2025 January(178) February(102) March(349) April(412) May(435) June(471) July(395) August(189) September(431) October(422) November(0) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 30.10.25 | ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising | The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face | CyberCrime | |
| 30.10.25 | PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs | Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal | Virus | The Hacker News |
| 30.10.25 | Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices | Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai , Gafgyt , and Mozi | IoT | The Hacker News |
| 29.10.25 | New AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified Facts | Cybersecurity researchers have flagged a new security issue in agentic web browsers like OpenAI ChatGPT Atlas that exposes underlying artificial intelligence (AI) models to context | AI | |
| 29.10.25 | Russian Hackers Target Ukrainian Organizations Using Stealthy Living-Off-the-Land Tactics | Organizations in Ukraine have been targeted by threat actors of Russian origin with an aim to siphon sensitive data and maintain persistent access to compromised networks. The activity, | BigBrothers | |
| 29.10.25 | 10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux | Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and macOS systems. | Virus | The Hacker News |
| 29.10.25 | Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack | Threat actors are actively exploiting multiple security flaws impacting Dassault Systèmes DELMIA Apriso and XWiki, according to alerts issued by the U.S. Cybersecurity and | Exploit | The Hacker News |
| 29.10.25 | New TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves | A group of academic researchers from Georgia Tech, Purdue University, and Synkhronix have developed a side-channel attack called TEE.Fail that allows for the extraction of secrets from | Attack | |
| 29.10.25 | New Android Trojan 'Herodotus' Outsmarts Anti-Fraud Systems by Typing Like a Human | Cybersecurity researchers have disclosed details of a new Android banking trojan called Herodotus that has been observed in active campaigns targeting Italy and Brazil to conduct | Virus | The Hacker News |
| 29.10.25 | Researchers Expose GhostCall and GhostHire: BlueNoroff's New Malware Chains | Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire . According to | Virus | The Hacker News |
| 29.10.25 | Why Early Threat Detection Is a Must for Long-Term Business Growth | In cybersecurity, speed isn't just a win — it's a multiplier. The faster you learn about emerging threats, the faster you adapt your defenses, the less damage you suffer, and the more | Security | The Hacker News |
| 29.10.25 | Chrome Zero-Day Exploited to Deliver Italian Memento Labs' LeetAgent Spyware | The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services | Exploit | |
| 28.10.25 | SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats | A European embassy located in the Indian capital of New Delhi, as well as multiple organizations in Sri Lanka, Pakistan, and Bangladesh, have emerged as the target of a new | APT | |
| 28.10.25 | X Warns Users With Security Keys to Re-Enroll Before November 10 to Avoid Lockouts | Social media platform X is urging users who have enrolled for two-factor authentication (2FA) using passkeys and hardware security keys like Yubikeys to re-enroll their key to ensure | Social | The Hacker News |
| 28.10.25 | New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands | Cybersecurity researchers have discovered a new vulnerability in OpenAI's ChatGPT Atlas web browser that could allow malicious actors to inject nefarious instructions into the | AI | The Hacker News |
| 28.10.25 | Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack | The ransomware group known as Qilin (aka Agenda, Gold Feather, and Water Galura) has claimed more than 40 victims every month since the start of 2025, barring January, with the | Ransom | The Hacker News |
| 28.10.25 | ChatGPT Atlas Browser Can Be Tricked by Fake URLs into Executing Hidden Commands | The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targeting a broad range of | AI | |
| 27.10.25 | Hackers steal Discord accounts with RedTiger-based infostealer | Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information. | Virus | |
| 27.10.25 | New CoPhish attack steals OAuth tokens via Copilot Studio agents | A new phishing technique dubbed 'CoPhish' weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains. | Attack | |
| 27.10.25 | Hackers launch mass attacks exploiting outdated WordPress plugins | A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code execution (RCE). | Exploit | |
| 27.10.25 | Critical WSUS flaw in Windows Server now exploited in attacks | Attackers are now exploiting a critical-severity Windows Server Update Service (WSUS) vulnerability, which already has publicly available proof-of-concept exploit code. | Vulnerebility | |
| 27.10.25 | Fake LastPass death claims used to breach password vaults | LastPass is warning customers of a phishing campaign sending emails with an access request to the password vault as part of a legacy inheritance process. | Incindent | |
| 27.10.25 | How to reduce costs with self-service password resets | Password resets account for nearly 40% of IT help desk calls, costing orgs time and money. Specops Software's uReset lets users securely reset passwords with flexible MFA options like Duo, Okta, and Yubikey while enforcing identity verification to stop misuse. | Security | |
| 27.10.25 | Windows Server emergency patches fix WSUS bug with PoC exploit | Microsoft has released out-of-band (OOB) security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with publicly available proof-of-concept exploit code. | Vulnerebility | |
| 27.10.25 | Hackers earn $1,024,750 for 73 zero-days at Pwn2Own Ireland | The Pwn2Own Ireland 2025 hacking competition has ended with security researchers collecting $1,024,750 in cash awards after exploiting 73 zero-day vulnerabilities. | Congress | |
| 27.10.25 | Toys “R” Us Canada warns customers' info leaked in data breach | Toys "R" Us Canada has sent notices of a data breach to customers informing them of a security incident where threat actors leaked customer records they had previously stolen from its systems. | Incindent | |
| 26.10.25 | CISA warns of Lanscope Endpoint Manager flaw exploited in attacks | The Cybersecurity & Infrastructure Security Agency (CISA) is warning that hackers are exploiting a critical vulnerability in the Motex Landscope Endpoint Manager. | Exploit | |
| 26.10.25 | Microsoft disables File Explorer preview for downloads to block attacks | Microsoft says that the File Explorer (formerly Windows Explorer) now automatically blocks previews for files downloaded from the Internet to block credential theft attacks via malicious documents. | Attack | |
| 26.10.25 | Spoofed AI sidebars can trick Atlas, Comet users into dangerous actions | OpenAI's Atlas and Perplexity's Comet browsers are vulnerable to AI sidebar spoofing attacks that mislead users into following fake AI-generated instructions. | AI | |
| 26.10.25 | North Korean Lazarus hackers targeted European defense companies | North Korean Lazarus hackers compromised three European companies in the defense sector through a coordinated Operation DreamJob campaign leveraging fake recruitment lures. | APT | |
| 26.10.25 | Iranian hackers targeted over 100 govt orgs with Phoenix backdoor | State-sponsored Iranian hacker group MuddyWater has targeted more than 100 government entities in attacks that deployed version 4 of the Phoenix backdoor. | APT | |
| 26.10.25 | Pwn2Own Day 2: Hackers exploit 22 zero-days for $267,500 | Security researchers collected $267,500 in cash after exploiting 22 unique zero-day vulnerabilities during the second day of the Pwn2Own Ireland 2025 hacking competition. | Congress | |
| 26.10.25 | Hackers exploiting critical "SessionReaper" flaw in Adobe Magento | Hackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded. | Vulnerebility | |
| 26.10.25 | TARmageddon flaw in abandoned Rust library enables RCE attacks | A high-severity vulnerability in the now-abandoned async-tar Rust library and its forks can be exploited to gain remote code execution on systems running unpatched software. | Vulnerebility | |
| 26.10.25 | Meta launches new anti-scam tools for WhatsApp and Messenger | Meta has announced new tools to help WhatsApp and Messenger users protect themselves from potential scams and secure their accounts. | Social | |
| 26.10.25 | FinWise data breach shows why encryption is your last defense | The FinWise breach shows that when insider threats strike, encryption is the last line of defense. Penta Security's D.AMO platform unites encryption, key management, and access control to keep sensitive data secure. | Incindent | |
| 26.10.25 | PhantomCaptcha ClickFix attack targets Ukraine war relief orgs | A spearphishing attack that lasted a single day targeted members of the Ukrainian regional government administration and organizations critical for the war relief effort in Ukraine, including the International Committee of the Red Cross, UNICEF, and various NGOs. | BigBrothers | |
| 26.10.25 | Sharepoint ToolShell attacks targeted orgs across four continents | Hackers believed to be associated with China have leveraged the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint in attacks targeting government agencies, universities, telecommunication service providers, and finance organizations. | Vulnerebility | |
| 26.10.25 | Vidar Stealer 2.0 adds multi-threaded data theft, better evasion | The operators of Vidar Stealer, one of the most successful malware-as-a-service (MaaS) operations of the past decade, have released a new major version to reflect massive improvements in the malware. | Virus | |
| 26.10.25 | TP-Link warns of critical command injection flaw in Omada gateways | TP-Link has made firmware updates available for a broad range of Omada gateway models to address four vulnerabilities, among which a critical pre-auth OS command injection. | Vulnerebility | |
| 26.10.25 | CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw | CISA has confirmed that an Oracle E-Business Suite flaw tracked as CVE-2025-61884 is being exploited in attacks, adding it to its Known Exploited Vulnerabilities catalog. | Vulnerebility | |
| 25.10.25 | Cursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilities | The latest releases of Cursor and Windsurf integrated development environments are vulnerable to more than 94 known and patched security issues in the Chromium browser and the V8 JavaScript engine. | Vulnerebility | |
| 25.10.25 | Hackers exploit 34 zero-days on first day of Pwn2Own Ireland | On the first day of Pwn2Own Ireland 2025, security researchers exploited 34 unique zero-days and collected $522,500 in cash awards. | Congress | |
| 25.10.25 | Microsoft: Recent Windows updates cause login issues on some PCs | Microsoft has confirmed that Windows updates released since August 29, 2025, are breaking authentication on systems sharing Security Identifiers. | OS | |
| 25.10.25 | Russian hackers evolve malware pushed in "I am not a robot" captchas | The Russian state-backed Star Blizzard hacker group has ramped up operations with new, constantly evolving malware families (NoRobot, MaybeRobot) deployed in complex delivery chains that start with ClickFix social engineering attacks. | Virus | |
| 25.10.25 | Maximizing gateway security: Beyond the basic configuration | Gateways can do more than route traffic, they can also strengthen your entire security posture. Learn how NordLayer combines ZTNA, firewalls, and private gateways to secure hybrid teams and keep networks compliant. | Security | |
| 25.10.25 | Microsoft fixes bug preventing users from opening classic Outlook | Microsoft has fixed a major bug preventing Microsoft 365 users from launching the classic Outlook email client on Windows systems. | OS | |
| 25.10.25 | Windows 11 KB5070773 emergency update fixes Windows Recovery issues | Microsoft has released an emergency update to fix the Windows Recovery Environment (WinRE), which became unusable on systems with USB mice and keyboards after installing the October 2025 security updates. | OS | |
| 25.10.25 | DNS0.EU private DNS service shuts down over sustainability issues | The DNS0.EU non-profit public DNS service focused on European users announced its immediate shut down due to time and resource constraints. | Cyber | |
| 25.10.25 | Microsoft: October updates break USB input in Windows Recovery | Microsoft has confirmed that this month's security updates disable USB mice and keyboards in the Windows Recovery Environment (WinRE), making it unusable. | OS | |
| 25.10.25 | Retail giant Muji halts online sales after ransomware attack on supplier | Japanese retail company Muji has taken offline its store due to a logistics outage caused by a ransomware attack at its delivery partner, Askul. | Ransom | |
| 25.10.25 | Over 75,000 WatchGuard security devices vulnerable to critical RCE | Nearly 76,000 WatchGuard Firebox network security appliances are exposed on the public web and still vulnerable to a critical issue (CVE-2025-9242) that could allow a remote attacker to execute code without authentication. | Vulnerebility | |
| 25.10.25 | CISA: High-severity Windows SMB flaw now exploited in attacks | CISA says threat actors are now actively exploiting a high-severity Windows SMB privilege escalation vulnerability that can let them gain SYSTEM privileges on unpatched systems. | Exploit | |
| 25.10.25 | Self-spreading GlassWorm malware hits OpenVSX, VS Code registries | A new and ongoing supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with self-spreading malware called GlassWorm that has been installed an estimated 35,800 times. | Virus | |
| 25.10.25 | Microsoft fixes Windows Server Active Directory sync issues | Microsoft is rolling out a fix for Active Directory issues affecting some Windows Server 2025 systems after installing security updates released since September. | OS | |
| 25.10.25 | Microsoft warns of Windows smart card auth issues after October updates | Microsoft says the October 2025 Windows security updates are causing smart card authentication and certificate issues due to a change designed to strengthen the Windows Cryptographic Services | OS | |
