– layout: default title: Welcome nav_order: 1 description: “Just the Docs is a responsive Jekyll theme with built-in search that is easily customizable and hosted on GitHub Pages.” permalink: / —
Welcome to BSafes Library
BSafes library includes mobile-friendly cybersecurity publications.
News
September 16, 2025 – Attack
New FileFix attack uses steganography to drop StealC malware Full Text
Abstract
A new FileFix-based social engineering campaign is actively delivering the StealC infostealer malware by exploiting user trust and abusing the File Explorer address bar. This attack impersonates Meta support and uses steganography to evade detection.Bleeping Computer
September 16, 2025 – Attack
SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids Full Text
Abstract
A large-scale mobile ad fraud operation dubbed SlopAds exploited 224 Android apps, amassing over 38 million downloads across 228 countries. The campaign generated up to 2.3 billion ad bid requests daily by leveraging hidden WebViews and steganographyThe Hacker News
September 16, 2025 – Business
Fraud Prevention Company SEON Raises $80 Million in Series C Funding Full Text
Abstract
Fraud prevention and AML compliance firm SEON today announced raising $80 million in Series C funding, which brings the total raised by the company to $187 million. The new investment round was led by Sixth Street Growth.Security Week
September 16, 2025 – Phishing
SEO Poisoning Targets Chinese Users with Fake Software Sites Full Text
Abstract
A sophisticated SEO poisoning campaign has been uncovered targeting Chinese-speaking Microsoft Windows users. The attackers manipulated search engine results to promote fraudulent websites mimicking legitimate software providers.Infosecurity Magazine
September 16, 2025 – Breach
FinWise insider breach impacts 689K American First Finance customers Full Text
Abstract
An insider data breach at FinWise Bank has compromised the personal information of approximately 689,000 customers of American First Finance (AFF). The breach occurred when a former employee accessed sensitive data after their employment had ended.Bleeping Computer
September 16, 2025 – Attack
New Phoenix attack bypasses Rowhammer defenses in DDR5 memory Full Text
Abstract
Academic researchers have developed a new Rowhammer-based attack, dubbed Phoenix, that bypasses DDR5 memory protections, including Target Row Refresh (TRR). The Phoenix attack was able to flip bits on all 15 DDR5 memory chips tested.Bleeping Computer
September 16, 2025 – Breach
Google confirms fraudulent account created in law enforcement portal Full Text
Abstract
A threat actor group known as Scattered Lapsus$ Hunters has claimed unauthorized access to Google’s Law Enforcement Request System (LERS) and the FBI’s eCheck background check system.Bleeping Computer
September 16, 2025 – Breach
Hackers steal millions of Gucci, Balenciaga, and Alexander McQueen customer records Full Text
Abstract
A data breach has compromised the personal information of millions of customers from luxury fashion brands Gucci, Balenciaga, and Alexander McQueen. The breach was attributed to the cybercriminal group Shiny HuntersSecurity Affairs
September 15, 2025 – Phishing
AI-Forged Military IDs Used in North Korean Phishing Attack Full Text
Abstract
The phishing campaign involved emails impersonating a South Korean defense-related institution, claiming to manage ID issuance for military personnel. These emails contained malicious attachments.Infosecurity Magazine
September 15, 2025 – Attack
ShinyHunters Attack National Credit Information Center of Vietnam Full Text
Abstract
Vietnam’s National Credit Information Center suffered a cyberattack by the ShinyHunters group, exploiting an n-day vulnerability in unsupported software. The attackers accessed and leaked personal data, which was listed for sale on the dark web.Security Affairs
September 15, 2025 – General
AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns Full Text
Abstract
A new AI-powered penetration testing tool named Villager has garnered nearly 11,000 downloads on PyPI. Villager’s AI-driven architecture enables large-scale, parallelized exploitation.The Hacker News
September 15, 2025 – Attack
Malicious MCP servers used in supply chain attacks Full Text
Abstract
