BLOG 2025 AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog 2024 2023
H January(21) February(46) March(44) April(33) May(35) June(67) July(84) August(73) September(57) October(0) November(59) December(60) 2025 January(29) February(72) March(67) April(108) May(118) June(155) July(0) August(0) September(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 28.6.25 | CrowdStrike Researchers Investigate the Threat of Patchless AMSI Bypass Attacks | Adversaries have employed various tactics to bypass Windows’ AMSI security feature, but such attacks are noisy, meaning they can be detected by monitoring security products | Attack blog | CROWDSTRIKE BLOG |
| 28.6.25 | Taking the shine off BreachForums | ShinyHunters threat group members were arrested in a coordinated law enforcement action for their association with BreachForums | Hacking blog | Sophos |
| 28.6.25 | Dissecting a Malicious Havoc Sample | Explore a detailed technical analysis of a Havoc Remote Access Trojan (RAT) variant used in a targeted cyberattack against Middle East critical national infrastructure. Learn how Fortinet detects and protects against Havoc-based threats. | Malware blog | FOTINET |
| 28.6.25 | What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia | In cooperation with external partners, Google Threat Intelligence Group (GTIG) observed a Russia state-sponsored cyber threat actor impersonating the U.S. Department of State. From at least April through early June 2025, this actor targeted prominent academics and critics of Russia, often using extensive rapport building and tailored lures to convince the target to set up application specific passwords (ASPs). | Phishing blog | Google Threat Intelligence |
| 28.6.25 | Trix Shots: Remote Code Execution on Aviatrix Controller | This blog post highlights a Mandiant Red Team case study simulating an “Initial Access Brokerage” approach that discovered two vulnerabilities on Aviatrix Controller, a Software-Defined Networking (SDN) utility that allows for the creation of links between different cloud vendors and regions: | Vulnerebility blog | Google Threat Intelligence |
| 28.6.25 | Hacktivists Launch DDoS Attacks at U.S. Following Iran Bombings | Hacktivist attacks surge on U.S. targets after Iran bombings, with groups claiming DDoS hits on military, defense, and financial sectors amid rising tensions. | BigBrother blog | Cyble |
| 28.6.25 | Check Point Research discovered the first known case of malware designed to trick AI-based security tools | AI blog | Checkpoint | |
| 28.6.25 | ODYSSEY STEALER : THE REBRAND OF POSEIDON STEALER | EXECUTIVE SUMMARY The CYFIRMA research team has uncovered multiple websites employing Clickfix tactics to deliver malicious AppleScripts (osascripts). These scripts | Malware blog | Cyfirma |
| 28.6.25 | 12 DAY WAR UPDATE | TEHRAN'S WEAKENED POSITION Militarily, Iran is in its most vulnerable position in decades. The country's economy has been weakened by decades of extensive sanctions, economic | BigBrother blog | Cyfirma |
| 28.6.25 | A Historic First: BMC Vulnerability CVE-2024-054085 Joins CISA's Most Critical List | While BMC vulnerabilities have been reported for years, the inclusion of CVE-2024-54085 marks the first time that CISA has publicly acknowledged that these critical, foundational components are being exploited in the wild. | Vulnerebility blog | Eclypsium |
| 28.6.25 | The Cisco Vulnerability Salt Typhoon Weaponized Against Canadian Telcos and Viasat | Canadian telecommunications companies are the most recently disclosed victims of China’s Salt Typhoon advanced persistent threat (APT) group, as reported by Bleeping Computer and other outlets. | APT blog | Eclypsium |
| 28.6.25 | ZendTo Vulnerability (CVE-2025-34508) Could Lead to Data Exposure and Service Disruption | The SonicWall Capture Labs threat research team became aware of CVE-2025-34508, a medium-severity (CVSS 6.3) path traversal vulnerability in the ZendTo file transfer application. ZendTo is an open-source, web-based tool commonly used by universities, research institutions, and enterprises to securely exchange large files with external users. | Vulnerebility blog | SonicWall |
| 28.6.25 | Threat Brief: Escalation of Cyber Risk Related to Iran (Updated June 26) | The recent conflict involving Iran, particularly its military engagements with Israel and the U.S., significantly heightens the risk of cyber spillover. This extends traditional battlegrounds into the digital realm. | APT blog | Palo Alto |
| 28.6.25 | In the Wild: Malware Prototype with Embedded Prompt Injection | In this write-up we present a malware sample found in the wild that boasts a novel and unusual evasion mechanism — an attempted prompt injection (”Ignore all previous instructions…”) aimed to manipulate AI models processing the sample. | Malware blog | Checkpoint |
| 28.6.25 | Cybercriminal abuse of large language models | Cybercriminals are increasingly gravitating towards uncensored LLMs, cybercriminal-designed LLMs and jailbreaking legitimate LLMs. | Cyber blog | CISCO TALOS |
| 28.6.25 | Getting a career in cybersecurity isn’t easy, but this can help | This week, Joe reflects on his unique path into cybersecurity and shares honest advice for breaking into the field. Plus, learn how cybercriminals are abusing AI to launch more sophisticated attacks and what you can do to stay protected. | Cyber blog | CISCO TALOS |
| 28.6.25 | Decrement by one to rule them all: AsIO3.sys driver exploitation | Cisco Talos uncovered and analyzed two critical vulnerabilities in ASUS' AsIO3.sys driver, highlighting serious security risks and the importance of robust driver design. | Vulnerebility blog | CISCO TALOS |
| 28.6.25 | ESET Threat Report H1 2025 | A view of the H1 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts | Cyber blog | Eset |