| 25.10.25 | Find hidden malicious OAuth apps in Microsoft 365 using Cazadora | Malicious OAuth apps can hide inside Microsoft 365 tenants. Huntress Labs' Cazadora script helps uncover rogue apps before they lead to a breach. Dive deeper in their Tradecraft Tuesday sessions. | Cyber | |
| 25.10.25 | AWS outage crashes Amazon, Prime Video, Fortnite, Perplexity and more | AWS outage has taken down millions of websites, including Amazon.com, Prime Video, Perplexity AI, Canva and more. | Cyber | |
| 25.10.25 | TikTok videos continue to push infostealers in ClickFix attacks | Cybercriminals are using TikTok videos disguised as free activation guides for popular software like Windows, Spotify, and Netflix to spread information-stealing malware. | Social | |
| 25.10.25 | Experian fined $3.2 million for mass-collecting personal data | Experian Netherlands has been fined EUR 2.7 million ($3.2 million) for multiple violations of the General Data Protection Regulation (GDPR) | Incindent | |
| 25.10.25 | CrowdStrike 2025 APJ eCrime Landscape Report: A New Era of Threats Emerges | CrowdStrike Intelligence observes a thriving Chinese-language underground ecosystem and the rise of AI-developed ransomware operations. | Cyber blog | CROWDSTRIKE |
| 25.10.25 | New User Experience Transforms Interaction with the Falcon Platform | The Falcon platform’s new dynamic user experience, powered by CrowdStrike Enterprise Graph and Charlotte AI, transforms how users interact with the platform. | Cyber blog | CROWDSTRIKE |
| 25.10.25 | How Falcon Exposure Management’s ExPRT.AI Predicts What Attackers Will Exploit | ExPRT.AI is built into Falcon Exposure Management to eliminate noise and prioritize which vulnerabilities present the greatest risk. | Vulnerebility blog | CROWDSTRIKE |
| 25.10.25 | From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918) | In September 2025, a critical vulnerability (CVE-2025-54918) was discovered affecting domain controllers running LDAP or LDAPS services. This vulnerability allows attackers to elevate privileges from a standard domain user to SYSTEM level access, potentially compromising entire Active Directory environments. | Vulnerebility blog | CROWDSTRIKE |
| 25.10.25 | Ransomware Reality: Business Confidence Is High, Preparedness Is Low | The CrowdStrike State of Ransomware Survey finds a substantial gap between perceived ransomware readiness and actual preparedness, with 76% of respondents struggling to match the speed of AI-powered attacks. | Ransom blog | CROWDSTRIKE |
| 25.10.25 | Warlock Ransomware: Old Actor, New Tricks? | The China-based actor behind the Warlock ransomware may not be a new player and has links to malicious activity dating as far back as 2019. | Ransom blog | SECURITY.COM |
| 25.10.25 | Silent Push Detects Salt Typhoon Infrastructure Months Before It Went Live, New IOFA™ Feeds Provide Customers With Early Detection Ahead of Operational Use | Back in June, Silent Push provided our enterprise customers with unpublished infrastructure related to the Chinese APT group Salt Typhoon, giving our customers the early visibility and historical reach-back they needed for both security and their own investigations. | APT blog | Silent Push |
| 25.10.25 | Google Threat Intelligence Group (GTIG) observed multiple instances of pro-Russia information operations (IO) actors promoting narratives related to the reported incursion of Russian drones into Polish airspace that occurred on Sept. 9-10, 2025. | APT blog | Google Threat Intelligence | |
| 25.10.25 | Google Threat Intelligence Group (GTIG) is tracking a cluster of financially motivated threat actors operating from Vietnam that leverages fake job postings on legitimate platforms to target individuals in the digital advertising and marketing sectors. | APT blog | Google Threat Intelligence | |
| 25.10.25 | LockBit Returns — and It Already Has Victims | Key Takeaways LockBit is back. After being disrupted in early 2024, the ransomware group has ... | Ransom blog | CHECKPOINT |
| 25.10.25 | Newcomers Fuel Ransomware Explosion in 2025 as Old Groups Fade | Ransomware attacks surged 50% in 2025, with groups like Qilin and newcomers exploiting vulnerabilities, targeting the U.S., South Korea, and other global regions. | Ransom blog | Cyble |
| 25.10.25 | CISA Adds Oracle, Microsoft, Apple, Kentico Bugs to KEV Catalog | CISA has added five critical vulnerabilities impacting Oracle, Microsoft, Apple, and Kentico products to its Known Exploited Vulnerabilities catalog. Organizations must apply vendor patches before November 10, 2025, to mitigate exploitation risks. | Vulnerebility blog | Cyble |
| 25.10.25 | Anatomy of the Red Hat Intrusion: Crimson Collective and SLSH Extortions | Introduction In August 2025, a Telegram channel named “Scattered LAPSUS$ Hunters” surfaced, linking itself to notorious cybercrime groups: Scattered Spider, ShinyHunters, and LAPSUS$. The group quickly began posting stolen data, ransom demands, and provocative statements, reviving chaos once driven.. | Hacking blog | Seqrite |
| 25.10.25 | GHOSTGRAB ANDROID MALWARE | Sophisticated Android malware that mines crypto and silently steals banking credentials. EXECUTIVE SUMMARY CYFIRMA is dedicated to providing advanced warning and strategic | Malware blog | Cyfirma |
| 25.10.25 | CVE-2025-6541 : TP-Link Omada Gateway Remote Command Injection Vulnerability Analysis | EXECUTIVE SUMMARY CVE-2025-6541 is a critical Remote Command Injection vulnerability in TP-Link Omada Gateway devices, caused by improper input validation in the web | Vulnerebility blog | Cyfirma |
| 25.10.25 | Proofpoint releases innovative detections for threat hunting: PDF Object Hashing | The PDF format is widely used by threat actors to kickstart malicious activity. In email campaigns, Proofpoint researchers observe PDFs distributed in many ways. | Malware blog | PROOFPOINT |
| 25.10.25 | Beyond credentials: weaponizing OAuth applications for persistent cloud access | Cloud account takeover (ATO) attacks have become a significant concern in recent years, with cybercriminals and state-sponsored actors increasingly adopting malicious OAuth applications as a means to gain persistent access within compromised environments. | Cyber blog | PROOFPOINT |
| 25.10.25 | Inside the attack chain: Threat activity targeting Azure Blob Storage | Azure Blob Storage is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads and is increasingly targeted through sophisticated attack chains that exploit misconfigurations, exposed credentials, and evolving cloud tactics. | Hacking blog | Microsoft blog |
| 25.10.25 | The Rise of Collaborative Tactics Among China-aligned Cyber Espionage Campaigns | Trend™ Research examines the complex collaborative relationship between China-aligned APT groups via the new “Premier Pass-as-a-Service” model, exemplified by the recent activities of Earth Estries and Earth Naga. | APT blog | Trend Micro |
| 25.10.25 | Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques | Trend™ Research identified a sophisticated Agenda ransomware attack that deployed a Linux variant on Windows systems. This cross-platform execution can make detection challenging for enterprises. | Ransom blog | Trend Micro |
| 25.10.25 | How Trend Micro Empowers the SOC with Agentic SIEM | By delivering both XDR leadership and Agentic SIEM innovation under one platform, Trend is redefining what security operations can be. | Security blog | Trend Micro |
| 25.10.25 | Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities | Trend™ Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left after Lumma Stealer’s decline. | Malware blog | Trend Micro |
| 25.10.25 | Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing | A targeted underground doxxing campaign exposed alleged core members of Lumma Stealer (Water Kurita), resulting in a sharp decline in its activity and a migration of customers to rival infostealer platforms. | Malware blog | Trend Micro |
| 25.10.25 | Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits | Trend™ Research has uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352, allowing remote code execution and rootkit deployment on unprotected devices, with impacts observed on Cisco 9400, 9300, and legacy 3750G series. | Vulnerebility blog | Trend Micro |
| 25.10.25 | LockBit 5.0: Understanding the Latest Developments in Ransomware Threats | LockBit ransomware is one of the most active and notorious ransomware-as-a-service (RaaS) operations, first appearing in 2019 and having evolved through versions that we have analyzed and written about here and here. Last year, it was reported that law enforcement seized LockBit’s infrastructure and arrested affiliates, but several copycats and spinoffs still surfaced. | Ransom blog | SonicWall |
| 25.10.25 |
Cloud Discovery With AzureHound |
AzureHound is a data collection tool intended for penetration testing that is part of the BloodHound suite. Threat actors misuse this tool to enumerate Azure resources and map potential attack paths, enabling further malicious operations. Here, we help defenders understand the tool and protect against illegitimate use of it. | Cyber blog | Palo Alto |
| 25.10.25 |
The Smishing Deluge: China-Based Campaign Flooding Global Text |
We investigated a campaign waged by financially motivated threat actors operating out of Morocco. We refer to this campaign as Jingle Thief, due to the attackers’ modus operandi of conducting gift card fraud during festive seasons. Jingle Thief attackers use phishing and smishing to steal credentials, to compromise organizations that issue gift cards. | APT blog | Palo Alto |
| 25.10.25 |
Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign |
We are attributing an ongoing smishing (phishing via text message) campaign of fraudulent toll violation and package misdelivery notices to a group widely known as the Smishing Triad. Our analysis indicates this campaign is a significantly more extensive and complex threat than previously reported. Attackers have impersonated international services across a wide array of critical sectors. | Hacking blog | Palo Alto |
| 25.10.25 | Dissecting YouTube’s Malware Distribution Network | Check Point Research uncovered and analyzed the YouTube Ghost Network, a sophisticated and coordinated collection of malicious accounts operating on YouTube. These accounts systematically take advantage of YouTube’s features to promote malicious content, ultimately distributing malware while creating a false sense of trust among viewers. | Malware blog | CHECKPOINT |
| 25.10.25 | IR Trends Q3 2025: ToolShell attacks dominate, highlighting criticality of segmentation and rapid response | Cisco Talos Incident Response observed a surge in attacks exploiting public-facing applications — mainly via ToolShell targeting SharePoint — for initial access, with post-exploitation phishing and evolving ransomware tactics also persisting this quarter. | Exploit blog | CISCO TALOS |
| 25.10.25 | Think passwordless is too complicated? Let's clear that up | We’ve relied on passwords for years to protect our online accounts, but they’ve also become one of the easiest ways attackers get in. Cisco Duo helps clear up some of the biggest passwordless myths. | Cyber blog | CISCO TALOS |
| 25.10.25 | Strings in the maze: Finding hidden strengths and gaps in your team | In this week’s newsletter, Bill explores how open communication about your skills and experience can help your security team uncover hidden gaps, strengthen your defenses, and better prepare for ever-present threats. | Cyber blog | CISCO TALOS |
| 25.10.25 | Reducing abuse of Microsoft 365 Exchange Online’s Direct Send | Cisco Talos has observed increased activity by malicious actors leveraging Direct Send as part of phishing campaigns. Here's how to strengthen your defenses. | Cyber blog | CISCO TALOS |
| 25.10.25 | Ransomware attacks and how victims respond | This edition highlights the detailed studies that have been recently published on how ransomware attacks affect victims, from PTSD to burnout, and discusses ways to help deal with the fallout of victimization. | Ransom blog | CISCO TALOS |
| 25.10.25 | BeaverTail and OtterCookie evolve with a new Javascript module | Cisco Talos has uncovered a new attack linked to Famous Chollima, a threat group aligned with North Korea (DPRK). | Malware blog | CISCO TALOS |
| 25.10.25 | Laura Faria: Empathy on the front lines | Laura opens up about her journey through various cybersecurity roles, her leap into incident response, and what it feels like to support customers during their toughest moments — including high-stakes situations impacting critical infrastructure. | Cyber blog | CISCO TALOS |
| 25.10.25 | Open PLC and Planet vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed one vulnerability in the OpenPLC logic controller and four vulnerabilities in the Planet WGR-500 router. For Snort coverage that can detect the exploitation of these vulnerabilities, download the lates | ICS blog | CISCO TALOS |
| 25.10.25 | Microsoft Patch Tuesday for October 2025 — Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for October 2025, addressing 175 Microsoft CVEs and 21 non-Microsoft CVEs. Among these, 17 vulnerabilities are considered critical and 11 are flagged as important and considered more likely to be exploited. | OS Blog | CISCO TALOS |
| 25.10.25 | Cybersecurity Awareness Month 2025: Cyber-risk thrives in the shadows | Shadow IT leaves organizations exposed to cyberattacks and raises the risk of data loss and compliance failures | Cyber blog | Eset |
| 25.10.25 | Gotta fly: Lazarus targets the UAV sector | ESET research analyzes a recent instance of the Operation DreamJob cyberespionage campaign conducted by Lazarus, a North Korea-aligned APT group | APT blog | Eset |
| 25.10.25 | SnakeStealer: How it preys on personal data – and how you can protect yourself | Here’s what to know about the malware with an insatiable appetite for valuable data, so much so that it tops this year's infostealer detection charts | Malware blog | Eset |
| 25.10.25 | Cybersecurity Awareness Month 2025: Building resilience against ransomware | Ransomware rages on and no organization is too small to be targeted by cyber-extortionists. How can your business protect itself against the threat? | Ransom blog | Eset |
| 25.10.25 | Minecraft mods: Should you 'hack' your game? | Some Minecraft mods don’t help build worlds – they break them. Here’s how malware can masquerade as a Minecraft mod. | Hacking blog | Eset |
