10.5.25 | Ransomware Attacks April 2025: Qilin Emerges from Chaos | Global ransomware attacks in April 2025 declined to 450 from 564 in March – the lowest level since November... | Ransom blog | Cyble |
| 10.5.25 | PupkinStealer : A .NET-Based Info-Stealer | Executive Summary At CYFIRMA, we are committed to delivering timely insights into active cyber threats and the techniques used by malicious actors to target individuals and | Malware blog | Cyfirma |
| 10.5.25 | Tracking Ransomware : April 2025 | EXECUTIVE SUMMARY April 2025 witnessed a decline in ransomware incidents, with 470 reported victims worldwide. Qilin remained the dominant group, while newer actors like | Ransom blog | Cyfirma |
| 10.5.25 | EXPLAINER : THE ALGERIA / MOROCCO TENSIONS | EXECUTIVE SUMMARY Since Algeria severed diplomatic ties with Morocco in 2021, tensions between the two neighbors have largely remained confined to the diplomatic arena. However, | BigBrother blog | Cyfirma |
| 10.5.25 | Fortnightly Vulnerability Summary | Fortnightly Vulnerability Summary CHECK OUT THESE FAST FACTS ON FORTNIGHTLY OBSERVED VULNERABILITIES. Fortnight's Most Impacted Products Linux | D-Link | Totolink Fortnightly | Vulnerebility blog | Cyfirma |
| 10.5.25 | Gunra Ransomware – A Brief Analysis | Executive Summary At CYFIRMA, we are committed to delivering timely insights into emerging cyber threats and the evolving tactics of cybercriminals targeting individuals and | Ransom blog | Cyfirma |
| 10.5.25 | Threat Actors are Targeting US Tax-Session with new Tactics of Stealerium-infostealer | Introduction A security researcher from Seqrite Labs has uncovered a malicious campaign targeting U.S. citizens as Tax Day approaches on April 15. Seqrite Labs has identified multiple phishing attacks leveraging tax-related themes as a vector for social engineering, aiming... | Malware blog | Seqrite |
| 10.5.25 | What Is the Goal of an Insider Threat Program? | Insider risk is one of the biggest cybersecurity threats that businesses face today. Insiders include employees, contractors or business partners with legitimate access to a company’s network, systems or data. Some misuse their access intentionally, while others make mistakes or fall victim to cybercriminals. | Cyber blog | PROOFPOINT |
| 10.5.25 | CoGUI Phish Kit Targets Japan with Millions of Messages | Proofpoint has observed a notable increase in high-volume Japanese language campaigns targeting organizations in Japan to deliver a phishing kit that Proofpoint researchers refer to as CoGUI. Most of the observed campaigns abuse popular consumer or payment brands in phishing lures, including Amazon, PayPay, Rakuten, and others. | Phishing blog | PROOFPOINT |
| 10.5.25 | Email Attacks Drive Record Cybercrime Losses in 2024 | The FBI’s Internet Crime Complaint Center (IC3) has released its 2024 Internet Crime Report. And it has revealed a record-breaking surge in cybercrime losses across the United States. Last year, total losses reached $16.6 billion, which is a 33% increase from the previous year. | Cyber blog | PROOFPOINT |
| 10.5.25 | Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape | Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared our findings with Apple and a fix was released for this vulnerability, now identified as CVE-2025-31191. We encourage macOS users to apply security updates as soon as possible. | Vulnerebility blog | Microsoft blog |
| 10.5.25 | Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal | During our monitoring of Agenda ransomware activities, we uncovered campaigns that made use of the SmokeLoader malware and a new loader we've named NETXLOADER. | Ransom blog | Trend Micro |
| 10.5.25 | Exploring PLeak: An Algorithmic Method for System Prompt Leakage | What is PLeak, and what are the risks associated with it? We explored this algorithmic technique and how it can be used to jailbreak LLMs, which could be leveraged by threat actors to manipulate systems and steal sensitive data. | AI blog | Trend Micro |
| 10.5.25 | NetSupport RAT Malware Spied in Ukraine | This week, the SonicWall Capture Labs threat research team analyzed a sample of NetSupport RAT malware. OSINT shows that this malware has been regularly seen in Ukraine and Poland as of mid- to late-2024. | Malware blog | Palo Alto |
| 10.5.25 | CraftCMS Vulnerability Exposes Systems to Pre-Auth RCE, Now Exploited in the Wild (CVE-2025-32432) | The SonicWall Capture Labs threat research team became aware of a pre-authentication vulnerability in CraftCMS's asset transform generation feature, assessed its impact and developed mitigation measures. | Vulnerebility blog | Palo Alto |
| 10.5.25 | AI Agents Are Here. So Are the Threats. | Agentic applications are programs that leverage AI agents — software designed to autonomously collect data and take actions toward specific objectives — to drive their functionality. | AI blog | Palo Alto |