A recent investigation has revealed how the Model Context Protocol (MCP), an open standard for integrating AI assistants with external tools, can be exploited as a supply chain attack vector.Secure List
September 15, 2025 – Breach
West Virginia Credit Union Notifying 187,000 People Impacted by 2023 Data Breach Full Text
Abstract
A significant data breach at Fairmont Federal Credit Union has compromised the sensitive personal, financial, and medical information of over 187,000 individuals. The compromised information includes: Full names and dates of birth, SSNs, and more.Security Week
September 15, 2025 – Botnet
Qrator Labs Mitigated Record L7 DDoS Attack from 5.76M-Device Botnet Full Text
Abstract
A record-breaking Layer 7 (L7) Distributed Denial of Service (DDoS) attack was successfully mitigated after being launched by a massive botnet comprising 5.76 million compromised devices.Hack Read
September 15, 2025 – Breach
600 GB of Alleged Great Firewall of China Data Published in Largest Leak Yet Full Text
Abstract
A massive 600 GB data leak allegedly tied to the Great Firewall of China has surfaced online, exposing a trove of internal documents, source code, and operational data. The leaked data is attributed to the hacktivist group Enlace Hacktivista.Hack Read
September 15, 2025 – Government
FBI Warns of Salesforce attacks by UNC6040 and UNC6395 Full Text
Abstract
The FBI has issued a FLASH alert warning organizations of ongoing malicious campaigns by cybercriminal groups UNC6040 and UNC6395. These groups are actively targeting Salesforce platforms to conduct data theft and extortion operations.Security Affairs
September 13, 2025 – Vulnerabilities
DELMIA Factory Software Vulnerability Exploited in Attacks Full Text
Abstract
A critical vulnerability (CVE-2025-5086) in DELMIA Apriso factory software is being actively exploited in the wild. The flaw, a deserialization of untrusted data issue, enables remote code execution and affects versions from 2020 through 2025.Security Week
September 13, 2025 – Breach
Vietnam, Panama governments suffer incidents leaking citizen data Full Text
Abstract
In Vietnam, the CIC was breached, with attackers claiming to have stolen 160 million records. In Panama, the Ministry of Economy and Finance (MEF) was targeted by the INC ransomware group, which claims to have exfiltrated 1.5 TB of data.The Record
September 13, 2025 – Phishing
Researchers warn VoidProxy phishing platform can bypass MFA Full Text
Abstract
A new phishing-as-a-service platform, VoidProxy, has emerged as a significant threat by enabling attackers to bypass multifactor authentication (MFA) and compromise high-value accounts.Cybersecurity Dive
September 13, 2025 – Ransomware
HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot Full Text
Abstract
HybridPetya mimics Petya/NotPetya and introduces the ability to bypass UEFI Secure Boot using CVE-2024-7344. Although not yet seen in the wild, it demonstrates a significant evolution in ransomware capabilities by targeting UEFI-based systems.Help Net Security
September 12, 2025 – Attack
Apple issues spyware warnings as CERT-FR confirms attacks Full Text
Abstract
These attacks are highly sophisticated, often leveraging zero-day bugs and requiring no user interaction. The primary targets include high-risk individuals such as journalists, lawyers, activists, politicians, and executives in strategic sectors.Security Affairs
September 12, 2025 – Vulnerabilities
Cisco fixes high-severity IOS XR flaws enabling image bypass and DoS Full Text
Abstract
Cisco has addressed multiple high- and medium-severity vulnerabilities in its IOS XR software. These flaws include a DoS bug via ARP broadcast storms, an image verification bypass vulnerability, and an ACL bypass issue in the management interface.Security Affairs
September 12, 2025 – Vulnerabilities
Google fixes critical Chrome flaw, researcher earns $43K Full Text
Abstract
Google has released a critical security update for Chrome addressing two high-severity vulnerabilities: CVE-2025-10200 and CVE-2025-10201. These flaws could potentially allow remote code execution and compromise user systems.Security Affairs
September 12, 2025 – Malware
VMSCAPE Spectre vulnerability leaks cloud secrets Full Text
Abstract