| 28.6.25 | Understanding Iranian Capabilities and Hacktivist Activities | At Trellix, we’ve been closely tracking Iranian cyber operations for years. Our research has shown that Iran maintains a mature and diverse cyber capability, executed through a combination of government agencies, contractors, and loosely affiliated proxy groups. | APT blog | Trelix |
| 27.6.25 | DeepSeek Deception: Sainbox RAT & Hidden Rootkit Delivery | Netskope Threat Labs has discovered a campaign using fake installers to deliver the Sainbox RAT and Hidden rootkit. During our threat hunting activities, we encountered multiple installers disguised as legitimate software, including WPS Office, Sogou, and DeepSeek. | Malware blog | NETSKOPE |
| 27.6.25 | Surge in MOVEit Transfer Scanning Could Signal Emerging Threat Activity | GreyNoise has identified a notable surge in scanning activity targeting MOVEit Transfer systems, beginning on May 27, 2025. Prior to this date, scanning was minimal — typically fewer than 10 IPs observed per day. But on May 27, that number spiked to over 100 unique IPs, followed by 319 IPs on May 28. | Vulnerebility blog | GREYNOISE |
| 27.6.25 | OneClik: A ClickOnce-Based APT Campaign Targeting Energy, Oil and Gas Infrastructure | The Trellix Advanced Research Center has uncovered a sophisticated APT malware campaign that we’ve dubbed OneClik. | APT blog | Trelix |
| 27.6.25 | Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork; Putting Millions at Risk | We discovered a critical vulnerability in open-vsx.org, the open-source VS Code extensions marketplace powering popular VSCode forks like Cursor, Windsurf and VSCodium, used by over 8,000,000 developers. | Vulnerebility blog | KOI SECURITY |
| 26.6.25 | Iranian Educated Manticore Targets Leading Tech Academics | Amid ongoing tensions between Iran and Israel, the Iranian threat group Educated Manticore, associated with the Islamic Revolutionary Guard Corps, has launched spear-phishing campaigns targeting Israeli journalists, high-profile cyber security experts and computer science professors from leading Israeli universities. | APT blog | Checkpoint |
| 26.6.25 | Cybercriminals Abuse Open-Source Tools To Target Africa’s Financial Sector | Unit 42 researchers have been monitoring a series of attacks targeting financial organizations across Africa. We assess that the threat actor may be gaining initial access to these financial institutions and then selling it to others on the dark web. Since at least July 2023, a cluster of activity we track as CL-CRI-1014 has targeted this sector. | Hacking blog | Palo Alto |
| 26.6.25 | Dire Wolf Strikes: New Ransomware Group Targeting Global Sectors | Dire Wolf is a newly emerged ransomware group first observed in May 2025 and Trustwave SpiderLabs recently uncovered a Dire Wolf ransomware sample that revealed for the first time key details about how the ransomware operates. | Ransom blog | SPIDERLABS BLOG |
| 26.6.25 | Responsible Disclosure: Vulnerabilities in SAP GUI Client (CVE-2025-0056 & CVE-2025-0055) | As an SAP Security Analyst and Lead Researcher at Pathlock, I believe that responsible security research is the foundation for maintaining secure IT environments. Today, I am excited to disclose research on two vulnerabilities in the SAP Graphical User Interface (SAP GUI) input history feature, which we identified together with Julian Petersohn of Fortinet. | Vulnerebility blog | PATHLOCK |
| 26.6.25 | nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications | The nOAuth vulnerability exposes a critical authentication flaw in vulnerable software-as-a-service (SaaS) applications. With only access to an Entra tenant—a low barrier—and the target user’s email address, an attacker can take over that user’s account in the vulnerable application. From there, the attacker can access all the data that the target has access to within that application. | Vulnerebility blog | SEMPERIS |
| 26.6.25 | Iran-Linked Threat Actors Leak Visitors and Athletes' Data from Saudi Games | Today (June 22, 2025) — the threat actors associated with the "Cyber Fattah" movement leaked thousands of records containing information about visitors and athletes from past Saudi Games, one of the major sports events in the Kingdom. | APT blog | RESECURITY |
| 25.6.25 | ConnectUnwise: Threat actors abuse ConnectWise as builder for signed malware | Since March 2025 there has been a noticeable increase in infections and fake applications using validly signed ConnectWise samples | Malware blog | G DATA |
| 25.6.25 | Threat Actors Modify and Re-Create Commercial Software to Steal Users’ Information | In collaboration with Microsoft Threat Intelligence (MSTIC), SonicWall has identified a deceptive campaign to distribute a hacked and modified version of SonicWall’s SSL VPN NetExtender application that closely resembles the official SonicWall NetExtender software. | APT blog | SonicWall |
| 25.6.25 | Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages | North Korean threat actors linked to the Contagious Interview campaign return with 35 new malicious npm packages using a stealthy multi-stage malware loader. | APT blog | SOCKET DEV |
| 25.6.25 | Exchange mutations. Malicious code in Outlook pages | In May 2024, specialists from the Incident Response team at the Positive Technologies Expert Security Center (PT Expert Security Center) discovered an attack using an unknown keylogger injected into the home page of a compromised Exchange Server. In 2025, | Malware blog | POSITIVE TECHNOLOGIES |
| 25.6.25 | Cryptominers’ Anatomy: Shutting Down Mining Botnets | Welcome to the final installment of our Cryptominers’ Anatomy blog series | BotNet blog | AKAMAI |
| 21.6.25 | Threat actor Banana Squad exploits GitHub repos in new campaign | ReversingLabs researchers discovered more than 60 GitHub repositories that contain hundreds of trojanized files. | APT blog | Reversinglabs |