| 10.5.25 | Lampion Is Back With ClickFix Lures | Unit 42 researchers recently uncovered a highly focused malicious campaign targeting dozens of Portuguese organizations, particularly in the government, finance and transportation sectors. | Malware blog | Palo Alto |
| 10.5.25 | Iranian Cyber Actors Impersonate Model Agency in Suspected Espionage Operation | Unit 42 recently identified suspected covert Iranian infrastructure impersonating a German model agency. This infrastructure hosted a fraudulent website designed to mimic the authentic agency’s branding and content. | APT blog | Palo Alto |
| 10.5.25 | Stealthy .NET Malware: Hiding Malicious Payloads as Bitmap Resources | This article highlights a new obfuscation technique threat actors are using to hide malware through steganography within bitmap resources embedded in otherwise benign 32-bit .NET applications. | Malware blog | Palo Alto |
| 10.5.25 | State-of-the-art phishing: MFA bypass | Threat actors are bypassing MFA with adversary-in-the-middle attacks via reverse proxies. Phishing-as-a-Service tools like Evilproxy make these threats harder to detect. | Phishing blog | CISCO TALOS |
| 10.5.25 | The IT help desk kindly requests you read this newsletter | How do attackers exploit authority bias to manipulate victims? Martin shares proactive strategies to protect yourself and others in this must-read edition of the Threat Source newsletter. | Exploit blog | CISCO TALOS |
| 10.5.25 | Spam campaign targeting Brazil abuses Remote Monitoring and Management tools | A new spam campaign is targeting Brazilian users with a clever twist — abusing the free trial period of trusted remote monitoring tools and the country’s electronic invoice system to spread malicious agents. | Spam blog | CISCO TALOS |
| 10.5.25 | Proactive threat hunting with Talos IR | Learn more about the framework Talos IR uses to conduct proactive threat hunts, and how we can help you stay one step ahead of emerging threats. | Cyber blog | CISCO TALOS |
| 10.5.25 | Catching a phish with many faces | Here’s a brief dive into the murky waters of shape-shifting attacks that leverage dedicated phishing kits to auto-generate customized login pages on the fly | Phishing blog | Eset |
| 10.5.25 | Beware of phone scams demanding money for ‘missed jury duty’ | Phishing blog | Eset | |
| 10.5.25 | Toll road scams are in overdrive: Here’s how to protect yourself | Have you received a text message about an unpaid road toll? Make sure you’re not the next victim of a smishing scam. | Phishing blog | Eset |
| 10.5.25 | The Bug Report - April 2025 Edition | Spring clean your security! Dive into April 2025’s top CVEs, live exploits, and patches. Stay ahead of attacks — read the full Bug Report now. | Cyber blog | Trelix |
| 10.5.25 | The Growing Threat of Vishing: How Cybercriminals Are Using Multimedia to Target You | New vishing attack technique we need to be aware of. How cybercriminals are using multimedia to target you. | Cyber blog | Trelix |
| 9.5.25 | Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials | Cybersecurity researchers are warning of a new campaign that's targeting Portuguese-speaking users in Brazil with trial versions of commercial remote monitoring and management (RMM) software since January 2025. | Spam | The Hacker News |
| 9.5.25 | Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials | Cybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a popular artificial | Virus | The Hacker News |
| 9.5.25 | Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android | Google on Thursday announced it's rolling out new artificial intelligence (AI)-powered countermeasures to combat scams across Chrome, Search, and Android. | AI | The Hacker News |
| 9.5.25 | Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell | A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver. Forescout Vedere | Vulnerebility | The Hacker News |
| 9.5.25 | 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases | Cybersecurity researchers have exposed what they say is an "industrial-scale, global cryptocurrency phishing operation" engineered to steal digital assets from | Exploit | The Hacker News |
| 8.5.25 | Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal | During our monitoring of Agenda ransomware activities, we uncovered campaigns that made use of the SmokeLoader malware and a new loader we've named NETXLOADER. | Ransom | Trend Micro |
| 8.5.25 | Earth Kasha Updates TTPs in Latest Campaign Targeting Taiwan and Japan | This blog discusses the latest modifications observed in Earth Kasha’s TTPs from their latest campaign detected in March 2025 targeting Taiwan and Japan. | APT | Trend Micro |
| 8.5.25 | SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root | SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote | Vulnerebility | The Hacker News |