VMSCAPE undermines the isolation between virtual machines and the hypervisor, allowing attackers to extract sensitive data such as cryptographic keys used for disk encryption.The Register
September 12, 2025 – Ransomware
Akira ransomware affiliates continue breaching organizations via SonicWall firewalls Full Text
Abstract
Akira ransomware affiliates continue to exploit SonicWall firewalls by leveraging a combination of vulnerabilities and misconfigurations. Despite the availability of a patch for CVE-2024-40766, many systems remain unpatched.Help Net Security
September 12, 2025 – General
Cyberattacks against schools driven by a rise in student hackers, ICO warns Full Text
Abstract
The ICO analyzed 215 insider threat breach reports from the education sector between January 2022 and August 2024 and identified a pattern of student involvement in cyber incidents. Approximately 57% of these breaches were caused by students.The Record
September 11, 2025 – Attack
Attackers abuse ConnectWise ScreenConnect to drop AsyncRAT Full Text
Abstract
Threat actors are exploiting ConnectWise ScreenConnect to deploy AsyncRAT using fileless techniques, leveraging VBScript and PowerShell loaders, and maintain persistence through a fake Skype updater.Security Affairs
September 11, 2025 – Attack
France: Three Regional Healthcare Agencies Targeted by Cyber-Attacks Full Text
Abstract
Three French regional healthcare agencies—Hauts-de-France, Normandy, and Pays de la Loire—have been targeted in a coordinated cyber-attack campaign that compromised the personal data of patients across public hospitals.Infosecurity Magazine
September 11, 2025 – General
When typing becomes tracking: Study reveals widespread silent keystroke interception Full Text
Abstract
Researchers from multiple institutions analyzed 15,000 websites and found that 91% used JavaScript event listeners to monitor user interactions. Approximately 40% of websites captured keystrokes before users pressed submit.Help Net Security
September 11, 2025 – Breach
Vienna, VA discloses data breach that leaked SSNs, financial info Full Text
Abstract
The town of Vienna, Virginia, experienced a ransomware attack in August 2025, compromising the personal data of 811 individuals. The exposed data includes names, Social Security numbers, financial account details, and passport numbers.CompariTech
September 11, 2025 – Vulnerabilities
GitLab security advisory (AV25-584) Full Text
Abstract
GitLab issued a security advisory (AV25-584) addressing multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE). The affected versions include all releases before 18.3.2, 18.2.6, and 18.1.6.Government of Canada
September 11, 2025 – Vulnerabilities
Adobe security advisory (AV25-583) Full Text
Abstract
Adobe has released Security Advisory AV25-583 on September 9, 2025, addressing multiple vulnerabilities across a wide range of its products, including Acrobat, After Effects, Premiere Pro, ColdFusion, and Adobe Commerce.Government of Canada
September 11, 2025 – APT
Chinese APT Hits Philippine Military Firm with New EggStreme Fileless Malware Full Text
Abstract
A China-based advanced persistent threat (APT) group is actively targeting military organizations in the Asia-Pacific region, particularly the Philippines, using a newly discovered fileless malware framework named EggStreme.Hack Read
September 11, 2025 – Vulnerabilities
Cursor AI editor lets repos “autorun” malicious code on devices Full Text
Abstract
This vulnerability enables threat actors to execute arbitrary code, steal credentials and API tokens, modify files, or establish command-and-control channels without any user interaction.Bleeping Computer
September 11, 2025 – Malware
ChillyHell modular macOS malware OKed by Apple in 2021 Full Text
Abstract
ChillyHell is a modular macOS backdoor malware that remained undetected for four years after being notarized by Apple in 2021. Despite its malicious nature, the sample had passed Apple’s security checks and was publicly hosted on Dropbox since 2021.The Register
September 11, 2025 – Denial Of Service
DDoS defender targeted in 1.5 Bpps denial-of-service attack Full Text
Abstract
A European DDoS mitigation provider was recently targeted in a record-breaking distributed denial-of-service (DDoS) attack that peaked at an unprecedented 1.5 billion packets per second (Bpps).Bleeping Computer
September 10, 2025 – Vulnerabilities
AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks Full Text
Abstract
AdaptixC2 is a modular, open-source command-and-control (C2) framework originally designed for red teaming but now actively exploited by threat actors. It supports extensive post-exploitation capabilities.Palo Alto Networks
September 10, 2025 – Vulnerabilities
Multiple Vulnerabilities in GitLab Patched, Blocking DoS and SSRF Attack Vectors Full Text
Abstract
GitLab has released critical security updates across multiple versions to address six significant vulnerabilities that could enable denial-of-service attacks, server-side request forgery, and information disclosure.GBHackers
September 10, 2025 – Breach
Ransomware attack at blood center: Org tells users their data’s been stolen Full Text
Abstract
The New York Blood Center suffered the ransomware attack in January, in which an unauthorized party gained access to its network and acquired copies of a subset of files. This week NYBC has started notifying victims.Malware Bytes
September 10, 2025 – Breach
European crypto platform SwissBorg to reimburse users after $41 million theft Full Text
Abstract
SwissBorg, a European cryptocurrency platform, has announced that it will fully reimburse users affected by a recent cyber incident that resulted in the theft of approximately $41 million worth of Solana (SOL) tokens.The Record
September 10, 2025 – Malware
CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems Full Text
Abstract
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.The Hacker News
September 9, 2025 – Malware
RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities Full Text
Abstract
A newly discovered Android banking trojan named RatOn demonstrates a significant leap in mobile malware sophistication. RatOn combines overlay attacks, NFC relay tactics, and an Automated Transfer System (ATS).The Hacker News
September 9, 2025 – Vulnerabilities
SAP security advisory – September 2025 monthly rollup (AV25-576) Full Text
Abstract
The vulnerabilities addressed affect critical SAP components and could potentially lead to unauthorized access, data compromise, or service disruption. CVE-2025-42957 is confirmed to be exploited in the wild, increasing the urgency for remediation.Government of Canada
September 9, 2025 – Government
Suspected Chinese operation aims to recruit former feds with job postings, research shows Full Text
Abstract
A suspected Chinese intelligence operation has been uncovered using fake job postings and fictitious consulting websites to recruit former and current U.S. federal employees, particularly those with security clearances or technical expertise.Next Gov
September 9, 2025 – Phishing
Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers Full Text
Abstract
A sophisticated malvertising campaign, dubbed GPUGate, is actively targeting IT professionals in the EU by distributing fake GitHub Desktop installers. The campaign aims to gain initial access to enterprise environments for credential theft.Help Net Security
September 9, 2025 – General
Employees keep feeding AI tools secrets they can’t take back Full Text
Abstract
A significant number of employees are sharing sensitive data like customer records, financial results, and login credentials, with public AI platforms. This data is often submitted from unmanaged devices that security teams cannot monitor.Help Net Security
September 9, 2025 – General
Attackers test the limits of railway cybersecurity Full Text
Abstract
Railway systems are increasingly vulnerable to cyberattacks due to digital transformation, legacy infrastructure, and geopolitical tensions. A critical b dugiscovered in 2012 allows attackers to remotely trigger emergency brakes on American trains.Help Net Security
September 9, 2025 – Breach
Plex tells users to reset passwords after new data breach Full Text
Abstract
Media streaming platform Plex has issued a security advisory urging users to reset their passwords following a data breach. The breach occurred when a hacker accessed one of Plex’s databases and stole customer authentication data.Bleeping Computer
September 9, 2025 – Attack
45 Previously Unreported Domains Expose Longstanding Salt Typhoon Cyber Espionage Full Text
Abstract