| 21.6.25 | Threat Group Targets Companies in Taiwan | FortiGuard Labs has uncovered an ongoing cyberattack, targeting companies in Taiwan using phishing emails disguised as tax-related communications | APT blog | FOTINET |
| 21.6.25 | CERT-In Vulnerability Note Highlights Critical Security Risks in Ivanti, Trend Micro, Apache Kafka, and SAP Products | CERT-In Vulnerability Note reveals serious flaws in Ivanti, Trend Micro, Apache Kafka, and SAP products. | Vulnerebility blog | Cyble |
| 21.6.25 | NCSC Q1 2025 Report Reveals 14.7% Surge in Cybercrime Financial Losses in New Zealand | The NCSC’s Cyber Security Insights report for Q1 2025 shows a 14.7% rise in financial losses from cybercrime, with $7.8M lost mainly due to scams and fraud targeting NZ businesses. | Cyber blog | Cyble |
| 21.6.25 | DOJ Seizes $225M in Crypto Tied to Fraud and Money Laundering | The U.S. Department of Justice (DOJ) filed a civil forfeiture complaint to seize over $225.3 million in cryptocurrency. The funds are allegedly tied to a sprawling cryptocurrency investment fraud and money laundering operation that targeted hundreds of victims through blockchain-based schemes. | Cryptocurrency blog | Cyble |
| 21.6.25 | Masslogger Fileless Variant – Spreads via .VBE, Hides in Registry | During our recent investigation at Seqrite Labs, we identified a sophisticated variant of Masslogger credential stealer malware spreading through .VBE (VBScript Encoded) files | Malware blog | Seqrite |
| 21.6.25 | APT36 Phishing Campaign Targets Indian Defense Using Credential-Stealing Malware | Executive Summary APT36, also known as Transparent Tribe, is a Pakistan-based cyber espionage group that has been actively targeting Indian defense personnel through highly | APT blog | Cyfirma |
| 21.6.25 | Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication | Proofpoint has been closely monitoring a stealer malware formerly known as ACR Stealer. In 2025, Proofpoint analysts identified a new, unnamed malware exhibiting significant code overlap, shared features, and capabilities with ACR Stealer. | Malware blog | PROOFPOINT |
| 21.6.25 | Uncovering a Tor-Enabled Docker Exploit | A recent attack campaign took advantage of exposed Docker Remote APIs and used the Tor network to deploy a stealthy cryptocurrency miner. This blog breaks down the attack chain. | Exploit blog | Trend Micro |
| 21.6.25 | An Investigation of AWS Credential Exposure via Overprivileged Containers | Overprivileged or misconfigured containers in Amazon EKS can expose sensitive AWS credentials to threats like packet sniffing and API spoofing, highlighting the need for least privilege and proactive security to detect and reduce these risks. | Incident blog | Trend Micro |
| 21.6.25 | Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet | This blog uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data. | Vulnerebility blog | Trend Micro |
| 21.6.25 | VMDetector-Based Loader Abuses Steganography to Deliver Infostealers | Recently, the SonicWall Capture Labs threat research team has identified various malware strains being distributed through a custom VMDetector Loader. | Malware blog | SonicWall |
| 21.6.25 | Medusa RaaS Group Continues Company Focused Triple Extortion Attacks | The SonicWall Capture Labs threat research team continues to track the developments of Medusa ransomware. Medusa is a Russian-speaking Ransomware-as-a-Service (RaaS) operation that has been active since mid-2021. | Ransom blog | SonicWall |
| 21.6.25 | Pre-Auth RCE Alert: Critical SSH Flaw in Erlang/OTP (CVE-2025-32433) | The SonicWall Capture Labs threat research team became aware of a pre-authentication vulnerability in Erlang/OTP (Open Telegram Platform) SSH server implementation, assessed its impact, and developed mitigation measures | Vulnerebility blog | SonicWall |
| 21.6.25 | Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation | This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer. We combine our new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. | Malware blog | Palo Alto |
| 21.6.25 | Resurgence of the Prometei Botnet | In March 2025, Unit 42 researchers identified a wave of Prometei attacks. Prometei refers to both the botnet and the malware family used to operate it. | BotNet blog | Palo Alto |
| 21.6.25 | Fake Minecraft mods distributed by the Stargazers Ghost Network to steal gamers’ data | Check Point Research discovered a multistage campaign targeting Minecraft users via the distribution as a service (DaaS) Stargazers Ghost Network, which operates on GitHub. The malware impersonates, among others, Oringo and Taunahi, which are “Scripts & Macro” tools (a.k.a cheats). | Malware blog | Checkpoint |
| 21.6.25 | Famous Chollima deploying Python version of GolangGhost RAT | Learn how the North Korean-aligned Famous Chollima is using the a new Python-based RAT, "PylangGhost," to target cryptocurrency and blockchain jobseekers in a campaign affecting users primarily in India. | Malware blog | CISCO TALOS |
| 21.6.25 | A week with a "smart" car | In this edition, Thor shares how a week off with a new car turned into a crash course in modern vehicle tech. Surprisingly, it offers many parallels to cybersecurity usability. | Hacking blog | CISCO TALOS |
| 21.6.25 | When legitimate tools go rogue | Attackers are increasingly hiding in plain sight, using the same tools IT and security teams rely on for daily operations. This blog breaks down common techniques and provides recommendations to defenders. | Hacking blog | CISCO TALOS |
| 21.6.25 | Microsoft Patch Tuesday for June 2025 — Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for June 2025, which includes 66 vulnerabilities affecting a range of products, including 10 that Microsoft marked as “critical.” | Vulnerebility blog | CISCO TALOS |
| 21.6.25 | catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three zero-day vulnerabilities in catdoc, as well as vulnerabilities in Parallel, NVIDIA and High-Logic FontCreator 15. | Vulnerebility blog | CISCO TALOS |