| 8.5.25 | Qilin Leads April 2025 Ransomware Spike with 45 Breaches Using NETXLOADER Malware | Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled | Ransom | The Hacker News |
| 8.5.25 | MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware | The nation-state threat actor known as MirrorFace has been observed deploying malware dubbed ROAMINGMOUSE as part of a cyber espionage campaign directed | Virus | The Hacker News |
| 8.5.25 | Why EASM is vital to modern digital risk protection | You can't protect what you can't see. From shadow IT to supplier risk, modern attack surfaces are sprawling fast — and External Attack Surface Management (EASM) is how security teams take back control. Learn from Outpost24 how EASM powers proactive digital risk protection. | Security | BleepingComputer |
| 8.5.25 | Google fixes actively exploited FreeType flaw on Android | Google has released the May 2025 security updates for Android with fixes for 45 security flaws, including an actively exploited zero-click FreeType 2 code execution vulnerability. | OS | |
| 8.5.25 | Linux wiper malware hidden in malicious Go modules on GitHub | A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub. | Virus | |
| 8.5.25 | Microsoft pushes fix for Windows 11 24H2 update failures | Microsoft has fixed a known issue preventing Windows 11 24H2 feature updates from being delivered via Windows Server Update Services (WSUS) after installing the April 2025 security updates. | OS | BleepingComputer |
| 8.5.25 | Luna Moth extortion hackers pose as IT help desks to breach US firms | The data-theft extortion group known as Luna Moth, aka Silent Ransom Group, has ramped up callback phishing campaigns in attacks on legal and financial institutions in the United States. | Phishing | BleepingComputer |
| 8.5.25 | New "Bring Your Own Installer" EDR bypass used in ransomware attack | New "Bring Your Own Installer" EDR bypass used in ransomware attack | Ransom | BleepingComputer |
| 8.5.25 | Microsoft finds default Kubernetes Helm charts can expose data | Microsoft warns about the security risks posed by default configurations in Kubernetes deployments, particularly those using out-of-the-box Helm charts, which could publicly expose sensitive data. | Incindent | |
| 8.5.25 | Unofficial Signal app used by Trump officials investigates hack | TeleMessage, an Israeli company that sells an unofficial Signal message archiving tool used by some U.S. government officials, has suspended all services after reportedly being hacked. | Social | |
| 8.5.25 | Darcula PhaaS steals 884,000 credit cards via phishing texts | The Darcula phishing-as-a-service (PhaaS) platform stole 884,000 credit cards from 13 million clicks on malicious links sent via text messages to targets worldwide. | Phishing | BleepingComputer |
| 8.5.25 | UK shares security tips after major retail cyberattacks | Following three high-profile cyberattacks impacting major UK retailers, the country's National Cyber Security Centre (NCSC) has published guidance that all companies are advised to follow to strengthen their cybersecurity defenses. | CyberCrime | BleepingComputer |
| 8.5.25 | Microsoft silently fixes Start menu bug affecting Windows 10 PCs | Microsoft has silently fixed an issue that broke Start Menu jump lists for all apps on systems running Windows 10, version 22H2. | OS | BleepingComputer |
| 8.5.25 | Microsoft: Windows 11 24H2 now ready to rollout to everyone | Microsoft announced over the weekend that the Windows 11 24H2 update is ready to roll out to all compatible PCs, excluding those with safeguard holds. | OS | |
| 8.5.25 | OpenAI document explains when to use each ChatGPT model | OpenAI admitted that it can be confusing for users to choose between all the different models, but the company has quietly published a document that makes it easier to understand ChatGPT. | AI | |
| 8.5.25 | StealC malware enhanced with stealth upgrades and data theft tools | The creators of StealC, a widely-used information stealer and malware downloader, have released its second major version, bringing multiple stealth and data theft enhancements. | Virus | BleepingComputer |
| 8.5.25 | Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware | The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using | Virus | The Hacker News |
| 8.5.25 | Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT | Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker | Vulnerebility | The Hacker News |
| 7.5.25 | Bring Your Own Installer: Bypassing SentinelOne Through Agent Version Change Interruption | Bring Your Own Installer is a technique which can be used by threat actors to bypass EDR protection on a host through timed termination of the agent update process when inadequately configured. | Ransom | Aon.com |
| 7.5.25 | Winning the Fight Against Spyware Merchant NSO | Six years ago, we detected and stopped an attack by the notorious spyware developer NSO against WhatsApp and its users, and today, our court case has made history as the first victory against illegal spyware that threatens the safety and privacy of everyone. | Virus | FB.com |