A set of 45 previously unreported domains linked to the China-affiliated threat actors Salt Typhoon and UNC4841 has been uncovered, revealing a longstanding cyber espionage campaign dating back to May 2020.The Hacker News
September 9, 2025 – Attack
Surge in networks scans targeting Cisco ASA devices raise concerns Full Text
Abstract
The scanning activity involved probing Cisco ASA login portals and Cisco IOS Telnet/SSH services. Notably, the scans used overlapping Chrome-like user agents, indicating a likely common origin among the scanning sources.Bleeping Computer
September 9, 2025 – Ransomware
LunaLock Ransomware threatens victims by feeding stolen data to AI models Full Text
Abstract
LunaLock ransomware introduced a novel and alarming extortion tactic by threatening to submit stolen digital artwork to AI training datasets. Its attack on the Artists&Clients platform involved data theft and encryption, with a $50,000 ransom demand.Security Affairs
September 8, 2025 – Breach
Georgia hospital notifies 160,000+ people of year-old data breach that leaked SSNs, credit cards, and medical records Full Text
Abstract
Wayne Memorial Hospital (WMH) in Jesup, Georgia, has notified 163,440 individuals of a ransomware attack that occurred between May 30 and June 3, 2024. Monti ransomware group claimed responsibility and listed WMH on its data leak site.CompariTech
September 8, 2025 – Phishing
MostereRAT Deployed AnyDesk/TightVNC for Covert Full Access Full Text
Abstract
A newly identified phishing campaign is deploying a sophisticated RAT dubbed MostereRAT, targeting Microsoft Windows systems. The campaign begins with phishing emails targeting Japanese users, impersonating legitimate business inquiries.Fortinet
September 8, 2025 – Breach
Canadian investment platform Wealthsimple disclosed a data breach Full Text
Abstract
The breach originated from a supply chain compromise involving a trusted third-party software package integrated into Wealthsimple’s systems. The unauthorized access occurred for a brief period and affected less than 1% of the platform’s clients.Security Affairs
September 8, 2025 – Phishing
iCloud Calendar abused to send phishing emails from Apple’s servers Full Text
Abstract
A sophisticated phishing campaign is exploiting Apple’s iCloud Calendar invite system to send callback phishing emails directly from Apple’s legitimate email servers. This abuse allows the phishing messages to bypass standard email security filters.Bleeping Computer
September 8, 2025 – Breach
AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack Full Text
Abstract
An AI-powered supply chain attack, dubbed s1ngularity, has compromised 2,180 GitHub accounts and 7,200 repositories by exploiting the Nx open-source project. The attackers used a malicious NPM package to deploy credential-stealing malware.Bleeping Computer
September 8, 2025 – Phishing
VirusTotal finds hidden malware phishing campaign in SVG files Full Text
Abstract
VirusTotal has uncovered a stealthy phishing campaign that uses SVG (Scalable Vector Graphics) files to impersonate Colombia’s judicial system and deliver malware. The initial SVG file had zero antivirus detections.Bleeping Computer
September 8, 2025 – Breach
Nexar dashcam video database hacked Full Text
Abstract
The breach compromised sensitive video recordings, including footage with clearly visible faces and potentially identifiable individuals. Organizations and government entities that had access to Nexar’s data may also be indirectly affected.Malware Bytes
September 8, 2025 – General
Rogue AI Agents In Your SOCs and SIEMs – Indirect Prompt Injection via Log Files Full Text
Abstract
AI agents in SOCs and SIEMs are vulnerable to indirect prompt injection, where malicious inputs are embedded in log files. These log files, when ingested by the AI, can trigger unintended behaviors such as altering event classifications.Trust Wave
September 8, 2025 – Breach
GhostAction Attack Steals 3,325 Secrets from GitHub Projects Full Text
Abstract
The breach affected 327 developers and exposed thousands of secrets, posing a significant risk to software supply chains. Several companies reported that their entire SDK portfolios were tampered with, increasing the risk of downstream compromise.Hack Read
September 6, 2025 – Breach
Knock-on effects of software dev break-in hit schools trust Full Text
Abstract