| 21.6.25 | Ransomware Gangs Collapse as Qilin Seizes Control | In this Threat Alert, Cybereason explores the rise of Qilin amidst a turbulent realignment of the ransomware landscape. | Ransom blog | Cybereason |
| 21.6.25 | Hidden Malware Discovered in jQuery Migrate: A Stealthy Supply Chain Threat | This blog breaks down how a commonly used JavaScript library was weaponized to deliver browser-based malware via compromised WordPress assets. | Malware blog | Trelix |
| 20.6.25 | Defending the Internet: how Cloudflare blocked a monumental 7.3 Tbps DDoS attack | In mid-May 2025, Cloudflare blocked the largest DDoS attack ever recorded: a staggering 7.3 terabits per second (Tbps). | Attack blog | blog.cloudflare |
| 20.6.25 | Threat actor Banana Squad exploits GitHub repos in new campaign | ReversingLabs researchers discovered more than 60 GitHub repositories that contain hundreds of trojanized files. | Exploit blog | ReversingLabs |
| 20.6.25 | Steam Account Checker Poisoned with Infostealer | I found an interesting script targeting Steam users. Steam is a popular digital distribution platform for purchasing, downloading, and playing video games on personal computers. The script is called "steam-account-checker" and is available in Github | Malware blog | SANS |
| 20.6.25 | Clone, Compile, Compromise: Water Curse’s Open-Source Malware Trap on GitHub | The Trend Micro™ Managed Detection and Response team uncovered a threat campaign orchestrated by an active group, Water Curse. The threat actor exploits GitHub, one of the most trusted platforms for open-source software, as a delivery channel for weaponized repositories. | Malware blog | Trend Micro |
| 18.6.25 | Heightened Cyberthreat Amidst Israel-Iran Conflict | In the wake of Israel’s large-scale military operation, Operation Rising Lion, which targeted Iranian nuclear and military infrastructure on June 13, 2025, the Israelian cyberthreat landscape has escalated significantly. | APT blog | REDWARE |
| 18.6.25 | Team46 and TaxOff: two sides of the same coin | In March 2025, the Threat Intelligence Department of the Positive Technologies Expert Security Center (PT ESC) analyzed an attack that exploited a Google Chrome zero-day vulnerability (sandbox escape), which was registered around the same time and has since been tracked as CVE-2025-2783. | Vulnerebility blog | POSITIVE TECHNOLOGIES |
| 18.6.25 | Threat Group Targets Companies in Taiwan | In January 2025, FortiGuard Labs observed an attack targeting users in Taiwan. The threat actor is spreading the malware known as winos 4.0 via an email masquerading as being from Taiwan's National Taxation Bureau | APT blog | FOTINET |
| 18.6.25 | Is b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform | Welcome to June! We’re back—this time, we're exploring Sitecore’s Experience Platform (XP), demonstrating a pre-auth RCE chain that we reported to Sitecore in February 2025. | Vulnerebility blog | labs.watchtowr |
| 18.6.25 | Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet | This blog uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data. | Vulnerebility blog | Trend Micro |
| 14.6.25 | Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows | Since early March 2025, Volexity has observed multiple suspected Russian threat actors conducting highly targeted social engineering operations aimed at gaining access to the Microsoft 365 (M365) accounts of targeted individuals. | Phishing blog | VELOXITY |
| 14.6.25 | GoResolver: Using Control-flow Graph Similarity to Deobfuscate Golang Binaries, Automatically | In the course of its investigations, Volexity frequently encounters malware samples written in Golang. Binaries written in Golang are often challenging to analyze because of the embedded libraries and the sheer size of the resulting binaries. This issue is amplified when samples are obfuscated using tools such as Garble, an open-source Golang obfuscation tool. | Malware blog | VELOXITY |
| 14.6.25 | Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication | Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack campaigns were highly targeted and carried out in a variety of ways. The majority of these attacks originated via spear-phishing emails with different themes. In one case, the eventual breach began with highly tailored outreach via Signal. | APT blog | VELOXITY |
| 14.6.25 | The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access | In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever worked. | APT blog | VELOXITY |
| 14.6.25 | BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA | In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet’s Windows VPN client that allowed credentials to be stolen from the memory of the client’s process. This vulnerability was discovered while analyzing a recent sample of the DEEPDATA malware family. | Attack blog | VELOXITY |
| 14.6.25 | StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms | In mid-2023, Volexity detected and responded to multiple incidents involving systems becoming infected with malware linked to StormBamboo (aka Evasive Panda, and previously tracked by Volexity under “StormCloud”). | Malware blog | VELOXITY |
| 14.6.25 | DISGOMOJI Malware Used to Target Indian Government | In 2024, Volexity identified a cyber-espionage campaign undertaken by a suspected Pakistan-based threat actor that Volexity currently tracks under the alias UTA0137 | Malware blog | VELOXITY |
| 14.6.25 | Detecting Compromise of CVE-2024-3400 on Palo Alto Networks GlobalProtect Devices | Last month, Volexity reported on its discovery of zero-day, in-the-wild exploitation of CVE-2024-3400 in the GlobalProtect feature of Palo Alto Networks PAN-OS by a threat actor Volexity tracks as UTA0218. | Vulnerebility blog | VELOXITY |