| 7.5.25 | Here Comes Mirai: IoT Devices RSVP to Active Exploitation | The Akamai Security Intelligence and Response Team (SIRT) has identified active exploitation of command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120 against discontinued GeoVision Internet of Things (IoT) devices. | IoT | Akamai |
| 7.5.25 | Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks | Europol has announced the takedown of distributed denial of service (DDoS)-for-hire services that were used to launch thousands of cyber-attacks across the world. | CyberCrime | The Hacker News |
| 7.5.25 | OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws | A second security flaw impacting the OttoKit (formerly SureTriggers ) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as | Exploit | The Hacker News |
| 7.5.25 | SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version | Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre- | Vulnerebility | The Hacker News |
| 7.5.25 | Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization | Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an | Ransom | The Hacker News |
| 7.5.25 | Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times | Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that masquerades as a seemingly harmless | Virus | The Hacker News |
| 7.5.25 | NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware | A federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary damages, more than four | Social | The Hacker News |
| 7.5.25 | Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet | Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) devices to corral them into a Mirai botnet | Exploit | The Hacker News |
| 6.5.25 | Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams | According to the Federal Trade Commission (FTC), consumers lost more money to investment scams than any other kind in 2024. | Spam | Infoblox |
| 6.5.25 | The Risk of Default Configuration: How Out-of-the-Box Helm Charts Can Breach Your Cluste | Have you ever used pre-made deployment templates to quickly spin up applications in Kubernetes environments? While these “plug-and-play” options greatly simplify the setup process, they often prioritize ease of use over security. | Security | Microsoft blog |
| 6.5.25 | New Investment Scams Use Facebook Ads, RDGA Domains, and IP Checks to Filter Victims | Cybersecurity researchers have lifted the lid on two threat actors that orchestrate investment scams through spoofed celebrity endorsements and conceal their | Spam | The Hacker News |
| 6.5.25 | Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks | Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations | Security | The Hacker News |
| 6.5.25 | Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers | Google has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it said has been exploited in the wild. | Vulnerebility | The Hacker News |
| 6.5.25 | Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence | A recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities ( KEV ) catalog by | Exploit | The Hacker News |
| 6.5.25 | Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi | Cybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple's AirPlay protocol that, if successfully exploited, could enable | Vulnerebility | The Hacker News |
| 6.5.25 | Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity security flaw impacting Commvault Command Center to its | Vulnerebility | The Hacker News |
| 6.5.25 | Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data | The threat actors known as Golden Chickens have been attributed to two new malware families dubbed TerraStealerV2 and TerraLogger, suggesting continued | Virus | The Hacker News |
| 4.5.25 | Microsoft ends Authenticator password autofill, moves users to Edge | Microsoft has announced that it will discontinue the password storage and autofill feature in the Authenticator app starting in July and will complete the deprecation in August 2025. | OS | BleepingComputer |
| 4.5.25 | Co-op confirms data theft after DragonForce ransomware claims attack | The Co-op cyberattack is far worse than initially reported, with the company now confirming that data was stolen for a significant number of current and past customers. | Ransom | |
| 4.5.25 | Magento supply chain attack compromises hundreds of e-stores | A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational. | CyberCrime | |
| 4.5.25 | US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks | A 36-year-old Yemeni national, who is believed to be the developer and primary operator of 'Black Kingdom' ransomware, has been indicted by the United States for conducting 1,500 attacks on Microsoft Exchange servers. | Ransom | BleepingComputer |