| 25.10.25 | SideWinder's Shifting Sands: Click Once for Espionage | SideWinder APT evolves with PDF and ClickOnce attacks targeting South Asia. Discover their new TTPs and how to protect your organization. | APT blog | Trelix |
| 25.10.25 | Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation | The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targeting a broad range of | Phishing | The Hacker News |
| 25.10.25 | Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation | Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit | Vulnerebility | |
| 25.10.25 | APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign | A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as | APT | The Hacker News |
| 25.10.25 | 3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation | A malicious network of YouTube accounts has been observed publishing and promoting videos that lead to malware downloads, essentially abusing the popularity and trust | Virus | The Hacker News |
| 25.10.25 | Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack | Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension | Virus | |
| 25.10.25 | North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets | Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running | APT | The Hacker News |
| 25.10.25 | ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More | Criminals don't need to be clever all the time; they just follow the easiest path in: trick users, exploit stale components, or abuse trusted systems like OAuth and package registries. If your | Cyber | |
| 25.10.25 | 'Jingle Thief' Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards | Cybersecurity researchers have shed light on a cybercriminal group called Jingle Thief that has been observed targeting cloud environments associated with organizations in the retail | Exploit | The Hacker News |
| 25.10.25 | Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw | E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source | Exploit | |
| 25.10.25 | Critical Lanscope Endpoint Manager Bug Exploited in Ongoing Cyberattacks, CISA Confirms | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Motex Lanscope Endpoint Manager to its Known Exploited | Exploit | The Hacker News |
| 25.10.25 | Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign | The Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to distribute a backdoor called Phoenix to | APT | |
| 25.10.25 | Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files | Cybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting organizations associated with Ukraine's war relief efforts | Phishing | The Hacker News |
| 22.10.25 | Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch | Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly | Exploit | |
| 22.10.25 | Fake Nethereum NuGet Package Used Homoglyph Trick to Steal Crypto Wallet Keys | Cybersecurity researchers have uncovered a new supply chain attack targeting the NuGet package manager with malicious typosquats of Nethereum , a popular Ethereum .NET | Cryptocurrency | The Hacker News |
| 22.10.25 | Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware | Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron , according to findings from | APT | |
| 22.10.25 | TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution | Cybersecurity researchers have disclosed details of a high-severity flaw impacting the popular async-tar Rust library and its forks, including tokio-tar, that could result in remote | Vulnerebility | The Hacker News |
| 22.10.25 | TP-Link Patches Four Omada Gateway Flaws, Two Allow Remote Code Execution | TP-Link has released security updates to address four security flaws impacting Omada gateway devices, including two critical bugs that could result in arbitrary code execution. The | Vulnerebility | |
| 22.10.25 | Meta Rolls Out New Tools to Protect WhatsApp and Messenger Users from Scams | Meta on Tuesday said it's launching new tools to protect Messenger and WhatsApp users from potential scams. To that end, the company said it's introducing new warnings on | Social | |
| 22.10.25 | PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign | Cybersecurity researchers have shed light on the inner workings of a botnet malware called PolarEdge . PolarEdge was first documented by Sekoia in February 2025, attributing it to a | Virus | The Hacker News |
| 21.10.25 | Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers | A new malware attributed to the Russia-linked hacking group known as COLDRIVER has undergone numerous developmental iterations since May 2025, suggesting an increased | Virus | |
| 21.10.25 | Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network | A European telecommunications organization is said to have been targeted by a threat actor that aligns with a China-nexus cyber espionage group known as Salt Typhoon . The | Incindent | The Hacker News |
| 21.10.25 | Five New Exploited Bugs Land in CISA's Catalog — Oracle and Microsoft Among Targets | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabilities ( KEV ) Catalog, officially confirming a | Exploit | |
| 21.10.25 | Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches | ClickFix, FileFix, fake CAPTCHA — whatever you call it, attacks where users interact with malicious scripts in their web browser are a fast-growing source of security breaches. | Hack | The Hacker News |
| 20.10.25 | 131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign | Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam | Spam | |
| 20.10.25 | MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems | China on Sunday accused the U.S. National Security Agency (NSA) of carrying out a "premeditated" cyber attack targeting the National Time Service Center ( NTSC ), as it | BigBrothers | |
| 20.10.25 | Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide | Europol on Friday announced the disruption of a sophisticated cybercrime-as-a-service (CaaS) platform that operated a SIM farm and enabled its customers to carry out a broad | CyberCrime | The Hacker News |
| 20.10.25 | New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs | Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware | Virus | |
| 20.10.25 | Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT | The threat actors behind a malware family known as Winos 4.0 (aka ValleyRAT) have expanded their targeting footprint from China and Taiwan to target Japan and Malaysia with | Virus | |
| 19.10.25 | Google ads for fake Homebrew, LogMeIn sites push infostealers | A new malicious campaign is targeting macOS developers with fake Homebrew, LogMeIn, and TradingView platforms that deliver infostealing malware like AMOS (Atomic macOS Stealer) and Odyssey. | Virus | |
| 19.10.25 | ConnectWise fixes Automate bug allowing AiTM update attacks | ConnectWise released a security update to address vulnerabilities, one of them with critical severity, in Automate product that could expose sensitive communications to interception and modification. | Attack | |
| 19.10.25 | American Airlines subsidiary Envoy confirms Oracle data theft attack | Envoy Air, a regional airline carrier owned by American Airlines, confirms that data was compromised from its Oracle E-Business Suite application after the Clop extortion gang listed American Airlines on its data leak site. | Incindent | |
| 19.10.25 | Microsoft lifts more safeguard holds blocking Windows 11 updates | Microsoft has removed two more compatibility holds preventing customers from installing Windows 11 24H2 via Windows Update. | OS | |
| 19.10.25 | Europol dismantles SIM box operation renting numbers for cybercrime | European law enforcement in an operation codenamed 'SIMCARTEL' has dismantled an illegal SIM-box service that enabled more than 3,200 fraud cases and caused at least 4.5 million euros in losses. | CyberCrime | |
| 19.10.25 | Microsoft fixes highest-severity ASP.NET Core flaw ever | Earlier this week, Microsoft patched a vulnerability that was flagged with the "highest ever" severity rating received by an ASP.NET Core security flaw. | OS | |
| 19.10.25 | VMware Certification: Your Next Career Power Move | VMware certification isn't just about passing exams — it's about mastering systems, proving expertise, and your career. Gain hands-on labs, discounts, and mentorship with VMUG Advantage to reach your next goal faster. | Security | |
| 19.10.25 | Microsoft fixes Windows bug breaking localhost HTTP connections | Microsoft has fixed a known issue breaking HTTP/2 localhost (127.0.0.1) connections and IIS websites after installing recent Windows security updates. | Vulnerebility | |
| 19.10.25 | Over 266,000 F5 BIG-IP instances exposed to remote attacks | Internet security nonprofit Shadowserver Foundation has found more than 266,000 F5 BIG-IP instances exposed online after the security breach disclosed by cybersecurity company F5 this week. | Hack | |
| 19.10.25 | Windows 11 updates break localhost (127.0.0.1) HTTP/2 connections | Microsoft's October Windows 11 updates have broken the "localhost" functionality, making applications that connect back to 127.0.0.1 over HTTP/2 no longer function properly. | OS | |
| 19.10.25 | Auction giant Sotheby’s says data breach exposed financial information | Major international auction house Sotheby's is notifying individuals of a data breach incident on its systems where threat actors stole sensitive information, including financial details. | Incindent | |
| 19.10.25 | Have I Been Pwned: Prosper data breach impacts 17.6 million accounts | Hackers stole the personal information of over 17.6 million people after breaching the systems of financial services company Prosper. | Incindent | |
| 19.10.25 | Hackers exploit Cisco SNMP flaw to deploy rootkit on switches | Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in Cisco networking devices to deploy a rootkit and target unprotected Linux systems. | Exploit | |
| 19.10.25 | Microsoft disrupts ransomware attacks targeting Teams users | Microsoft has disrupted a wave of Rhysida ransomware attacks in early October by revoking over 200 certificates used to sign malicious Teams installers. | Ransom | |
| 19.10.25 | Microsoft: Office 2016 and Office 2019 have reached end of support | Microsoft reminded customers this week that Office 2016 and Office 2019 have reached the end of extended support on October 14, 2025. | OS | |
| 19.10.25 | Gladinet fixes actively exploited zero-day in file-sharing software | Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability (CVE-2025-11371) that threat actors have leveraged as a zero-day since late September. | Exploit | |
| 19.10.25 | CISA: Maximum-severity Adobe flaw now exploited in attacks | CISA has warned that attackers are actively exploiting a maximum-severity vulnerability in Adobe Experience Manager to execute code on unpatched systems. | Exploit | |
| 19.10.25 | Unified Exposure Management Platforms: The Future of Preemptive Cyber Defense | Traditional MDR focuses on reacting to attacks already in motion — but modern threats demand prevention. Picus Security explains how Unified Exposure Management Platforms continuously identifies, validates, and fixes exploitable risks before adversaries strike. | Cyber | |
| 19.10.25 | North Korean hackers use EtherHiding to hide malware on the blockchain | North Korean hackers were observed employing the 'EtherHiding' tactic to deliver malware, steal cryptocurrency, and perform espionage with stealth and resilience. | Cryptocurrency | |
| 19.10.25 | Microsoft debuts Copilot Actions for agentic AI-driven Windows tasks | Microsoft announced today a new Windows 11 Copilot feature called Copilot Actions that enables AI agents to perform real tasks on local files and applications. | AI | |
| 19.10.25 | Microsoft adds Copilot voice activation on Windows 11 PCs | Microsoft says Windows 11 users can now start a conversation with the AI-powered Copilot digital assistant by saying the "Hey Copilot" wake word. | OS | |
| 19.10.25 | Capita to pay £14 million for data breach impacting 6.6 million people | The Information Commissioner's Office (ICO) in the UK has fined Capita, a provider of data-driven business process services, £14 million ($18.7 million) for a data breach incident in 2023 that exposed the personal information of 6.6 million people. | Incindent | |
| 19.10.25 | PowerSchool hacker gets sentenced to four years in prison | 19-year-old college student Matthew D. Lane, from Worcester, Massachusetts, was sentenced to 4 years in prison for orchestrating a cyberattack on PowerSchool in December 2024 that resulted in a massive data breach. | CyberCrime | |
| 19.10.25 | Fake LastPass, Bitwarden breach alerts lead to PC hijacks | An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager. | Incindent | |
| 19.10.25 | F5 releases BIG-IP patches for stolen security vulnerabilities | Cybersecurity company F5 has released security updates to address BIG-IP vulnerabilities stolen in a breach detected on August 9, 2025. | Vulnerebility | |
| 19.10.25 | Microsoft: Sept Windows Server updates cause Active Directory issues | Microsoft has confirmed that the September 2025 security updates are causing Active Directory issues on Windows Server 2025 systems. | OS | |
| 19.10.25 | Clothing giant MANGO discloses data breach exposing customer info | Spanish fashion retailer MANGO is sending notices of a data breach to its customers, warning that its marketing vendor suffered a compromise exposing personal data. | Incindent | |
| 19.10.25 | How to spot dark web threats on your network using NDR | Dark web activity can hide in plain sight within everyday network traffic. Corelight's NDR platform brings deep visibility, AI-driven detection, and behavioral analytics to uncover hidden threats across your network. | AI | |
| 19.10.25 | F5 says hackers stole undisclosed BIG-IP flaws, source code | U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. | Vulnerebility | |
| 19.10.25 | Malicious crypto-stealing VSCode extensions resurface on OpenVSX | A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and plant backdoors. | Virus | |
| 19.10.25 | Final Windows 10 Patch Tuesday update rolls out as support ends | In what marks the end of an era, Microsoft has released the Windows 10 KB5066791 cumulative update, the final free update for the operating system as it reaches the end of its support lifecycle. | OS | |