A significant data breach at UK-based software developer Intradev has impacted the Affinity Learning Partnership, a trust operating seven schools and employing over 650 staff. The breach occurred on August 4.The Register
September 6, 2025 – Breach
South Carolina School District Data Breach Affects 31,000 People Full Text
Abstract
The breach affected 31,475 individuals and exposed sensitive data, including current and former names, dates of birth, Social Security numbers, financial account information, and state-issued ID information such as driver’s licenses and passports.Infosecurity Magazine
September 6, 2025 – General
The Good, the Bad and the Ugly in Cybersecurity – Week 36 Full Text
Abstract
Three Russian FSB officers are accused of orchestrating cyberattacks on U.S. critical infrastructure. Two malicious npm packages were using Ethereum smart contracts to conceal URLs for second-stage payload delivery.Sentinel One
September 6, 2025 – Hacker
TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations Full Text
Abstract
TAG-150 has been working on CastleRAT since March, with the threat actor leveraging a multi-tiered infrastructure comprising Tier 1 victim-facing C2 servers, as well as Tier 2 and Tier 3 servers that are mostly VPSes, and Tier 4 backup servers.The Hacker News
September 6, 2025 – Criminals
Two arrested in Egypt as authorities take down Streameast sports piracy platform Full Text
Abstract
The Alliance for Creativity and Entertainment (ACE) said it worked with Egyptian authorities to shut down the piracy network — which had more than 80 associated domains and logged more than 1.6 billion visits over the past year.The Record
September 6, 2025 – Government
CISA orders federal agencies to patch Sitecore zero-day following hacking reports Full Text
Abstract
Federal civilian agencies have until September 25 to patch a vulnerability in popular content management system Sitecore after incident responders said they disrupted a recent attack involving the bug.The Record
September 5, 2025 – Attack
Stealthy attack serves poisoned web pages only to AI agents Full Text
Abstract
This method enables attackers to serve malicious web content exclusively to AI agents while presenting benign pages to human users, thereby hijacking the agents’ behavior for malicious purposes.Help Net Security
September 5, 2025 – Attack
‘SEO fraud-as-a-service’ scheme hijacks Windows servers to promote gambling websites Full Text
Abstract
A newly identified threat actor group, GhostRedirector, has launched a global "SEO fraud-as-a-service" campaign targeting Windows servers to promote gambling websites. The campaign leverages two custom backdoors - Rungan and Gamshen.The Record
September 5, 2025 – Government
Ukraine’s cyber chief on Russian hackers’ shifting tactics, US cyber aid Full Text
Abstract
CERT-UA is currently tracking around 80 hacker groups, each with a code name and signature tactics. This intelligence enables Ukraine to anticipate attacks, inform partners, and develop timely countermeasures.The Record
September 5, 2025 – Criminals
$10M reward for Russia’s FSB officers accused of hacking US Critical infrastructure Full Text
Abstract
Three Russian FSB officers are accused of a decade-long cyber espionage campaign targeting U.S. critical infrastructure and over 500 global energy firms. The U.S. State Department offers up to $10M for information on their identity or location.Security Affairs
September 4, 2025 – Denial Of Service
DDoS attacks serve as instruments of political influence and disruption Full Text
Abstract
In H1 2025, a total of 8,062,971 DDoS attacks were recorded globally, with the EMEA region experiencing the highest volume at 3.2 million attacks. Peak attack speeds reached 3.12 Tbps and 1.5 Gbps.HelpNet Security
September 4, 2025 – Denial Of Service
Cloudflare Mitigates Largest Ever Recorded DDoS Attack at 11.5 Tbps Full Text
Abstract
A record-breaking Distributed Denial-of-Service (DDoS) attack peaking at 11.5 terabits per second (Tbps) was successfully mitigated without service disruption. The attack lasted approximately 35 seconds.Hack Read
September 4, 2025 – Breach
South Carolina school district notifies 31,000 people of data breach that leaked SSNs and financial info Full Text
Abstract