| 14.6.25 | The Week in Vulnerabilities: Ivanti, Versa Flaws Flagged by Cyble | The week also included Patch Tuesday for many vendors, making it a busy one for security teams dealing... | Vulnerebility blog | Cyble |
| 14.6.25 | The Week in Vulnerabilities: Cyble Warns of Rising Exploits Targeting ICS, Enterprise, and Web Systems | Cyble reports rising vulnerability threats from May 28–June 3, highlighting flaws in ICS, enterprise,... | Exploit blog | Cyble |
| 14.6.25 | Software Supply Chain Attacks Surged in April and May | Threat actors are getting better at exploiting software supply chain vulnerabilities. We look at recent... | Hacking blog | Cyble |
| 14.6.25 | Over 20 Crypto Phishing Applications Found on the Play Store Stealing Mnemonic Phrases | CRIL discovers over 20 malicious apps targeting crypto wallet users with phishing tactics and Play Store... | Phishing blog | Cyble |
| 14.6.25 | Security Flaws in eMagicOne Store Manager for WooCommerce in WordPress (CVE-2025-5058 and CVE-2025-4603) | Security Flaws in eMagicOne Store Manager for WooCommerce in WordPress (CVE-2025-5058 and CVE-2025-4603) The eMagicOne Store Manager for WooCommerce plugin is in WordPress used to simplify and improve store management by providing functionality not found in the normal WooCommerce... | Vulnerebility blog | Seqrite |
| 14.6.25 | How Seqrite Endpoint Protection Blocks Non-Human Threats like Bots, Scripts, and Malware | How Seqrite Endpoint Protection Blocks Non-Human Threats like Bots, Scripts, and Malware In today’s hyper-connected digital world, the cybersecurity landscape is shifting dramatically. Gone are the days when cyberattacks primarily relied on human intervention. We’re now facing a new... | Security blog | Seqrite |
| 14.6.25 | Operation DRAGONCLONE: Chinese Telecommunication industry targeted via VELETRIX & VShell malware | Operation DRAGONCLONE: Chinese Telecommunication industry targeted via VELETRIX & VShell malware. Contents Introduction Initial Findings Infection Chain. Technical Analysis Stage 0 – Malicious ZIP File. Stage 1 – Malicious VELETRIX implant. Stage 2 – Malicious V-Shell implant. Hunting and... | BigBrother blog | Seqrite |
| 14.6.25 | Trapped by a Call: The Digital Arrest Scam | Digital Arrest Scam: It all starts with a phone call that seems routine at first—measured, official-sounding, and unexpectedly serious. On the other end is someone claiming to represent a government body, calmly accusing you of crimes you’ve never committed—drug... | Spam blog | Seqrite |
| 14.6.25 | TRACKING RANSOMWARE : MAY 2025 | EXECUTIVE SUMMARY In May 2025, ransomware attacks targeted critical industries such as Professional Goods & Services, Consumer Goods, and Manufacturing, with a total of | Ransom blog | Cyfirma |
| 14.6.25 | APT PROFILE – MISSION2025 | MISSION2025 is a Chinese state-sponsored advanced persistent threat (APT) group linked to APT41. Active since at least 2012, the group has conducted cyberespionage and | APT blog | Cyfirma |
| 14.6.25 | Understanding CyberEYE RAT Builder: Capabilities and Implications | EXECUTIVE SUMMARY CyberEye (also distributed under names like TelegramRAT) is a modular, .NET-based Remote Access Trojan (RAT) that provides a wide array of surveillance and | Malware blog | Cyfirma |
| 14.6.25 | AI is Critical Infrastructure: Securing the Foundation of the Global Future | AI data centers are critical infrastructure now. The U.S. investment in AI is nearing a trillion dollars, and new agreements between global superpowers and hyperscaler companies are turning AI into what recent congressional testimony from the Center for Strategic and International Studies described as “the defining competition of the 21st century.” | AI blog | Eclypsium |
| 14.6.25 | Even More Holes In Your Boot: Critical UEFI Secure Boot Bypass Vulnerabilities | Short Description: CVE-2025-427 (aka “Hydroph0bia”), CVE-2025-3052, and CVE-2025-47827 expose fundamental flaws in how firmware handles Secure Boot validation. Affecting systems using UEFI firmware, these vulnerabilities allow attackers to bypass critical security controls and execute malicious code during early boot phases. Here’s what you need to know: | Vulnerebility blog | Eclypsium |
| 14.6.25 | Anubis: A Closer Look at an Emerging Ransomware with Built-in Wiper | Anubis is an emerging ransomware-as-a-service (RaaS) group that adds a destructive edge to the typical double-extortion model with its file-wiping feature. We explore its origins and examine the tactics behind its dual-threat approach. | Ransom blog | Trend Micro |
| 14.6.25 | Critical SAP Vulnerability Exposes Enterprises | CVE-2025-31324 in SAP NetWeaver Visual Composer enables unauthenticated file uploads, exposing systems to RCE and data loss - learn what to do about it. | Vulnerebility blog | Trend Micro |
| 14.6.25 | High-Severity Open Redirect Vulnerability in Grafana Leads to Account Takeover: CVE-2025-4123 | The SonicWall Capture Labs threat research team became aware of an open redirect vulnerability in Grafana, assessed its impact and developed mitigation measures. | Vulnerebility blog | SonicWall |
| 14.6.25 | Microsoft Security Bulletin Coverage for June 2025 | Microsoft’s June 2025 Patch Tuesday includes 66 vulnerabilities, 25 of which are classified as Remote Code Execution (RCE). The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month and produced protection coverage for eight of the reported vulnerabilities. | OS Blog | SonicWall |
| 14.6.25 | JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique | We recently discovered a large-scale campaign that has been compromising legitimate websites with injected, obfuscated JavaScript code. | Malware blog | Palo Alto |
| 14.6.25 | The Evolution of Linux Binaries in Targeted Cloud Operations | Unit 42 researchers have identified a growing threat to cloud security: Linux Executable and Linkage Format (ELF) files that threat actors are developing to target cloud infrastructure. | Hacking blog | Palo Alto |