| 18.10.25 | New Android Pixnapping attack steals MFA codes pixel-by-pixel | A new side-channel attack called Pixnapping enables a malicious Android app with no permissions to extract sensitive data by stealing pixels displayed by applications or websites, and reconstructing them to derive the content. | Attack | |
| 18.10.25 | Microsoft: Exchange 2016 and 2019 have reached end of support | Microsoft has reminded that Exchange Server 2016 and 2019 reached the end of support and advised IT administrators to upgrade servers to Exchange Server SE or migrate to Exchange Online. | OS | |
| 18.10.25 | Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws | Today is Microsoft's October 2025 Patch Tuesday, which includes security updates for 172 flaws, including six zero-day vulnerabilities. Get patching! | OS | |
| 18.10.25 | Windows 11 KB5066835 and KB5066793 updates released | Microsoft has released Windows 11 KB5066835 and KB5066793 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities and issues. | OS | |
| 18.10.25 | US seizes $15 billion in crypto from 'pig butchering' kingpin | The U.S. Department of Justice has seized $15 billion in bitcoin from the leader of Prince Group, a criminal organization that stole billions of dollars from victims in the United States through cryptocurrency investment scams, also known as romance baiting or pig butchering. | Cryptocurrency | |
| 18.10.25 | Oracle silently fixes zero-day exploit leaked by ShinyHunters | Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group. | Vulnerebility | |
| 18.10.25 | Microsoft warns that Windows 10 reaches end of support today | Microsoft has reminded customers today that Windows 10 has reached the end of support and will no longer receive patches for newly discovered security vulnerabilities. | OS | |
| 18.10.25 | Security firms dispute credit for overlapping CVE reports | FuzzingLabs has accused the YCombinator-backed startup, Gecko Security, of replicating its vulnerability disclosures. Gecko allegedly filed for 2 CVEs based on FuzzingLabs' reports without crediting them. Gecko denies any wrongdoing, calling the allegations a misunderstanding over disclosure process. | Vulnerebility | |
| 18.10.25 | When AI Agents Join the Teams: The Hidden Security Shifts No One Expects | AI assistants are no longer just helping — they're acting. Autonomous agents now open tickets, fix incidents, and make decisions faster than humans can monitor. As "Shadow AI" spreads, learn from Token Security why orgs must govern these agents like powerful new identities before oversight disappears. | AI | |
| 18.10.25 | Secure Boot bypass risk threatens nearly 200,000 Linux Framework laptops | Around 200,000 Linux computer systems from American computer maker Framework were shipped with signed UEFI shell components that could be exploited to bypass Secure Boot protections. | Vulnerebility | |
| 18.10.25 | Chinese hackers abuse geo-mapping tool for year-long persistence | Chinese state hackers remained undetected in a target environment for more than a year by turning a component in the ArcGIS geo-mapping tool into a web shell. | APT | |
| 18.10.25 | Microsoft restricts IE mode access in Edge after zero-day attacks | Microsoft is restricting access to Internet Explorer mode in Edge browser after learning that hackers are leveraging zero-day exploits in the Chakra JavaScript engine for access to target devices. | Exploit | |
| 18.10.25 | SimonMed says 1.2 million patients impacted in January data breach | U.S. medical imaging provider SimonMed Imaging is notifying more than 1.2 million individuals of a data breach that exposed their sensitive information. | Incindent | |
| 18.10.25 | Massive multi-country botnet targets RDP services in the US | A large-scale botnet is targeting Remote Desktop Protocol (RDP) services in the United States from more than 100,000 IP addresses. | BotNet | |
| 18.10.25 | SonicWall VPN accounts breached using stolen creds in widespread attacks | Researchers warn that threat actors have compromised more than a hundred SonicWall SSLVPN accounts in a large-scale campaign using stolen, valid credentials. | Incindent | |
| 18.10.25 | Microsoft investigates outage affecting Microsoft 365 apps | Microsoft is investigating an ongoing incident that is preventing some customers from accessing Microsoft 365 applications. | OS | |
| 18.10.25 | Oracle releases emergency patch for new E-Business Suite flaw | Oracle has issued an emergency security update over the weekend to patch another E-Business Suite (EBS) vulnerability that can be exploited remotely by unauthenticated attackers. | Vulnerebility | |
| 18.10.25 | Meet Varonis Interceptor: AI-Native Email Security | AI-generated phishing and social engineering attacks outpace traditional email defenses. Varonis' new Interceptor platform uses multimodal AI — vision, language, and behavior models — to detect zero-hour attacks and stop them before they reach users. | AI | |
| 18.10.25 | Microsoft: Windows 11 Media Creation Tool broken on Windows 10 PCs | Microsoft says the latest version of the Windows 11 Media Creation Tool (MCT) no longer works correctly on Windows 10 22H2 computers. | OS | |
| 18.10.25 | Harvard investigating breach linked to Oracle zero-day exploit | Harvard University is investigating a data breach after the Clop ransomware gang listed the school on its data leak site, saying the alleged breach was likely caused by a recently disclosed zero-day vulnerability in Oracle's E-Business Suite servers. | Incindent | |
| 18.10.25 | Fake 'Inflation Refund' texts target New Yorkers in new scam | An ongoing smishing campaign is targeting New Yorkers with text messages posing as the Department of Taxation and Finance, claiming to offer "Inflation Refunds" in an attempt to steal victims' personal and financial data. | Spam | |
| 18.10.25 | Spain dismantles “GXC Team” cybercrime syndicate, arrests leader | Spanish Guardia Civil have dismantled the "GXC Team" cybercrime syndicate and arrested its alleged leader, a 25-year-old Brazilian known as "GoogleXcoder." | BigBrothers | |
| 18.10.25 | Windows 11 23H2 Home and Pro reach end of support in 30 days | Microsoft has reminded customers again today that systems running Home and Pro editions of Windows 11 23H2 will stop receiving security updates next month. | OS | |
| 18.10.25 | Hackers exploiting zero-day in Gladinet file sharing software | Threat actors are exploiting a zero-day vulnerability (CVE-2025-11371) in Gladinet CentreStack and Triofox products, which allows a local attacker to access system files without authentication. | Exploit | |
| 18.10.25 | Apple now offers $2 million for zero-click RCE vulnerabilities | Apple is announcing a major expansion and redesign of its bug bounty program, doubling maximum payouts, adding new research categories, and introducing a more transparent reward structure. | OS | |
| 18.10.25 | FBI takes down BreachForums portal used for Salesforce extortion | The FBI has seized last night all domains for the BreachForums hacking forum operated by the ShinyHunters group mostly as a portal for leaking corporate data stolen in attacks from ransomware and extortion gangs. | BigBrothers | |
| 18.10.25 | New Android spyware ClayRat imitates WhatsApp, TikTok, YouTube | A new Android spyware called ClayRat is luring potential victims by posing as popular apps and services like WhatsApp, Google Photos, TikTok, and YouTube. | Virus | |
| 18.10.25 | Microsoft: Hackers target universities in “payroll pirate” attacks | A cybercrime gang tracked as Storm-2657 has been targeting university employees in the United States to hijack salary payments in "pirate payroll" attacks since March 2025. | Hack | |
| 18.10.25 | Hackers now use Velociraptor DFIR tool in ransomware attacks | Threat actors have started to use the Velociraptor digital forensics and incident response (DFIR) tool in attacks that deploy LockBit and Babuk ransomware. | Ransom | |
| 18.10.25 | Microsoft Defender mistakenly flags SQL Server as end-of-life | Microsoft is working to resolve a known issue that causes its Defender for Endpoint enterprise endpoint security platform to incorrectly tag SQL Server software as end-of-life. | Vulnerebility | |
| 18.10.25 | RondoDox botnet targets 56 n-day flaws in worldwide attacks | A new large-scale botnet called RondoDox is targeting 56 vulnerabilities in more than 30 distinct devices, including flaws first disclosed during Pwn2Own hacking competitions. | BotNet | |
| 18.10.25 | Microsoft: Windows Backup now available for enterprise users | Microsoft announced this week the general availability of Windows Backup for Organizations, a new enterprise-grade backup tool that helps simplify backups and makes the transition to Windows 11 easier. | OS | |
| 18.10.25 | Jewelbug: Chinese APT Group Widens Reach to Russia | Russian IT company among group’s latest targets. Attackers may have been attempting to target company’s customers in Russia with software supply chain attack. | APT blog | SECURITY.COM |
| 18.10.25 | This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during July and August | Cyber blog | SOPHOS | |
| 18.10.25 | F5 network compromised | On October 15, 2025, F5 reported that a nation-state threat actor had gained long-term access to some F5 systems and exfiltrated data, including source code and information about undisclosed product vulnerabilities. This information may enable threat actors to compromise F5 devices by developing exploits for these vulnerabilities. | Incident blog | SOPHOS |
| 18.10.25 | October Patch Tuesday beats January ’25 record | Microsoft throws a farewell party for Win10, Office 2016, and Office 2019… a very big party | OS Blog | SOPHOS |
| 18.10.25 | Tracking Malware and Attack Expansion: A Hacker Group’s Journey across Asia | FortiGuard Labs has tracked a hacker group expanding attacks from China to Malaysia, linking campaigns through shared code, infrastructure, and tactics. | Malware blog | FORTINET |
| 18.10.25 | The Week in Vulnerabilities: Cyble Urges Adobe, Microsoft Fixes | Vulnerabilities in products from Microsoft, Adobe, Fortinet, OpenSSL and more are getting attention this week. Patch now. | Vulnerebility blog | Cyble |
| 18.10.25 | Europe and UK Face Relentless Ransomware Onslaught in Q3 2025, Qilin Leads the Charge | Europe recorded 288 ransomware attacks in Q3 2025, with Qilin maintaining dominance at 65 victims and SafePay rapidly ascending to second place. | Ransom blog | Cyble |
| 18.10.25 | GhostBat RAT: Inside the Resurgence of RTO-Themed Android Malware | GhostBat RAT resurfaces via fake RTO apps, stealing banking data, mining crypto, and registering devices through Telegram bots—targeting Indian Android users. | Malware blog | Cyble |
| 18.10.25 | Operation MotorBeacon : Threat Actor targets Russian Automotive Sector using .NET Implant | Contents Introduction Key Targets. Industries Affected. Geographical Focus. Infection Chain. Initial Findings. Looking into the decoy-document Technical Analysis Stage 1 – Malicious LNK Script Stage 2 – Malicious .NET Implant Hunting and Infrastructure. Conclusion Seqrite Protection. IOCs MITRE ATT&CK.... | Hacking blog | Seqrite |
| 18.10.25 | Operation Silk Lure: Scheduled Tasks Weaponized for DLL Side-Loading (drops ValleyRAT) | Authors: Dixit Panchal, Soumen Burma & Kartik Jivani Table of Contents Introduction: Initial Analysis: Analysis of Decoy: Infection Chain: Technical Analysis: Infrastructure Hunting: Conclusion: Seqrite Coverage: IoCs: MITRE ATT&CK: Introduction: Seqrite Lab has been actively monitoring global cyber threat... | Hacking blog | Seqrite |
| 18.10.25 | Judicial Notification Phish Targets Colombian Users – .SVG Attachment Deploys Info-stealer Malware | Content Overview Introduction Initial Vector Infection Chain Analysis of .SVG Attachment Analysis of .HTA file Analysis of .VBS file Analysis of .ps1 file Analysis of Downloader/Loader Anti-VM Technique Persistence Technique Download and Loader Function AsyncRAT Payload File MD5’s Quick... | Phishing blog | Seqrite |
| 18.10.25 | Crystal Ball Series : Consolidated Instalments | CRYSTAL BALL SERIES IN THIS INSTALMENT WE EXPLORE AI ADVANCEMENTS 2025 AND BEYOND Digital Twin Cybersecurity Neurosymbolic Al Deepfakes: A new era | AI blog | Cyfirma |
| 18.10.25 | Cyber Threats to Oman’s Multiple Sectors | Executive Summary Oman is experiencing a rise in cyber incidents, with threat actors actively targeting organizations across multiple sectors. Recent breaches have exposed | Cyber blog | Cyfirma |
| 18.10.25 | F5 Systems Compromised, BIG IP Vulnerabilities Exfiltrated: What To Do Next | F5 recently disclosed that a nation-state actor accessed a proprietary BIG-IP development network, including source code and details about vulnerabilities still under development. | Incident blog | Eclypsium |
| 18.10.25 | BombShell: The Signed Backdoor Hiding in Plain Sight on Framework Devices | One of our fears, as individuals who have spent years examining firmware security, is stumbling upon a vulnerability that reveals the fundamental flaws in our trust models. | Malware blog | Eclypsium |
| 18.10.25 | When the monster bytes: tracking TA585 and its arsenal | TA585 is a sophisticated cybercriminal threat actor recently named by Proofpoint. It operates its entire attack chain from infrastructure to email delivery to malware installation. | Hacking blog | PROOFPOINT |
| 18.10.25 | Trend Micro launches new integration with Zscaler to deliver real-time, Risk-Based Zero Trust Access | Discover how Trend Vision One™ integrates with Zscaler to unify detection and access enforcement, accelerate threat containment, reduce dwell time, and deliver seamless Zero Trust protection for modern enterprises. | Cyber blog | Trend Micro |
| 18.10.25 | Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits | Trend™ Research has uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352, allowing remote code execution and rootkit deployment on unprotected devices, with impacts observed on Cisco 9400, 9300, and legacy 3750G series. | Vulnerebility blog | Trend Micro |
| 18.10.25 | Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing | A targeted underground doxxing campaign exposed alleged core members of Lumma Stealer (Water Kurita), resulting in a sharp decline in its activity and a migration of customers to rival infostealer platforms. | Malware blog | Trend Micro |