| 4.5.25 | UK NCSC: Cyberattacks impacting UK retailers are a wake-up call | The United Kingdom's National Cyber Security Centre warned that ongoing cyberattacks impacting multiple UK retail chains should be taken as a "wake-up call." | BigBrothers | BleepingComputer |
| 4.5.25 | Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack | Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux | Virus | The Hacker News |
| 4.5.25 | Hacker 'NullBulge' pleads guilty to stealing Disney's Slack data | A California man who used the alias "NullBulge" has pleaded guilty to illegally accessing Disney's internal Slack channels and stealing over 1.1 terabytes of internal company data. | Incindent | |
| 4.5.25 | Microsoft makes all new accounts passwordless by default | Microsoft has announced that all new Microsoft accounts will be "passwordless by default" to secure them against password attacks such as phishing, brute force, and credential stuffing. | OS | |
| 4.5.25 | Microsoft fixes Exchange Online bug flagging Gmail emails as spam | Microsoft has resolved an issue with a machine learning model that mistakenly flagged emails from Gmail accounts as spam in Exchange Online. | OS | BleepingComputer |
| 4.5.25 | TikTok fined €530 million for sending European user data to China | The Irish Data Protection Commission (DPC) has fined TikTok €530 million (over $601 million) for illegally transferring the personal data of users in the European Economic Area (EEA) to China, violating the European Union's GDPR data protection regulations. | Social | BleepingComputer |
| 3.5.25 | Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware | An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that | APT | The Hacker News |
| 3.5.25 | U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems | The U.S. Department of Justice (DoJ) on Thursday announced charges against a 36-year-old Yemeni national for allegedly deploying the Black Kingdom ransomware | CyberCrime | The Hacker News |
| 3.5.25 | Pro-Russia hacktivists bombard Dutch public orgs with DDoS attacks | Russia-aligned hacktivists persistently target key public and private organizations in the Netherlands with distributed denial of service (DDoS) attacks, causing access problems and service disruptions. | BigBrothers | |
| 3.5.25 | Ukrainian extradited to US for Nefilim ransomware attacks | A Ukrainian national has been extradited from Spain to the United States to face charges over allegedly conducting Nefilim ransomware attacks against companies. | Ransom | |
| 3.5.25 | Harrods the next UK retailer targeted in a cyberattack | London's iconic department store, Harrods, has confirmed it was targeted in a cyberattack, becoming the third major UK retailer to report cyberattacks in a week following incidents at M&S and the Co-op. | Incindent | BleepingComputer |
| 3.5.25 | Malicious PyPI packages abuse Gmail, websockets to hijack systems | Seven malicious PyPi packages were found using Gmail's SMTP servers and WebSockets for data exfiltration and remote command execution. | Virus | BleepingComputer |
| 3.5.25 | Hackers abuse IPv6 networking feature to hijack software updates | A China-aligned APT threat actor named "TheWizards" abuses an IPv6 networking feature to launch adversary-in-the-middle (AitM) attacks that hijack software updates to install Windows malware. | Attack | |
| 3.5.25 | WordPress plugin disguised as a security tool injects backdoor | A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it. | Virus | BleepingComputer |
| 3.5.25 | WhatsApp unveils 'Private Processing' for cloud-based AI features | WhatsApp has announced the introduction of 'Private Processing,' a new technology that enables users to utilize advanced AI features by offloading tasks to privacy-preserving cloud servers. | Social | BleepingComputer |
| 3.5.25 | SonicWall warns of more VPN flaws exploited in attacks | Cybersecurity company SonicWall has warned customers that two older vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited in attacks. | Exploit | |
| 3.5.25 | Commvault says recent breach didn't impact customer backup data | Commvault, a leading provider of data protection solutions, says a nation-state threat actor who breached its Azure environment didn't gain access to customer backup data. | Incindent | BleepingComputer |
| 3.5.25 | FBI shares massive list of 42,000 LabHost phishing domains | The FBI has shared 42,000 phishing domains tied to the LabHost cybercrime platform, one of the largest global phishing-as-a-service (PhaaS) platforms that was dismantled in April 2024. | Phishing | BleepingComputer |
| 3.5.25 | UK retailer Co-op shuts down some IT systems after hack attempt | British supermarket chain Co-op Food has confirmed to BleepingComputer via a statement that it has suffered limited operational disruption as it responds to a cyberattack. | Incindent | BleepingComputer |