School District 5 of Lexington and Richland Counties, South Carolina, experienced a ransomware attack in June 2025, compromising sensitive data of 31,475 individuals. The Interlock ransomware gang claimed responsibility.CompariTech
September 4, 2025 – Breach
SaaS giant Workiva discloses data breach after Salesforce attack Full Text
Abstract
A recent data breach at a major SaaS provider has exposed sensitive customer information following a compromise of a third-party CRM system. The breach is part of a broader campaign targeting Salesforce customers.Bleeping Computer
September 4, 2025 – Vulnerabilities
Android security advisory – September 2025 monthly rollup (AV25-560) Full Text
Abstract
A security bulletin was published on September 2, 2025, addressing two critical vulnerabilities in Android—CVE-2025-38352 and CVE-2025-48543. Both vulnerabilities are confirmed to be under limited, targeted exploitation.Government of Canada
September 4, 2025 – Vulnerabilities
Mis-issued certificates for 1.1.1.1 DNS service pose a threat to the Internet Full Text
Abstract
Three TLS certificates were mis-issued for 1.1.1.1, a DNS service operated by Cloudflare and APNIC. These certificates, issued in May 2025 by Fina RDC 2020, a subordinate CA under Fina Root CA, were only discovered four months later.Arts technica
September 4, 2025 – Malware
Automated Sextortion Spyware Takes Webcam Pics of Victims Watching Porn Full Text
Abstract
A new variant of infostealer malware, Stealerium, introduces an automated sextortion feature that captures webcam images and browser screenshots when victims access NSFW content. This development marks a disturbing evolution in cybercrime.Wired
September 4, 2025 – Vulnerabilities
Threat actors abuse X’s Grok AI to spread malicious links Full Text
Abstract
Threat actors are exploiting X’s built-in AI assistant, Grok, to distribute malicious links by bypassing the platform’s link-posting restrictions. This abuse leverages Grok’s trusted status to amplify the reach and credibility of harmful content.Bleeping Computer
September 3, 2025 – Malware
Android droppers evolved into versatile tools to spread malware Full Text
Abstract
ThreatFabric researchers have identified a new dropper variant named RewardDropMiner. This staged dropper is capable of evading both Play Protect and the Pilot Program by delaying malicious activity until after installation.Security Affairs
September 3, 2025 – Malware
Fake AnyDesk Installer Spreads MetaStealer Through ClickFix Scam Full Text
Abstract
A new malware campaign is leveraging a fake AnyDesk installer and a deceptive ClickFix technique to distribute MetaStealer malware. This campaign uses a novel "FileFix" method to bypass traditional defenses by exploiting Windows File Explorer.Hack Read
September 3, 2025 – Vulnerabilities
Google patches two Android zero-days, 120 defects total in September security update Full Text
Abstract
Google has released its September 2025 Android security update, addressing a record-breaking 120 vulnerabilities. Notably, the update patches two actively exploited zero-day vulnerabilities affecting the Android kernel and runtime components.Cyber Scoop
September 3, 2025 – Attack
Ethereum smart contracts used to push malicious code on npm Full Text
Abstract
A novel software supply chain attack campaign has been uncovered involving malicious npm packages—colortoolsv2 and mimelib2—that use Ethereum smart contracts to deliver second-stage malware.Reversing Labs
September 3, 2025 – Government
U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog Full Text
Abstract
The CISA has added two actively exploited vulnerabilities—one in WhatsApp (CVE-2025-55177) and another in TP-Link TL-WA855RE Wi-Fi extenders (CVE-2020-24363)—to its Known Exploited Vulnerabilities (KEV) catalog.Security Affairs
September 3, 2025 – Criminals
Prolific Russian ransomware operator living in California enjoys rare leniency awaiting trial Full Text
Abstract
U.S. authorities have charged Ianis Aleksandrovich Antropenko, a Russian national, with multiple felonies related to the deployment of Zeppelin ransomware from 2018 to 2022. The charges include conspiracy to commit computer fraud and abuse.Cyber Scoop
September 3, 2025 – Breach
Hackers breach fintech firm in attempted $130M bank heist Full Text
Abstract