| 18.10.25 | Microsoft Security Bulletin Coverage for October 2025 | Microsoft’s October 2025 Patch Tuesday has 176 vulnerabilities, of which 84 are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of October 2025 and has produced coverage for 13 of the reported vulnerabilities. | OS Blog | SonicWall |
| 18.10.25 | Threat Brief: Nation-State Actor Steals F5 Source Code and Undisclosed Vulnerabilities | On Oct. 15, 2025, F5 — a U.S. technology company — disclosed that a nation-state threat actor conducted a significant long-term compromise of their corporate networks. In this incident, attackers stole source code from their BIG-IP suite of products and information about undisclosed vulnerabilities. | Incident blog | Palo Alto |
| 18.10.25 | PhantomVAI Loader Delivers a Range of Infostealers | Unit 42 researchers have been tracking phishing campaigns that use PhantomVAI Loader to deliver information-stealing malware through a multi-stage, evasive infection chain. | Malware blog | Palo Alto |
| 18.10.25 | Anatomy of an Attack: The "BlackSuit Blitz" at a Global Equipment | Unit 42 recently assisted a prominent manufacturer who experienced a severe ransomware attack orchestrated by Ignoble Scorpius, the group that distributes BlackSuit ransomware. | Ransom blog | Palo Alto |
| 18.10.25 | Denial of Fuzzing: Rust in the Windows kernel | Check Point Research (CPR) identified a security vulnerability in January 2025 affecting the new Rust-based kernel component of the Graphics Device Interface (commonly known as GDI) in Windows. | Vulnerebility blog | CHECKPOINT |
| 18.10.25 | BeaverTail and OtterCookie evolve with a new Javascript module | Cisco Talos has uncovered a new attack linked to Famous Chollima, a threat group aligned with North Korea (DPRK). | Malware blog | CISCO TALOS |
| 18.10.25 | Ransomware attacks and how victims respond | This edition highlights the detailed studies that have been recently published on how ransomware attacks affect victims, from PTSD to burnout, and discusses ways to help deal with the fallout of victimization. | Ransom blog | CISCO TALOS |
| 18.10.25 | Laura Faria: Empathy on the front lines | Laura opens up about her journey through various cybersecurity roles, her leap into incident response, and what it feels like to support customers during their toughest moments — including high-stakes situations impacting critical infrastructure. | Cyber blog | CISCO TALOS |
| 18.10.25 | Minecraft mods: When game 'hacks' turn risky | Some Minecraft 'hacks' don’t help build worlds – they break them. Here’s how malware can masquerade as a Minecraft mod. | Hacking blog | Eset |
| 18.10.25 | IT service desks: The security blind spot that may put your business at risk | Could a simple call to the helpdesk enable threat actors to bypass your security controls? Here’s how your team can close a growing security gap. | Cyber blog | Eset |
| 18.10.25 | Cybersecurity Awareness Month 2025: Why software patching matters more than ever | As the number of software vulnerabilities continues to increase, delaying or skipping security updates could cost your business dearly. | Cyber blog | Eset |
| 18.10.25 | AI-aided malvertising: Exploiting a chatbot to spread scams | Cybercriminals have tricked X’s AI chatbot into promoting phishing scams in a technique that has been nicknamed “Grokking”. Here’s what to know about it. | AI blog | Eset |
| 18.10.25 | The Silent Threat in Active Directory: How AS-REP Roasting Steals Passwords Without a Trace and Trellix NDR’s Rapid Detection | The Silent Threat in Active Directory: How AS-REP Roasting Steals Passwords Without a Trace and Trellix NDR’s Rapid Detection. | Hacking blog | Trelix |
| 18.10.25 | Dark Web Roast - September 2025 Edition | September 2025 brought us a delightful buffet of underground incompetence, and we're grateful for the content. | Cyber blog | Trelix |
| 17.10.25 | North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware | The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that | APT | The Hacker News |
| 17.10.25 | Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices | Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code. | Vulnerebility | |
| 17.10.25 | Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign | Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware | Ransom | |
| 17.10.25 | North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts | A threat actor with ties to the Democratic People's Republic of Korea (aka North Korea) has been observed leveraging the EtherHiding technique to distribute malware and enable | Virus | |
| 17.10.25 | Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites | A financially motivated threat actor codenamed UNC5142 has been observed abusing blockchain smart contracts as a way to facilitate the distribution of information stealers, | Hack | |
| 17.10.25 | LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets | An investigation into the compromise of an Amazon Web Services (AWS)-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit dubbed LinkPro , according | Virus | The Hacker News |
| 16.10.25 | Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in "Zero Disco' Attacks | Cybersecurity researchers have disclosed details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux | Vulnerebility | |
| 16.10.25 | CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited | Vulnerebility | |
| 16.10.25 | Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months | A threat actor with ties to China has been attributed to a five-month-long intrusion targeting a Russian IT service provider, marking the hacking group's expansion to the country beyond | APT | |
| 16.10.25 | F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion | U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information | Incindent | |
| 16.10.25 | Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped | Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech | Exploit | |
| 16.10.25 | Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control | Cybersecurity researchers have disclosed two critical security flaws impacting Red Lion Sixne t remote terminal unit (RTU) products that, if successfully exploited, could result in | ICS | |
| 16.10.25 | Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access | Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active | Exploit | |
| 16.10.25 | New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login | SAP has rolled out security fixes for 13 new security issues , including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary | Vulnerebility | |
| 16.10.25 | Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year | Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year. The activity, per | Virus | |
| 16.10.25 | RMPocalypse: Single 8-Byte Write Shatters AMD's SEV-SNP Confidential Computing | Chipmaker AMD has released fixes to address a security flaw dubbed RMPocalypse that could be exploited to undermine confidential computing guarantees provided by Secure | Vulnerebility | |
| 16.10.25 | New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions | Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication (2FA) codes, Google | Vulnerebility | |
| 16.10.25 | npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels | Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to | Virus | |
| 16.10.25 | Researchers Expose TA585's MonsterV2 Malware Capabilities and Attack Chain | Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via | Virus | |
|
13.10.25 |
Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors | Malware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30 vendors. The activity, described as akin to | BotNet | |
|
13.10.25 |
Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor | Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving "credible reports" in August 2025 that unknown threat actors were abusing the | Hack | |
|
13.10.25 |
Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns | Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the | Virus | |
|
13.10.25 |
New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims' PCs | Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary | Virus | |
|
13.10.25 |
New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login | Cybersecurity company Huntress on Friday warned of "widespread compromise" of SonicWall SSL VPN devices to access multiple customer environments. "Threat actors are | Hack | |
|
12.10.25 |
SonicWall: Firewall configs stolen for all cloud backup customers | SonicWall has confirmed that all customers that used the company's cloud backup service are affected by the security breach last month. | Incindent | |
|
12.10.25 |
From infostealer to full RAT: dissecting the PureRAT attack chain | Researchers map a campaign that escalated from a Python infostealer to a full PureRAT backdoor — loaders, evasions, and TLS-pinned C2. Join Huntress Labs' Tradecraft Tuesday for deep technical walkthroughs and live IOC guidance on the latest cybersecurity topics. | Virus | |
|
12.10.25 |
Azure outage blocks access to Microsoft 365 services, admin portals | Microsoft is working to resolve an outage affecting its Azure Front Door content delivery network (CDN), which is preventing customers from accessing some Microsoft 365 services. | Hack | |
|
12.10.25 |
Hacktivists target critical infrastructure, hit decoy plant | A pro-Russian hacktivist group called TwoNet pivoted in less than a year from launching distributed denial-of-service (DDoS) attacks to targeting critical infrastructure. | Hack | |
|
12.10.25 |
Hackers claim Discord breach exposed data of 5.5 million users | Discord says they will not be negotiating with threat actors who claim to have stolen the data of 5.5 million unique users from the company's Zendesk support system instance, including government IDs and partial payment information for some people. | Incindent | |
|
12.10.25 |
New FileFix attack uses cache smuggling to evade security software | A new variant of the FileFix social engineering attack uses cache smuggling to secretly download a malicious ZIP archive onto a victim's system and bypassing security software. | Attack | |
|
12.10.25 |
Qilin ransomware claims Asahi brewery attack, leaks data | The Qilin ransomware group has claimed responsibility for the attack at Japanese beer maker Asahi, adding the company to its extortion page on the dark web yesterday. | Ransom | |
|
12.10.25 |
Microsoft 365 outage blocks access to Teams, Exchange Online | Microsoft is working to resolve an ongoing outage preventing users from accessing Microsoft 365 services, including Microsoft Teams, Exchange Online, and the admin center. | OS | |
|
12.10.25 |
Microsoft enables Exchange Online auto-archiving by default | Microsoft is enabling threshold-based auto-archiving by default in Exchange Online to prevent email flow issues caused by mailboxes filling up faster than expected. | OS | |
|
12.10.25 |
Crimson Collective hackers target AWS cloud instances for data theft | The 'Crimson Collective' threat group has been targeting AWS (Amazon Web Services) cloud environments for the past weeks, to steal data and extort companies. | Incindent | |
|
12.10.25 |
Hackers exploit auth bypass in Service Finder WordPress theme | Threat actors are actively exploiting a critical vulnerability in the Service Finder WordPress theme that allows them to bypass authentication and log in as administrators. | Exploit | |
|
12.10.25 |
London police arrests suspects linked to nursery breach, child doxing | The UK Metropolitan Police has arrested two suspects following an investigation into the doxing of children online after a ransomware attack on a chain of London-based nurseries. | Incindent | |
|
12.10.25 |
Defend the Target, Not Just the Door: A Modern Plan for Google Workspace | The Salesloft Drift breach shows attackers don't need to "hack Google" — they just need to breach a trusted integration. Learn from Material Security how to secure OAuth, detect risky behavior, and protect data in Google Workspace. | Hack | |
|
12.10.25 |
Salesforce refuses to pay ransom over widespread data theft attacks | Salesforce has confirmed that it will not negotiate with or pay a ransom to the threat actors behind a massive wave of data theft attacks that impacted the company's customers this year. | Ransom | |
|
12.10.25 |
Docker makes Hardened Images Catalog affordable for small businesses | The Docker team has announced unlimited access to its Hardened Images catalog to make access to secure software bundles affordable for all development teams at startups and SMBs. | Hack | |
|
12.10.25 |
Google won’t fix new ASCII smuggling attack in Gemini | Google has decided not to fix a new ASCII smuggling attack in Gemini that could be used to trick the AI assistant into providing users with fake information, alter the model's behavior, and silently poison its data. | Attack | |
|
12.10.25 |
DraftKings warns of account breaches in credential stuffing attacks | Sports betting giant DraftKings has notified an undisclosed number of customers that their accounts had been hacked in a recent wave of credential stuffing attacks. | Incindent | |
|
12.10.25 |
Clop exploited Oracle zero-day for data theft since early August | The Clop ransomware gang has been exploiting a critical Oracle E-Business Suite (EBS) zero-day bug in data theft attacks since at least early August, according to cybersecurity company CrowdStrike. | Ransom | |
|
12.10.25 |
North Korean hackers stole over $2 billion in crypto this year | North Korean hackers have stolen an estimated $2 billion worth of cryptocurrency assets in 2025, marking the largest annual total on record. | Cryptocurrency | |
|
12.10.25 |
Electronics giant Avnet confirms breach, says stolen data unreadable | Electronic components distributor Avnet confirmed in a statement for BleepingComputer that it suffered a data breach but noted that the stolen data is unreadable without proprietary tools. | Incindent | |
|
12.10.25 |
Microsoft kills more Microsoft Account bypasses in Windows 11 | Microsoft is removing more methods that help users create local Windows accounts and bypass the Microsoft account requirement when installing Windows 11. | OS | |
|
12.10.25 |
Redefining Security Validation with AI-Powered Breach and Attack Simulation | Security teams are drowning in threat intel — but AI is changing that. AI-powered Breach and Attack Simulation turns new threats into real, testable scenarios in minutes — delivering proof that your defenses work, not just assumptions. Join the BAS Summit 2025 to see how AI redefines security validation. | AI | |