| 3.5.25 | Ascension discloses new data breach after third-party hacking incident | Ascension, one of the largest private healthcare systems in the United States, is notifying patients that their personal and health information was stolen in a December 2024 data theft attack, which affected a former business partner. | Incindent | |
| 3.5.25 | Microsoft: Windows 11 24H2 updates fail with 0x80240069 errors | Microsoft has confirmed that Windows 11 24H2 feature updates via Windows Server Update Services (WSUS) are being blocked after installing the April 2025 security updates. | OS | BleepingComputer |
| 3.5.25 | This Google Threat Intelligence Group report presents an analysis of detected 2024 zero-day exploits. | Exploit blog | Google Threat Intelligence | |
| 3.5.25 | Threat Actors are Targeting US Tax-Session with new Tactics of Stealerium-infostealer | Introduction A security researcher from Seqrite Labs has uncovered a malicious campaign targeting U.S. citizens as Tax Day approaches on April 15. Seqrite Labs has identified multiple phishing attacks leveraging tax-related themes as a vector for social engineering, aiming... | Phishing blog | Seqrite |
| 3.5.25 | Advisory: Pahalgam Attack themed decoys used by APT36 to target the Indian Government | Seqrite Labs APT team has discovered “Pahalgam Terror Attack” themed documents being used by the Pakistan-linked APT group Transparent Tribe (APT36) to target Indian Government and Defense personnel. The campaign involves both credential phishing and deployment of malicious payloads,... | APT blog | Seqrite |
| 3.5.25 | Security Brief: French BEC Threat Actor Targets Property Payments | Proofpoint identified and named a new financially motivated, business email compromise (BEC) threat actor conducting fraud, TA2900. This actor sends French language emails using rental payment themes to target people in France and occasionally in Canada. | Spam blog | PROOFPOINT |
| 3.5.25 | Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape | Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared our findings with Apple and a fix was released for this vulnerability, now identified as CVE-2025-31191. We encourage macOS users to apply security updates as soon as possible. | Vulnerebility blog | Microsoft blog |
| 3.5.25 | Exploring PLeak: An Algorithmic Method for System Prompt Leakage | What is PLeak, and what are the risks associated with it? We explored this algorithmic technique and how it can be used to jailbreak LLMs, which could be leveraged by threat actors to manipulate systems and steal sensitive data. | AI blog | Trend Micro |
| 3.5.25 | Earth Kasha Updates TTPs in Latest Campaign Targeting Taiwan and Japan | This blog discusses the latest modifications observed in Earth Kasha’s TTPs from their latest campaign detected in March 2025 targeting Taiwan and Japan. | APT blog | Trend Micro |
| 3.5.25 | NVIDIA Riva Vulnerabilities Leave AI-Powered Speech and Translation Services at Risk | Trend Research uncovered misconfigurations in NVIDIA Riva deployments, with two vulnerabilities, CVE-2025-23242 and CVE-2025-23243, contributing to their exposure. These security flaws could lead to unauthorized access, resource abuse, and potential misuse or theft of AI-powered inference services, including speech recognition and text-to-speech processing. | AI blog | Trend Micro |
| 3.5.25 | Actively Exploited SAP NetWeaver Visual Composer Vulnerability Enables Remote Code Execution (CVE-2025-31324) | The SonicWall Capture Labs threat research team became aware of an arbitrary file upload vulnerability in the Metadata Uploader component of SAP NetWeaver Visual Composer, assessed its impact, and developed mitigation measures. SAP NetWeaver serves as a robust technology platform that functions as both an integration hub and application layer, enabling businesses to unify data, processes, and applications from various sources into a cohesive SAP ecosystem. | Vulnerebility blog | SonicWall |
| 3.5.25 | Exploring the State of AI in Cyber Security: Past, Present, and Future | Artificial intelligence is rapidly reshaping the cyber security landscape—but how exactly is it being used, and what risks does it introduce? At Check Point Research, we set out to evaluate the current AI security environment by examining real-world threats, analyzing how researchers and attackers are leveraging AI, and assessing how today’s security tools are evolving with these technologies. | AI blog | Checkpoint |
| 3.5.25 | RSAC 2025 wrap-up – Week in security with Tony Anscombe | From the power of collaborative defense to identity security and AI, catch up on the event's key themes and discussions | Cyber blog | Eset |
| 3.5.25 | This month in security with Tony Anscombe – April 2025 edition | From the near-demise of MITRE's CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurity | Cyber blog | Eset |