| 14.6.25 | Serverless Tokens in the Cloud: Exploitation and Detections | This article outlines the mechanics and security implications of serverless authentication across major cloud platforms. | Exploit blog | Palo Alto |
| 14.6.25 | CVE-2025-33053, Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage | Check Point Research (CPR) discovered a new campaign conducted by the APT group Stealth Falcon. The attack used a .url file that exploited a zero-day vulnerability (CVE-2025-33053) to execute malware from an actor-controlled WebDAV server. | Vulnerebility blog | Checkpoint |
| 14.6.25 | From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery | Check Point Research uncovered an active malware campaign exploiting expired and released Discord invite links. Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers. | Malware blog | Checkpoint |
| 14.6.25 | Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine | Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling “PathWiper.” | Malware blog | CISCO TALOS |
| 14.6.25 | Microsoft Patch Tuesday for June 2025 — Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for June 2025, which includes 66 vulnerabilities affecting a range of products, including 10 that Microsoft marked as “critical.” | OS Blog | CISCO TALOS |
| 14.6.25 | Copyright Phishing Lures Leading to Rhadamanthys Stealer Now Targeting Europe | Cybereason issues Threat Alerts to inform customers of emerging impacting threats, critical vulnerabilities and attacker campaigns. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them. | Phishing blog | Cybereason |
| 14.6.25 | Inside LockBit's Admin Panel Leak | the LockBit admin panel was hacked by an anonymous actor who replaced their TOR website with the text ‘Don’t do crime CRIME IS BAD xoxo from Prague’ and shared a SQL dump of their admin panel database in an archived file ‘paneldb_dump.zip’. | Ransom blog | Trelix |
| 13.6.25 | Fog Ransomware: Unusual Toolset Used in Recent Attack | Legitimate employee monitoring software and various pentesting tools deployed. | Ransom blog | SYMANTEC BLOG |
| 13.6.25 | First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted | On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists that consented for the technical analysis of their cases. The key findings from our forensic analysis of their devices are summarized below: | Malware blog | THE CITIZENLAB |
| 13.6.25 | Vexing and Vicious: The Eerie Relationship between WordPress Hackers and an Adtech Cabal | On November 13, 2024, Qurium researchers exposed that the Swiss-Czech adtech company Los Pollos was part of VexTrio, the largest and oldest known malicious TDS. | Malware blog | Infoblox |
| 13.6.25 | Attackers Unleash TeamFiltration: Account Takeover Campaign (UNK_SneakyStrike) Leverages Popular Pentesting Tool | Proofpoint threat researchers have recently uncovered an active account takeover (ATO) campaign, tracked as UNK_SneakyStrike, using the TeamFiltration pentesting framework to target Entra ID user accounts. | Malware blog | PROOFPOINT |
| 13.6.25 | Gone But Not Forgotten: Black Basta’s Enduring Legacy | The ransomware operator “Black Basta” has experienced a sharp decline following the public leak of its internal chat logs, but its legacy lives on. | Ransom blog | RELIAQUEST |
| 10.6.25 | Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets | In October 2024, SentinelLABS observed and countered a reconnaissance operation targeting SentinelOne, which we track as part of a broader activity cluster named PurpleHaze. | APT blog | SENTINEL LABS |
| 10.6.25 | Bruteforcing the phone number of any Google user | A few months ago, I disabled javascript on my browser while testing if there were any Google services left that still worked without JS in the modern web. Interestingly enough, the username recovery form still worked! | Hacking blog | BRUTECAT |
| 10.6.25 | Two Botnets, One Flaw: Mirai Spreads Through Wazuh Vulnerability | The Akamai Security Intelligence and Response Team (SIRT) has identified active exploitation of the critical remote code execution (RCE) vulnerability CVE-2025-24016 against Wazuh servers (CVSS 9.9). | BotNet blog | AKAMAI |
| 8.6.25 | Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines | UNC3944, which overlaps with public reporting on Scattered Spider, is a financially-motivated threat actor characterized by its persistent use of social engineering and brazen communications with victims. In early operations, UNC3944 largely targeted telecommunications-related organizations to support SIM swap operations | Hacking blog | Google Threat Intelligence |
| 7.6.25 | Security Flaws in Chrome Extensions: The Hidden Dangers of Hardcoded Credentials | API keys, secrets, and tokens commonly left exposed in browser extensions’ code. | Vulnerebility blog | SYMANTEC BLOG |
| 7.6.25 | The strange tale of ischhfd83: When cybercriminals eat their own | A simple customer query leads to a rabbit hole of backdoored malware and game cheats | Cyber blog | Sophos |
| 7.6.25 | How a Malicious Excel File (CVE-2017-0199) Delivers the FormBook Payload | Read how a malicious Excel file exploits CVE-2017-0199 to deliver FormBook malware via phishing. | Vulnerebility blog | FOTINET |
| 7.6.25 | CISA Issues Advisories Highlighting Siemens SiPass and Other Critical Vulnerabilities targeting ICS systems | CISA’s latest ICS advisories reveal major flaws in Siemens SiPass, Consilium fire panels, and more. | ICS blog | Cyble |
| 7.6.25 | Ransomware Landscape May 2025: SafePay, DevMan Emerge as Major Threats | Top Ransomware Groups of May 2025: SafePay and DevMan Rise | Ransom blog | Cyble |
| 7.6.25 | Over 20 Crypto Phishing Applications Found on the Play Store Stealing Mnemonic Phrases | CRIL discovers over 20 malicious apps targeting crypto wallet users with phishing tactics and Play Store distribution under compromised developer accounts. | Cryptocurrency blog | Cyble |