|
12.10.25 |
Google's new AI bug bounty program pays up to $30,000 for flaws | This week, Google has launched an AI Vulnerability Reward Program dedicated to security researchers who find and report flaws in the company's AI systems. | AI | BleepingComputer |
|
12.10.25 |
Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts | Cybersecurity company Huntress on Friday warned of "widespread compromise" of SonicWall SSL VPN devices to access multiple customer environments. "Threat actors are authenticating | Incindent | |
|
12.10.25 |
Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks | Threat actors are abusing Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in connection with ransomware attacks likely orchestrated by Storm-2603 (aka CL- | Ransom | |
|
11.10.25 |
Red Hat data breach escalates as ShinyHunters joins extortion | Enterprise software giant Red Hat is now being extorted by the ShinyHunters gang, with samples of stolen customer engagement reports (CERs) leaked on their data leak site. | Incindent | |
|
11.10.25 |
Microsoft: Critical GoAnywhere bug exploited in ransomware attacks | A cybercrime group, tracked as Storm-1175, has been actively exploiting a maximum severity GoAnywhere MFT vulnerability in Medusa ransomware attacks for nearly a month. | Ransom | |
|
11.10.25 |
Zeroday Cloud hacking contest offers $4.5 million in bounties | A new hacking competition called Zeroday Cloud, focused on open-source cloud and AI tools, announced a total prize pool of $4.5 million in bug bounties for researchers that submit exploits for various targets. | Hack | |
|
11.10.25 |
Redis warns of critical flaw impacting thousands of instances | The Redis security team has released patches for a maximum severity vulnerability that could allow attackers to gain remote code execution on thousands of vulnerable instances. | Vulnerebility | |
|
11.10.25 |
LinkedIn sues ProAPIs for using 1M fake accounts to scrape user data | LinkedIn has filed a lawsuit against Delaware company ProAPIs Inc. and its founder and CTO, Rehmat Alam, for allegedly scraping legitimate data through more than a million fake accounts. | Incindent | |
|
11.10.25 |
The role of Artificial Intelligence in today’s cybersecurity landscape | AI is transforming cybersecurity—from detecting phishing and insider threats to accelerating response. See how Waziuh, the open-source XDR and SIEM, integrates AI to turn raw security data into actionable insights and smarter threat hunting. | AI | |
|
11.10.25 |
Steam and Microsoft warn of Unity flaw exposing gamers to attacks | A code execution vulnerability in the Unity game engine could be exploited to achieve code execution on Android and privilege escalation on Windows. | Vulnerebility | |
|
11.10.25 |
XWorm malware resurfaces with ransomware module, over 35 plugins | New versions of the XWorm backdoor are being distributed in phishing campaigns after the original developer, XCoder, abandoned the project last year. | Virus | |
|
11.10.25 |
Oracle patches EBS zero-day exploited in Clop data theft attacks | Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks. | Vulnerebility | |
|
11.10.25 |
Hackers exploited Zimbra flaw as zero-day using iCalendar files | Researchers monitoring for larger .ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in zero-day attacks at the beginning of the year. | Vulnerebility | |
|
11.10.25 |
ParkMobile pays... $1 each for 2021 data breach that hit 22 million | ParkMobile has finally wrapped up a class action lawsuit over the platform's 2021 data breach that hit 22 million users. But there's a catch: victims are receiving compensation in the form of a $1 in-app credit, which they must claim manually. And, it comes with an expiration date. | Incindent | |
|
11.10.25 |
Massive surge in scans targeting Palo Alto Networks login portals | A spike in suspicious scans targeting Palo Alto Networks login portals indicates clear reconnaissance efforts from suspicious IP addresses, researchers warn. | Hack | |
|
11.10.25 |
Discord discloses data breach after hackers steal support tickets | Hackers stole partial payment information and personally identifiable data, including names and government-issued IDs, from some Discord users after compromising a third-party customer service provider. | Incindent | |
|
11.10.25 |
Signal adds new cryptographic defense against quantum attacks | Signal announced the introduction of Sparse Post-Quantum Ratchet (SPQR), a new cryptographic component designed to withstand quantum computing threats. | Security | |
|
11.10.25 |
Renault and Dacia UK warn of data breach impacting customers | Customers of Renault and Dacia in the United Kingdom have been notified that sensitive information they shared with the car maker was compromised following a data breach at a third-party provider. | Incindent | |
|
11.10.25 |
Japanese beer giant Asahi confirms ransomware attack | Japanese beer-making giant Asahi has disclosed today that a ransomware attack caused the IT disruptions that forced it to shut down factories this week. | Ransom | |
|
11.10.25 |
ShinyHunters launches Salesforce data leak site to extort 39 victims | An extortion group has launched a new data leak site to publicly extort dozens of companies impacted by a wave of Salesforce breaches, leaking samples of data stolen in the attacks. | Incindent | |
|
11.10.25 |
CommetJacking attack tricks Comet browser into stealing emails | A new attack called 'CometJacking' exploits URL parameters to pass to Perplexity's Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and | Attack | |
|
11.10.25 |
Oracle links Clop extortion attacks to July 2025 vulnerabilities | Oracle has linked an ongoing extortion campaign claimed by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were patched in July 2025. | Vulnerebility | |
|
11.10.25 |
Gmail business users can now send encrypted emails to anyone | Google says that Gmail enterprise users can now send end-to-end encrypted emails to people who use any email service or platform. | Security | |
|
11.10.25 |
Microsoft Outlook stops displaying inline SVG images used in attacks | Microsoft says Outlook for Web and the new Outlook for Windows will no longer display risky inline SVG images that are being used in attacks. | Hack | |
|
11.10.25 |
Operations with Untamed LLMs | Starting in June 2025, Volexity detected a series of spear phishing campaigns targeting several customers and their users in North America, Asia, and Europe. The initially observed campaigns were tailored | AI blog | VOLEXITY |
|
11.10.25 |
New Stealit Campaign Abuses Node.js Single Executable Application | A new Stealit campaign uses Node.js Single Executable Application (SEA) to deliver obfuscated malware. FortiGuard Labs details tactics and defenses. | Malware blog | FORTINET |
|
11.10.25 |
The Evolution of Chaos Ransomware: Faster, Smarter, and More Dangerous | FortiGuard Labs details Chaos-C++, a ransomware variant using destructive encryption and clipboard hijacking to amplify damage and theft. | Ransom blog | FORTINET |
|
11.10.25 |
Beginning Sept. 29, 2025, Google Threat Intelligence Group (GTIG) and Mandiant began tracking a new, large-scale extortion campaign by a threat actor claiming affiliation with the CL0P extortion brand. | Vulnerebility blog | Google Threat Intelligence | |
|
11.10.25 |
Cyber Threats in the EU Escalate as Diverse Groups Target Critical Sectors | The 2025 ENISA Threat Landscape shows rising cyber threats in the EU, with DDoS, ransomware, phishing, and supply chain attacks on critical infrastructure. | Cyber blog | Cyble |
|
11.10.25 |
Australian Data Breaches Are Up 48% So Far This Year. What’s Behind The Eye-Popping Surge? | Australian data breaches have surged 48% so far this year, the latest data point that suggests that threat actors are finding rich targets Down Under. | Cyber blog | Cyble |
|
11.10.25 |
Cybersecurity Awareness Month 2025: Don’t Just Be Aware, Be Ahead | This Cybersecurity Awareness Month, it’s time to move beyond awareness. Organizations face AI-powered attacks, supply chain vulnerabilities, and brand threats that demand proactive defense strategies—not just reactive responses. | Cyber blog | Cyble |
|
11.10.25 |
DPRK SANCTIONS VIOLATIONS IN CYBER OPERATIONS POST UN PANEL DEMISE | EXECUTIVE SUMMARY Since the termination of the United Nations (UN) Panel of Experts in April 2024 due to Russia's veto, the landscape of Democratic People's Republic of Korea | BigBrother blog | Cyfirma |
|
11.10.25 |
CYBER THREAT LANDSCAPE REPORT – Saudi Arabia | Executive Summary In 2025, Saudi Arabia witnessed a notable rise in cybercriminal activity, particularly within the dark web landscape. Threat actors increasingly targeted key sectors, | Cyber blog | Cyfirma |
|
11.10.25 |
APT PROFILE – HAFNIUM | Hafnium is a Chinese state-sponsored advanced persistent threat (APT) group, also referred to as Silk Typhoon, and is known for sophisticated cyber espionage targeting critical | APT blog | Cyfirma |
|
11.10.25 |
CYBER THREAT LANDSCAPE REPORT – UNITED ARAB EMIRATES UAE | Executive Summary In 2025, the United Arab Emirates (UAE) experienced a significant surge in cybercriminal activity, particularly in the dark web ecosystem. Threat actors targeted | Cyber blog | Cyfirma |
|
11.10.25 |
TRACKING RANSOMWARE : SEPTEMBER 2025 | EXECUTIVE SUMMARY In September 2025, ransomware activity remained elevated, with 504 global victims, heavily impacting consumer services, professional services, and manufacturing | Ransom blog | Cyfirma |
|
11.10.25 |
Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability | Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035. | Vulnerebility blog | Microsoft blog |
|
11.10.25 |
Disrupting threats targeting Microsoft Teams | Threat actors seek to abuse Microsoft Teams features and capabilities across the attack chain, underscoring the importance for defenders to proactively monitor, detect, and respond effectively. | Cyber blog | Microsoft blog |
|
11.10.25 |
A Cascade of Insecure Architectures: Axis Plugin Design Flaw Expose Select Autodesk Revit Users to Supply Chain Risk | We discovered Azure Storage Account credentials exposed in Axis Communications’ Autodesk Revit plugin, allowing unauthorized modification of cloud-hosted files. This exposure, combined with vulnerabilities in Autodesk Revit, could enable supply-chain attacks targeting end users. | Vulnerebility blog | Trend Micro |
|
11.10.25 |
How Your AI Chatbot Can Become a Backdoor | In this post of THE AI BREACH, learn how your Chatbot can become a backdoor. | AI blog | Trend Micro |
|
11.10.25 |
Weaponized AI Assistants & Credential Thieves | Learn the state of AI and the NPM ecosystem with the recent s1ngularity' weaponized AI for credential theft. | AI blog | Trend Micro |
|
11.10.25 |
RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits | Trend™ Research and ZDI Threat Hunters have identified a large-scale RondoDox botnet campaign exploiting over 50 vulnerabilities across more than 30 vendors, including flaws first seen in Pwn2Own contests. | Exploit blog | Trend Micro |
|
11.10.25 |
Invoice Ninja Deserialization Flaw (CVE-2024-55555) | The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-55555, assessed its impact, and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
|
11.10.25 |
Responding to Cloud Incidents: A Step-by-Step Guide From the 2025 Unit 42 Global Incident Response Report | Cloud incidents like ransomware attacks and account compromise can bring operations to a halt and create a situation in which costs, reputation and customer trust are at stake. | Incident blog | Palo Alto |
|
11.10.25 |
The ClickFix Factory: First Exposure of IUAM ClickFix Generator | Attackers are packaging a highly effective social engineering technique known as ClickFix into easy-to-use phishing kits, making it accessible to a wider range of threat actors. | Hacking blog | Palo Alto |
|
11.10.25 |
When AI Remembers Too Much – Persistent Behaviors in Agents’ Memory | This article presents a proof of concept (PoC) that demonstrates how adversaries can use indirect prompt injection to silently poison the long-term memory of an AI Agent. We use Amazon Bedrock Agent for this demonstration. | AI blog | Palo Alto |
|
11.10.25 |
The Golden Scale: Bling Libra and the Evolving Extortion Economy | In recent months, threat actors claiming to be part of a new conglomerate dubbed Scattered Lapsus$ Hunters (aka SP1D3R HUNTERS, SLSH) have asserted responsibility for laying siege to customer Salesforce tenants as part of a coordinated effort to steal data and hold it for ransom. | Ransom blog | Palo Alto |
|
11.10.25 |
Velociraptor leveraged in ransomware attacks | Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool. | Ransom blog | CISCO TALOS |
|
11.10.25 |
Why don’t we sit around this computer console and have a sing-along? | Martin muses on why computers are less fun than campfires, why their dangers seem less real, and why he’s embarking on a lengthy research project to study this. | Cyber blog | CISCO TALOS |
|
11.10.25 |
What to do when you click on a suspicious link | As the go-to cybersecurity expert for your friends and family, you’ll want to be ready for those “I clicked a suspicious link — now what?” messages. Share this quick guide to help them know exactly what to do next. | Cyber blog | CISCO TALOS |
|
11.10.25 |
Too salty to handle: Exposing cases of CSS abuse for hidden text salting | A simple yet effective tactic, known as hidden text salting, is increasingly used by cybercriminals over the past few months to evade even the most advanced email security solutions, including those powered by machine learning and large language models. | Cyber blog | CISCO TALOS |
|
11.10.25 |
Family group chats: Your (very last) line of cyber defense | Amy gives an homage to parents in family group chats everywhere who want their children to stay safe in this wild world. | APT blog | CISCO TALOS |
|
11.10.25 |
UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud | Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in SEO fraud and theft of high-value credentials, configuration files, and certificate data. | APT blog | CISCO TALOS |
|
11.10.25 |
Nvidia and Adobe vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Nvidia and one in Adobe Acrobat. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerabili | Vulnerebility blog | CISCO TALOS |
|
11.10.25 |