| 3.5.25 | How safe and secure is your iPhone really? | Your iPhone isn't necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors. | OS Blog | Eset |
| 2.5.25 | Grinex exchange suspected rebrand of sanctioned Garantex crypto firm | A new cryptocurrency exchange named Grinex is believed to be a rebrand of Garantex, a Russian cryptocurrency exchange whose domains were seized by the U.S. authorities and an admin arrested. | Cryptocurrency | |
| 2.5.25 | Microsoft: Windows Server hotpatching to require subscription | Microsoft has announced it will require paid subscriptions for Windows Server 2025 hotpatching, a service that enables admins to install security updates without restarting. | OS | |
| 2.5.25 | Hackers ramp up scans for leaked Git tokens and secrets | Threat actors are intensifying internet-wide scanning for Git configuration files that can reveal sensitive secrets and authentication tokens used to compromise cloud services and source code repositories. | Incindent | BleepingComputer |
| 2.5.25 | France ties Russian APT28 hackers to 12 cyberattacks on French orgs | Today, the French foreign ministry blamed the APT28 hacking group linked to Russia's military intelligence service (GRU) for targeting or breaching a dozen French entities over the last four years. | APT | BleepingComputer |
| 2.5.25 | Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks | A set of security vulnerabilities in Apple's AirPlay Protocol and AirPlay Software Development Kit (SDK) exposed unpatched third-party and Apple devices to various attacks, including remote code execution. | Vulnerebility | |
| 2.5.25 | SK Telecom cyberattack: Free SIM replacements for 25 million customers | South Korean mobile provider SK Telecom has announced free SIM card replacements to its 25 million mobile customers following a recent USIM data breach, but only 6 million cards are available through May. | Incindent | BleepingComputer |
| 2.5.25 | Microsoft fixes Outlook paste, blank calendar rendering issues | Microsoft has confirmed several issues affecting Microsoft 365 customers using the "paste special' option and the calendar feature in the classic Outlook email client. | Vulnerebility | BleepingComputer |
| 2.5.25 | CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks | The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks. | Exploit | |
| 2.5.25 | Google: 97 zero-days exploited in 2024, over 50% in spyware attacks | Google's Threat Intelligence Group (GTIG) says attackers exploited 75 zero-day vulnerabilities in the wild last year, over 50% of which were linked to spyware attacks. | Exploit | BleepingComputer |
| 2.5.25 | TikTok Slammed With €530 Million GDPR Fine for Sending E.U. Data to China | Ireland's Data Protection Commission (DPC) on Friday fined popular video-sharing platform TikTok €530 million ($601 million) for infringing data protection regulations in the region by transferring European users' data to China. | Social | The Hacker News |
| 2.5.25 | MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks | The malware loader known as MintsLoader has been used to deliver a PowerShell-based remote access trojan called GhostWeaver. "MintsLoader operates through a | Virus | The Hacker News |
| 2.5.25 | Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support | A year after Microsoft announced passkeys support for consumer accounts, the tech giant has announced a big change that pushes individuals signing up for new | Incindent | The Hacker News |
| 2.5.25 | Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers | Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the | CyberCrime | The Hacker News |
| 1.5.25 | Claude AI Exploited to Operate 100+ Fake Political Personas in Global Influence Campaign | Artificial intelligence (AI) company Anthropic has revealed that unknown threat actors leveraged its Claude chatbot for an "influence-as-a-service" operation to | AI | The Hacker News |
| 1.5.25 | DarkWatchman, Sheriff Malware Hit Russia and Ukraine with Stealth and Nation-Grade Tactics | Russian companies have been targeted as part of a large-scale phishing campaign that's designed to deliver a known malware called DarkWatchman . Targets of the | Virus | The Hacker News |
| 1.5.25 | Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach | Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE- | Vulnerebility | The Hacker News |
| 1.5.25 | SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models | SonicWall has revealed that two now-patched security flaws impacting its SMA100 Secure Mobile Access (SMA) appliances have been exploited in the wild. The | Exploit | The Hacker News |
| 1.5.25 | Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense | As the field of artificial intelligence (AI) continues to evolve at a rapid pace, new research has found how techniques that render the Model Context Protocol ( MCP ) | AI | The Hacker News |
|
|
|
|||