| 7.6.25 | Trapped by a Call: The Digital Arrest Scam | Digital Arrest Scam: It all starts with a phone call that seems routine at first—measured, official-sounding, and unexpectedly serious. On the other end is someone claiming to represent a government body, calmly accusing you of crimes you’ve never committed—drug | Spam blog | Seqrite |
| 7.6.25 | UKRAINE’S ATTACK ON RUSSIA’S STRATEGIC AIR FORCE – LIVE FEED FROM A REVOLUTION IN MILITARY AFFAIRS | EXECUTIVE SUMMARY In a stunning move on June 1, 2025, Ukraine unleashed "Operation Spider's Web", a daring, long-range drone attack that reportedly crippled up to a third of | BigBrother blog | Cyfirma |
| 7.6.25 | DuplexSpy RAT: Stealthy Windows Malware Enabling Full Remote Control and Surveillance | EXECUTIVE SUMMARY At CYFIRMA, we are committed to delivering timely intelligence on emerging cyber threats and adversarial tactics targeting individuals and organizations. | Malware blog | Cyfirma |
| 7.6.25 | Firewalls and Frontlines: The India-Pakistan Cyber Battlefield Crisis | EXECUTIVE SUMMARY At CYFIRMA, we are committed to offering up-to-date insights into prevalent threats and tactics employed by malicious actors, targeting both organizations | BigBrother blog | Cyfirma |
| 7.6.25 | Versa Concerto: Understanding and Mitigating CVE-2025-34027 | EXECUTIVE SUMMARY In May 2025, a set of critical zero-day vulnerabilities was disclosed in Versa Concerto, a popular SD-WAN and SASE solution used across enterprises for secure | Vulnerebility blog | Cyfirma |
| 7.6.25 | SMM Callout Vulnerabilities in UEFI | Eclypsium Automata has identified multiple, separate SMM callout vulnerabilities in UEFI modules supplied by AMD and leading firmware vendor AMI. | Vulnerebility blog | Eclypsium |
| 7.6.25 | Verizon DBIR 2025 Key Stats: Network Device Attacks, Third Party Risk, and More | Massive shifts in cyber attack behavior have been revealed in the 2025 Verizon Data Breach Investigation Report (DBIR). Here are a few of the most surprising stats with real world implications for cybersecurity strategy and attack surface management. | Security blog | Eclypsium |
| 7.6.25 | The Bitter End: Unraveling Eight Years of Espionage Antics—Part One | Analyst note: Throughout this blog, researchers have defanged TA397-controlled indicators and modified certain technical details to protect investigation methods. | APT blog | PROOFPOINT |
| 7.6.25 | GuLoader Brings the Noise — and the Obfuscation | This week the SonicWall Capture Labs threat research team analyzed a sample of GuLoader, a dropper and infostealer capable of harvesting credentials, evading AV, and creating persistence through a variety of techniques. It drops a number of files and uses them as timers and canaries to ensure uptime on the victim system. | Malware blog | SonicWall |
| 7.6.25 | Cacti v1.2.25 CVE-2023-49085 and CVE-2023-49084 Enable SQLi, LFI, and RCE | SonicWall Capture Labs threat research team became aware of the threat CVE-2023-49085, assessed its impact and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
| 7.6.25 | High-Severity Open Redirect Vulnerability in Grafana Leads to Account Takeover: CVE-2025-4123 | The SonicWall Capture Labs threat research team became aware of an open redirect vulnerability in Grafana, assessed its impact and developed mitigation measures. Grafana is known for creating dynamic charts, graphs, and alerts based on data sources, making it a critical component in many monitoring stacks. | Vulnerebility blog | SonicWall |
| 7.6.25 | How Good Are the LLM Guardrails on the Market? A Comparative Study on the Effectiveness of LLM Content Filtering Across Major GenAI Platforms | We conducted a comparative study of the built-in guardrails offered by three major cloud-based large language model (LLM) platforms. We examined how each platform's guardrails handle a broad range of prompts, from benign queries to malicious instructions. | AI blog | Palo Alto |
| 7.6.25 | Lost in Resolution: Azure OpenAI's DNS Resolution Issue | In late 2024, Unit 42 researchers discovered an issue with Azure OpenAI’s Domain Name System (DNS) resolution logic that could have enabled cross-tenant data leaks and meddler-in-the-middle (MitM) attacks. This issue stemmed from a misconfiguration in how the Azure OpenAI API handled domain assignments, versus how the user interface (UI) handled them. | AI blog | Palo Alto |
| 7.6.25 | Blitz Malware: A Tale of Game Cheats and Code Repositories | In 2024, we discovered new Windows-based malware called Blitz. This article provides an in-depth analysis of the malware, examines its distribution and reviews Blitz malware's command and control (C2) infrastructure. We found a new version of Blitz in early 2025, which indicates this malware has been in active development. | Malware blog | Palo Alto |
| 7.6.25 | Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine | Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling “PathWiper.” | Malware blog | CISCO TALOS |
| 7.6.25 | BladedFeline: Whispering in the dark | ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig | APT blog | Eset |
| 7.6.25 | Don’t let dormant accounts become a doorway for cybercriminals | Do you have online accounts you haven't used in years? If so, a bit of digital spring cleaning might be in order. | Cyber blog | Eset |
| 7.6.25 | Demystifying Myth Stealer: A Rust Based InfoStealer | During regular proactive threat hunting, the Trellix Advanced Research Center identified a fully undetected infostealer malware sample written in Rust. | Malware blog | Trelix |
| 7.6.25 | Unmasking Insecure HTTP Data Leaks in Popular Chrome Extensions | Extensions analyzed expose information such as browsing domains, machine IDs, OS details, usage analytics, and more. | Hacking blog | SYMANTEC BLOG |