How Uber seems to know where you are – even with restricted location permissions | Is the ride-hailing app secretly tracking you? Not really, but this iOS feature may make it feel that way. | Cyber blog | Eset |
|
11.10.25 |
Cybersecurity Awareness Month 2025: Passwords alone are not enough | Never rely on just a password, however strong it may be. Multi-factor authentication is essential for anyone who wants to protect their online accounts from intruders. | Cyber blog | Eset |
|
11.10.25 |
The case for cybersecurity: Why successful businesses are built on protection | Company leaders need to recognize the gravity of cyber risk, turn awareness into action, and put security front and center | Cyber blog | Eset |
|
11.10.25 |
Beware of threats lurking in booby-trapped PDF files | Looks can be deceiving, so much so that the familiar icon could mask malware designed to steal your data and money. | Cyber blog | Eset |
|
11.10.25 |
Addressing CL0P Extortion Campaign Targeting Oracle EBS CVE-2025-61882 | Addressing CL0P Extortion Campaign Targeting Oracle EBS CVE-2025-61882 | Vulnerebility blog | Cybereason |
|
11.10.25 |
The Bug Report – September 2025 Edition | September's Bug Report is here! Learn about critical CVEs affecting Chrome, Windows, Django, and FreePBX. Stay secure—patch now. | Vulnerebility blog | Trelix |
|
11.10.25 |
The Evolution of Russian Physical-Cyber Espionage | From Rio to The Hague: How Russia’s evolving close-access cyber ops raise new risks. Learn what’s next—and how defenders can respond. | APT blog | Trelix |
|
11.10.25 |
Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers | Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application (SEA) feature as a way to distribute | Virus | |
|
11.10.25 |
Microsoft Warns of 'Payroll Pirates' Hijacking HR SaaS Accounts to Steal Employee Salaries | A threat actor known as Storm-2657 has been observed hijacking employee accounts with the end goal of diverting salary payments to attacker-controlled accounts. "Storm-2657 is actively | APT | |
|
11.10.25 |
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation | Fortra on Thursday revealed the results of its investigation into CVE-2025-10035 , a critical security flaw in GoAnywhere Managed File Transfer (MFT) that's assessed to have come under | Vulnerebility | |
|
11.10.25 |
175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign | Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual | Phishing | |
|
11.10.25 |
From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability | Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products. The zero-day | Exploit | |
|
10.10.25 |
CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw | Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle's E-Business Suite (EBS) software since August 9, 2025 , Google Threat | Ransom | |
|
10.10.25 |
From HealthKick to GOVERSHELL: The Evolution of UTA0388's Espionage Malware | A China-aligned threat actor codenamed UTA0388 has been attributed to a series of spear-phishing campaigns targeting North America, Asia, and Europe that are designed to deliver a | APT | |
|
10.10.25 |
New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps | A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like | Virus | |
|
9.10.25 |
Hackers Access SonicWall Cloud Firewall Backups, Spark Urgent Security Checks | SonicWall on Wednesday disclosed that an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service. "The files contain | Vulnerebility | |
|
9.10.25 |
ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More | Cyber threats are evolving faster than ever. Attackers now combine social engineering, AI-driven manipulation, and cloud exploitation to breach targets once considered secure. From | Hack | |
|
9.10.25 |
From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine | Russian hackers' adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025 (H1 2025), the country's State Service for Special | AI | |
|
9.10.25 |
Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme | Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including | Exploit | |
|
9.10.25 |
Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks | Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy | Exploit | |
|
8.10.25 |
Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave | Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT to | APT | |
|
8.10.25 |
LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem | Three prominent ransomware groups DragonForce , LockBit , and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat | Ransom | |
|
8.10.25 |
Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now | Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol ( MCP ) server that could allow attackers to | Vulnerebility | |
|
8.10.25 |
OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks | OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development. This includes a Russian‑language | AI | |
|
8.10.25 |
BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers | A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals | Virus | |
|
8.10.25 |
Google's New AI Doesn't Just Find Vulnerabilities — It Rewrites Code to Patch Them | Google's DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically detects, patches, and rewrites vulnerable code to prevent | AI | |
|
8.10.25 |
XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities | Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. | Virus | |
|
7.10.25 |
13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely | Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The | Vulnerebility | |
|
7.10.25 |
Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware | Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa | APT | |
|
7.10.25 |
Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks | CrowdStrike on Monday said it's attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence to a threat actor it tracks as Graceful | Vulnerebility | |
|
7.10.25 |
New Report Links Research Firms BIETA and CIII to China's MSS Cyber Operations | A Chinese company named the Beijing Institute of Electronics Technology and Application (BIETA) has been assessed to be likely led by the Ministry of State Security (MSS). The | APT | |
|
7.10.25 |
Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks | Oracle has released an emergency update to address a critical security flaw in its E-Business Suite software that it said has been exploited in the recent wave of Cl0p data theft attacks. The | Vulnerebility | |
|
7.10.25 |
Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers | Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high- | CyberCrime | |
|
7.10.25 |
Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files | A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military. Tracked as CVE-2025-27915 (CVSS | Exploit | |
|
5.10.25 |
DrayTek warns of remote code execution bug in Vigor routers | Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform arbitrary code. | Vulnerebility | |
|
5.10.25 |
HackerOne paid $81 million in bug bounties over the past year | Bug bounty platform HackerOne announced that it paid out $81 million in rewards to white-hat hackers worldwide over the past 12 months. | Vulnerebility | |
|
5.10.25 |
Microsoft Defender bug triggers erroneous BIOS update alerts | Microsoft is working to resolve a bug that causes Defender for Endpoint to incorrectly tag some devices' BIOS (Basic Input/Output System) firmware as outdated, prompting users to update it. | Vulnerebility | |
|
5.10.25 |
Your Service Desk is the New Attack Vector—Here's How to Defend It. | Service desks are prime targets. A practical, NIST-aligned workflow for help desk user verification that stops social engineering without slowing support. Learn how role- & points-based verification workflows stop attackers cold. | Hack | |
|
5.10.25 |
Android spyware campaigns impersonate Signal and ToTok messengers | Two new spyware campaigns that researchers call ProSpy and ToSpy lured Android users with fake upgrades or plugins for the Signal and ToTok messaging apps to steal sensitive data. | Virus | |
|
5.10.25 |
Red Hat confirms security incident after hackers breach GitLab instance | An extortion group calling itself the Crimson Collective claims to have stolen nearly 570GB of compressed data across 28,000 internal development respositories, with the company confirming it was a breach of one of its GitLab instances. | Incindent | |
|
5.10.25 |
Clop extortion emails claim theft of Oracle E-Business Suite data | Mandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems | Ransom | |
|
5.10.25 |
Data breach at dealership software provider impacts 766k clients | A ransomware attack at Motility Software Solutions, a provider of dealer management software (DMS), has exposed the sensitive data of 766,000 customers. | Incindent | |
|
5.10.25 |
Adobe Analytics bug leaked customer tracking data to other tenants | Adobe is warning its Analytics customers that an ingestion bug caused data from some organizations to appear in the analytics instances of others for approximately one day. | Vulnerebility | |
|
5.10.25 |
New bug in classic Outlook can only be fixed via Microsoft support | Microsoft is investigating a known issue that causes the classic Outlook email client to crash upon launch, which can only be resolved via Exchange Online support. | OS | |
|
5.10.25 |
Android malware uses VNC to give attackers hands-on access | A new Android banking and remote access trojan (RAT) dubbed Klopatra disguised as an IPTV and VPN app has infected more than 3,000 devices across Europe. | Virus | |
|
5.10.25 |
F-Droid project threatened by Google's new dev registration rules | F-Droid is warning that the project could reach an end due to Google's new requirements for all Android developers to verify their identity. | Virus | |
|
5.10.25 |
WestJet data breach exposes travel details of 1.2 million customers | Canadian airline WestJet is informing customers that the cyberattack disclosed in June compromised the personal information of 1.2 million customers, including passports and ID documents. | Incindent | |
|
5.10.25 |
Google Drive for desktop gets AI-powered ransomware detection | Google has begun rolling out a new AI-powered security feature for Google Drive desktop, which will automatically pause file syncing when it detects a ransomware attack to minimize impact. | AI | |
|
5.10.25 |
Allianz Life says July data breach impacts 1.5 million people | Allianz Life has completed the investigation into the cyberattack it suffered in July and determined that nearly 1.5 million individuals are impacted. | Incindent | |
|
5.10.25 |
How To Simplify CISA's Zero Trust Roadmap with Modern Microsegmentation | CISA says microsegmentation isn't optional—it's foundational to Zero Trust. But legacy methods make it slow & complex. Learn from Zero Networks how modern, automated, agentless approaches make containment practical for every org. | Security | |
|
5.10.25 |
Microsoft: Media Creation Tool broken on Windows 11 Arm64 PCs | After rolling out Windows 11 25H2, also known as Windows 11 2025 Update, Microsoft has confirmed that the Media Creation Tool has stopped working on devices with Arm64 CPUs. | OS | |
|
5.10.25 |
Sendit sued by the FTC for illegal collection of children data | The Federal Trade Commission (FTC) is suing Sendit's operating company and its CEO for unlawful collection of data from underage users, as well as deceptive subscription practices. | BigBrothers | |
|
5.10.25 |
New MatrixPDF toolkit turns PDFs into phishing and malware lures | A new phishing and malware distribution toolkit called MatrixPDF allows attackers to convert ordinary PDF files into interactive lures that bypass email security and redirect victims to credential theft or malware downloads. | Phishing | |
|
5.10.25 |
CometJacking: One Click Can Turn Perplexity's Comet AI Browser Into a Data Thief | Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity's agentic AI browser Comet by embedding malicious prompts within a | AI | |
|
5.10.25 |
Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day | Threat intelligence firm GreyNoise disclosed on Friday that it has observed a spike in scanning activity targeting Palo Alto Networks login portals. The company said it observed a nearly 500% | Hack | |
|
4.10.25 |
Windows 11 2025 Update (25H2) is now available, Here's what's new |
Today, Microsoft announced the release of Windows 11 25H2, also known as Windows 11 2025 Update. |
||
|
4.10.25 |
Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws |
Roughly 50,000 Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) appliances exposed on the public web are vulnerable to two vulnerabilities actively leveraged by hackers. |
||
|
4.10.25 |
Western Digital has released firmware updates for multiple My Cloud NAS models to patch a critical-severity vulnerability that could be exploited remotely to execute arbitrary system commands. |
|||
|
4.10.25 |
Chinese hackers exploiting VMware zero-day since October 2024 |
Broadcom has patched a high-severity privilege escalation vulnerability in its VMware Aria Operations and VMware Tools software, which has been exploited in zero-day attacks since October 2024. |
||
|
4.10.25 |
VMware certification is surging as IT teams face hybrid infra, cloud complexity, & rising risks. See how VMUG Advantage helps practitioners & enterprises turn certification into stronger security & measurable value. |
|||
|
4.10.25 |
Microsoft fixes Windows DRM video playback issues for some users |
Microsoft says it has "partially" resolved a known issue that caused problems when trying to play DRM-protected video in Blu-ray/DVD/Digital TV applications. |
||
|
4.10.25 |
Hackers are actively exploiting a critical vulnerability (CVE-2025-32463) in the sudo package that enables the execution of commands with root-level privileges on Linux operating systems. |
|||
|
4.10.25 |
Windows 11 KB5065789 update released with 41 changes and fixes |
Microsoft has released the KB5065789 preview cumulative update for Windows 11 24H2, which includes 41 improvements, including new AI actions in File Explorer and bug fixes for Windows Update and Windows Sandbox. |
||
|
4.10.25 |
Broadcom fixes high-severity VMware NSX bugs reported by NSA |
Broadcom has released security updates to patch two high-severity VMware NSX vulnerabilities reported by the U.S. National Security Agency (NSA). |
||
|
4.10.25 |
UK convicts "Bitcoin Queen" in world’s largest cryptocurrency seizure |