| 5.6.25 | The Bitter End: Unraveling Eight Years of Espionage Antics – Part Two | Bitter's malware has significantly evolved since 2016, moving from basic downloaders to more capable RATs. The group primarily uses simple and home-grown payloads delivered via their infection chain, rather than relying on advanced anti-analysis techniques within the payloads itself. | APT blog | THREATRAY |
| 5.6.25 | The Bitter End: Unraveling Eight Years of Espionage Antics—Part One | Proofpoint Threat Research assesses it is highly likely that TA397 is a state-backed threat actor tasked with intelligence gathering in the interests of the Indian state. | APT blog | PROOFPOINT |
| 1.6.25 | Infostealer Malware FormBook Spread via Phishing Campaign – Part II | Learn how the FormBook payload operates on a compromised machine, including the complicated anti-analysis techniques employed by this variant. | Malware blog | FOTINET |
| 1.6.25 | Storm-0558 and the Dangers of Cross-Tenant Token Forgery | Modern cloud ecosystems often place a single identity provider in charge of handling logins and tokens for a wide range of customers. | Hacking blog | TRUSTWAVE |
| 1.6.25 | U.S. Treasury Sanctions FUNNULL CDN, FBI Issues Advisory Warning Against Major Cyber Scam Facilitator | The U.S. Department of the Treasury sanctioned Chinese-based content delivery network (CDN), FUNNULL, labeling it as a major distributor of online scams. The FBI concurrently released an advisory report to disseminate indicators of compromise (IOCs) associated with malicious cyber activities linked to FUNNULL. | Spam blog | Silent Push |
| 1.6.25 | Lumma Infostealer – Down but Not Out? | The takedown achieved a significant disruption to Lumma infostealers’ infrastructure, but likely didn’t permanently affect most of its Russia-hosted infrastructure. | Malware blog | Checkpoint |
| 1.6.25 | The Week in Vulnerabilities: Cyble Sensors Detect Attack Attempts on SAP, Ivanti | Attack attempts picked up by Cyble Sensors’ honeypots highlight threat actors’ resourcefulness and the need for strong security defenses. | Vulnerebility blog | Cyble |
| 1.6.25 | CISA Updates Advisory for Active Exploitation Targeting Commvault Metallic SaaS Cloud Platform | CISA issues urgent update on threats targeting Commvault’s Metallic SaaS platform, widely used for Microsoft 365 backups. | Exploit blog | Cyble |
| 1.6.25 | FBI Warns Silent Ransom Group Targeting U.S. Law Firms Using Social Engineering and Callback Phishing | The U.S. Federal Bureau of Investigation (FBI) has issued a fresh alert warning law firms and cybersecurity professionals about ongoing cyber threat activity linked to the Silent Ransom Group (SRG)—also known as Luna Moth, Chatty Spider, or UNC3753. | Ransom blog | Cyble |
| 1.6.25 | Lyrix Ransomware | EXECUTIVE SUMMARY CYFIRMA’s research team discovered Lyrix Ransomware while monitoring underground forums as part of our Threat Discovery Process. Developed in Python and | Ransom blog | Cyfirma |
| 1.6.25 | Windows 11 Migration: Navigating the Hardware-Driven Challenges | The clock is ticking. With Microsoft ending Windows 10 support on October 25, 2025—just six months away—organizations worldwide are racing against time to complete their Windows 11 migration. | OS Blog | Eclypsium |
| 1.6.25 | Enhanced Threat Detection: Bootloaders, Bootkits, and Secure Boot | The attack surface Eclypsium set out to defend extends to areas in our systems that many security teams and monitoring tools are either overlooking or trusting someone else has secured for them. | Malware blog | Eclypsium |
| 1.6.25 | Trend Micro Leading the Fight to Secure AI | New MITRE ATLAS submission helps strengthen organizations’ cyber resilience | AI blog | Trend Micro |
| 1.6.25 | Earth Lamia Develops Custom Arsenal to Target Multiple Industries | Trend™ Research has been tracking an active APT threat actor named Earth Lamia, targeting multiple industries in Brazil, India and Southeast Asia countries at least since 2023. The threat actor primarily exploits vulnerabilities in web applications to gain access to targeted organizations. | APT blog | Trend Micro |
| 1.6.25 | NightSpire Ransomware Encrypts Cloud-Stored OneDrive Files | This week, the SonicWall Capture Labs threat research team analyzed a ransomware variant known as NightSpire. While its behavior is typical of most ransomware—encrypting user files and providing recovery instructions via a text file—what makes NightSpire especially concerning is its rapid growth. | Ransom blog | SonicWall |
| 1.6.25 | Cybercriminals camouflaging threats as AI tool installers | Cisco Talos has uncovered new threats, including ransomware like CyberLock and Lucky_Gh0$t, and a destructive malware called Numero, all disguised as legitimate AI tool installers to target victims. | Cyber blog | CISCO TALOS |
| 1.6.25 | This month in security with Tony Anscombe – May 2025 edition | From a flurry of attacks targeting UK retailers to campaigns corralling end-of-life routers into botnets, it's a wrap on another month filled with impactful cybersecurity news | Cyber blog | Eset |
| 1.6.25 | Word to the wise: Beware of fake Docusign emails | Cybercriminals impersonate the trusted e-signature brand and send fake Docusign notifications to trick people into giving away their personal or corporate data | Cyber blog | Eset |
| 1.6.25 | The Windows Registry Adventure #8: Practical exploitation of hive memory corruption | In the previous blog post, we focused on the general security analysis of the registry and how to effectively approach finding vulnerabilities in it. | Vulnerebility blog | Project Zero |
| 1.6.25 | A Flyby on the CFO's Inbox: Spear-Phishing Campaign Targeting Financial Executives with NetBird Deployment | On May 15th, Trellix's email security products alerted on a highly targeted spear-phishing operation aimed at CFOs and finance executives at banks, energy companies, insurers, and investment firms across Europe, Africa, Canada, the Middle East, and South Asia. | Phishing blog | Trelix |