The Metropolitan Police has secured a conviction in what is believed to be the world's largest cryptocurrency seizure, valued at more than £5.5 billion ($7.3 billion). |
||
|
4.10.25 |
Japan's largest brewer suspends operations due to cyberattack |
Asahi Group Holdings, Ltd (Asahi), the brewer of Japan's top-selling beer, has disclosed a cyberattack that disrupted several of its operations. |
||
|
4.10.25 |
Ransomware gang sought BBC reporter’s help in hacking media giant |
Threat actors claiming to represent the Medusa ransomware gang tempted a BBC correspondent to become an insider threat by offering a significant amount of money. |
||
|
4.10.25 |
UK govt backs JLR with £1.5 billion loan guarantee after cyberattack |
The UK Government is providing Jaguar Land Rover (JLR) with a £1.5 billion loan guarantee to restore its supply chain after a catastrophic cyberattack forced the automaker to halt production. |
||
|
4.10.25 |
Harrods suffers new data breach exposing 430,000 customer records |
UK retail giant Harrods has disclosed a new cybersecurity incident after hackers compromised a third-party supplier and stole 430,000 records with sensitive e-commerce customer information. |
||
|
4.10.25 |
Can We Trust AI To Write Vulnerability Checks? Here's What We Found |
Can AI speed up writing vulnerability checks without sacrificing quality? Intruder put it to the test. Their researchers found where AI helps, where it falls short, and why human oversight is still critical. See what they discovered in practice. |
||
|
4.10.25 |
Akira ransomware breaching MFA-protected SonicWall VPN accounts |
Ongoing Akira ransomware attacks targeting SonicWall SSL VPN devices continue to evolve, with the threat actors found to be successfully logging in despite OTP MFA being enabled on accounts. Researchers suspect that this may be achieved through the use of previously stolen OTP seeds, although the exact method remains unconfirmed. |
||
|
4.10.25 |
The European Comission is investigating potential anti-competitive practices in aftermarket services SAP provides for its on-premise ERP software. |
|||
|
4.10.25 |
Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer |
A threat actor named Detour Dog has been outed as powering campaigns distributing an information stealer known as Strela Stealer. That's according to findings from Infoblox, which |
||
|
4.10.25 |
Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads |
The threat actor behind Rhadamanthys has also advertised two other tools called Elysium Proxy Bot and Crypt Service on their website, even as the flagship information stealer has been |
||
|
4.10.25 |
FortiGuard Labs has uncovered a shift in the tactics of threat actor Confucius, from stealers to Python backdoors, highlighting advanced techniques used in South Asian cyber espionage. Read more. |
|||
|
4.10.25 |
|
Protecting software-as-a-service (SaaS) platforms and applications requires a comprehensive security strategy. Drawing from analysis of UNC6040’s specific attack methodologies, this guide presents a structured defensive framework encompassing proactive hardening measures, comprehensive logging protocols, and advanced detection capabilities. |
||
|
4.10.25 |
The Week in Vulnerabilities: PoCs and Zero-Days Merit Rapid Patching |
A high percentage of Proof-of-Concept exploits and new zero days this week should have security teams on high alert. |
||
|
4.10.25 |
The Week in Vulnerabilities: MFT, Help Desk Fixes Urged by Cyble |
The week’s top vulnerabilities include several that could attract the attention of threat actors, and some that already have. |
||
|
4.10.25 |
Exploiting Legitimate Remote Access Tools in Ransomware Campaigns |
Introduction Ransomware is one of the most disruptive cyber threats, encrypting critical organizational data and demanding ransom payments for restoration. While early campaigns relied on mass phishing or opportunistic malware distribution, modern ransomware operations have evolved into highly sophisticated |
||
|
4.10.25 |
TYPHOON IN THE FIFTH DOMAIN : CHINA’S EVOLVING CYBER STRATEGY |
EXECUTIVE SUMMARY China’s cyber operations have evolved from economic espionage to strategic, politically driven campaigns that pose significant threats to Western critical |
||
|
4.10.25 |
EXECUTIVE SUMMARY At CYFIRMA, we are committed to delivering timely insights into emerging cyber threats and the evolving tactics of cybercriminals targeting individuals and |
|||
|
4.10.25 |
Rising Cyber Threats to Bahrain: Hacktivists and Data Breaches |
EXECUTIVE SUMMARY In this report, our researchers analyzed recent cyber activity targeting Bahrain, including politically motivated hacktivism, credential leaks, government email |
||
|
4.10.25 |
EXECUTIVE SUMMARY Between January and September 2025, Nigeria experienced a surge in data breaches and cybercrime activities across banking, telecom, government, healthcare, |
|||
|
4.10.25 |
Cisco SNMP Vulnerability CVE-2025-20352 Exploited in the Wild |
CVE-2025-20352 is a critical SNMP vulnerability in Cisco IOS and IOS XE software, which has been actively exploited in the wild (added to the CISA KEV on September 29th), resulting in reported attacks affecting up to 2 million devices globally. |
||
|
4.10.25 |
The Hunt for RedNovember: A Depth Charge Against Network Edge Devices |
Network edge devices such as routers, switches, firewalls, VPNs, and access points are being targeted by waves of cyberattacks. |
||
|
4.10.25 |
HybridPetya Ransomware Shows Why Firmware Security Can't Be an Afterthought |
Like many in our field, I thought we’d seen the last of Petya-style attacks after the chaos of 2017. As it turns out, that was wishful thinking. |
||
|
4.10.25 |
Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users |
Trend™ Research has identified an active campaign spreading via WhatsApp through a ZIP file attachment. When executed, the malware establishes persistence and hijacks the compromised WhatsApp account to send copies of itself to the victim’s contacts. |
||
|
4.10.25 |
Deserialization Leads to Command Injection in GoAnywhere MFT: CVE-2025-10035 |
The SonicWall Capture Labs threat research team has identified a critical command injection vulnerability in GoAnywhere MFT. Tracked as CVE-2025-10035, this flaw allows attackers with a forged license response signature to deserialize malicious objects, potentially compromising the entire network access control infrastructure. |
||
|
4.10.25 |
Exploited in the Wild: DELMIA Apriso Insecure Deserialization (CVE-2025-5086) |
The SonicWall Capture Labs threat research team became aware of a deserialization of untrusted data vulnerability in DELMIA Apriso, assessed its impact and developed mitigation measures. DELMIA Apriso, developed by Dassault Systèmes, is a Manufacturing Operations Management (MOM) software that helps manufacturers digitize and manage global production. |
||
|
4.10.25 |
We have uncovered three vulnerabilities in the firmware of the TOTOLINK X6000R router, version V9.4.0cu.1360_B20241207, released on March 28, 2025: |
|||
|
4.10.25 |
Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite |
Phantom Taurus is a previously undocumented nation-state actor whose espionage operations align with People’s Republic of China (PRC) state interests. Over the past two and a half years, Unit 42 researchers have observed Phantom Taurus targeting government and telecommunications organizations across Africa, the Middle East, and Asia. |
||
|
4.10.25 |
Rhadamanthys is a popular, multi-modular stealer, released in 2022. Since then, it has been used in multiple campaigns by various actors. Most recently, it is being observed in the ClickFix campaigns. |
|||
|
4.10.25 |
UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud |
Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in SEO fraud and theft of high-value credentials, configuration files, and certificate data. |
||
|
4.10.25 |
Amy gives an homage to parents in family group chats everywhere who want their children to stay safe in this wild world. |
|||
|
4.10.25 |
What happens when you bring in a team of cybersecurity responders? How do we turn chaos into control, and what is the long-term value that Talos IR provides to the organizations we work with? |
|||
|
4.10.25 |
Manufacturing under fire: Strengthening cyber-defenses amid surging threats |
|||
|
4.10.25 |
New spyware campaigns target privacy-conscious Android users in the UAE |
|||
|
4.10.25 |
||||
|
4.10.25 |
This month in security with Tony Anscombe – September 2025 edition |
|||
|
4.10.25 |
XWorm V6, a potent malware, has resurfaced with new plugins and persistence methods. Stay informed and enhance your defenses against evolving cyber threats. Protect your organization now! |
|||
|
3.10.25 |
Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL |
Brazilian users have emerged as the target of a new self-propagating malware that spreads via the popular messaging app WhatsApp. The campaign, codenamed SORVEPOTEL by Trend |
||
|
3.10.25 |
Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security |
Passwork is positioned as an on-premises unified platform for both password and secrets management, aiming to address the increasing complexity of credential storage and sharing in |
||
|
3.10.25 |
New "Cavalry Werewolf" Attack Hits Russian Agencies with FoalShell and StallionRAT |
A threat actor that's known to share overlaps with a hacking group called YoroTrooper has been observed targeting the Russian public sector with malware families such as FoalShell and |
||
|
3.10.25 |
CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited |
||
|
3.10.25 |
Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware |
The threat actor known as Confucius has been attributed to a new phishing campaign that has targeted Pakistan with malware families like WooperStealer and Anondoor. "Over the past |
||
|
3.10.25 |
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown |
Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also |
||
|
3.10.25 |
Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware |
Google Mandiant and Google Threat Intelligence Group (GTIG) have disclosed that they are tracking a new cluster of activity possibly linked to a financially motivated threat actor known as |
||
|
3.10.25 |
Warning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro |
Cybersecurity researchers have discovered two Android spyware campaigns dubbed ProSpy and ToSpy that impersonate apps like Signal and ToTok to target users in the United Arab |
||
|
3.10.25 |
New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer |
In yet another piece of research, academics from Georgia Institute of Technology and Purdue University have demonstrated that the security guarantees offered by Intel's Software Guard |
||
|
3.10.25 |
OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps |
A high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution that, if successfully exploited, could expose sensitive |
||
|
3.10.25 |
Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover |
A severe security flaw has been disclosed in the Red Hat OpenShift AI service that could allow attackers to escalate privileges and take control of the complete infrastructure under certain |
||
|
3.10.25 |
Hackers Exploit Milesight Routers to Send Phishing SMS to European Users |
Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February |
||
|
3.10.25 |
Bitdefender's 2025 Cybersecurity Assessment Report paints a sobering picture of today's cyber defense landscape: mounting pressure to remain silent after breaches, a gap between |
|||
|
3.10.25 |
New Android Banking Trojan "Klopatra" Uses Hidden VNC to Control Infected Smartphones |
A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy. Italian fraud |
||
|
3.10.25 |
Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs |
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new targeted cyber attacks in the country using a backdoor called CABINETRAT. The activity, observed in |
||
|
3.10.25 |
New $50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections |
A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud |
||
|
3.10.25 |
Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware |
Government and telecommunications organizations across Africa, the Middle East, and Asia have emerged as the target of a previously undocumented China-aligned nation-state actor |
||
|
3.10.25 |
Researchers Disclose Google Gemini AI Flaws Allowing Prompt Injection and Cloud Exploits |
Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have |
||
|
3.10.25 |
Microsoft Expands Sentinel Into Agentic Security Platform With Unified Data Lake |
Microsoft on Tuesday unveiled the expansion of its Sentinel Security Incidents and Event Management solution (SIEM) as a unified agentic platform with the general availability of the |
||
|
3.10.25 |
Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024 |
A newly patched security flaw impacting Broadcom VMware Tools and VMware Aria Operations has been exploited in the wild as a zero-day since mid-October 2024 by a threat actor called |
||
|
3.10.25 |
New Android Trojan "Datzbro" Tricking Elderly with AI-Generated Facebook Travel Events |
Cybersecurity researchers have flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover ( DTO ) attacks and perform fraudulent |
||
|
3.10.25 |
U.K. Police Just Seized £5.5 Billion in Bitcoin — The World's Largest Crypto Bust |
A Chinese national has been convicted for her role in a fraudulent cryptocurrency scheme after law enforcement authorities in the U.K. confiscated £5.5 billion (about $7.39 billion) during a |
||
|
3.10.25 |
CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems |
||
|
3.10.25 |
EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations |
Threat actors have been observed using seemingly legitimate artificial intelligence (AI) tools and software to sneakily slip malware for future attacks on organizations worldwide. According |
||
|
3.10.25 |
Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security |
Microsoft is calling attention to a new phishing campaign primarily aimed at U.S.-based organizations that has likely utilized code generated using large language models (LLMs) to |
||
|
3.10.25 |
First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package |
Telecommunications and manufacturing sectors in Central and South Asian countries have emerged as the target of an ongoing campaign distributing a new variant of a known malware |