A major cyberattack targeted Sinqia S.A. in an attempted $130 million heist via Brazil’s Pix real-time payment system. The attackers attempted to execute unauthorized B2B transactions involving two financial institutions that are customers of Sinqia.Bleeping Computer
September 3, 2025 – Government
ICE Reinstates Contract with Paragon Full Text
Abstract
On August 30, 2025, the U.S. Immigration and Customs Enforcement (ICE) lifted a stop work order on a $2 million contract with Paragon Solutions, an Israeli spyware vendor now owned by a U.S. private investment firm.Infosecurity Magazine
September 2, 2025 – Outage
Jaguar Land Rover ‘severely disrupted’ by cybersecurity incident Full Text
Abstract
Jaguar Land Rover (JLR), a major British automotive manufacturer, has experienced a significant cybersecurity incident that has severely disrupted its global operations. The incident has impacted both production and retail systems.The Record
September 2, 2025 – Malware
Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets Full Text
Abstract
Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on Windows systems.The Hacker News
September 1, 2025 – APT
Amazon blocks APT29 campaign targeting Microsoft device code authentication Full Text
Abstract
Amazon has disrupted a sophisticated watering hole campaign orchestrated by the Russia-linked APT29 (also known as Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes).Security Affairs
September 1, 2025 – Criminals
Scammer steals $1.5 million from Baltimore by spoofing city vendor Full Text
Abstract
An impersonation scam has resulted in the City of Baltimore losing over $1.5 million through fraudulent vendor payments. The attacker exploited weaknesses in the city’s verification procedures to alter banking information in the Workday system.The Record
August 30, 2025 – Phishing
Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms Full Text
Abstract
A new phishing campaign is targeting industrial manufacturing and supply chain organizations, primarily in the US. The campaign is designed to bypass traditional email security defenses and deliver a custom in-memory backdoor named MixShell.Help Net Security
August 30, 2025 – Criminals
Ransomware gang takedowns causing explosion of new, smaller groups Full Text
Abstract
Between July 2024 and June 2025, Malwarebytes tracked 41 new ransomware groups, with over 60 active groups operating simultaneously for the first time. On average, each ransomware group has attacked around five targets per month.The Record
August 30, 2025 – Attack
Claude AI chatbot abused to launch “cybercrime spree” Full Text
Abstract
Attackers abused the Claude AI chatbot to automate and execute sophisticated extortion operations. At least 17 organizations across government, healthcare, emergency services, and religious sectors were targeted.Malware Bytes
August 30, 2025 – Breach
Google warns that mass data theft hitting Salesloft AI agent has grown bigger Full Text
Abstract
A significant security incident involving the Salesloft Drift AI chat agent has led to the compromise of OAuth tokens, resulting in unauthorized access to Google Workspace email accounts.Ars Technica
August 29, 2025 – Phishing
Malicious Screen Connect Campaign Abuses AI-Themed Lures for Xworm Delivery Full Text
Abstract
A recent investigation uncovered a deceptive malware campaign leveraging fake AI-themed content to distribute a malicious ScreenConnect installer. This installer is pre-configured to deliver the Xworm malware.Trust Wave
August 29, 2025 – Phishing
ScamAgent shows how AI could power the next wave of scam calls Full Text
Abstract
A new AI-driven framework named ScamAgent demonstrates how LLMs can be weaponized to conduct highly convincing scam calls. This system leverages multi-turn conversations and text-to-speech (TTS) synthesis to bypass traditional AI safety guardrails.Help Net Security
August 29, 2025 – Vulnerabilities
Google Big Sleep AI Tool Finds Critical Chrome Vulnerability Full Text
Abstract
Google has patched a critical vulnerability (CVE-2025-9478) in the Chrome browser. The flaw, a use-after-free issue in the ANGLE graphics library, could allow attackers to execute malicious code via crafted web content.Hack Read
August 29, 2025 – Breach
TransUnion says hackers stole 4.4 million customers’ personal information Full Text
Abstract
A significant data breach has impacted TransUnion, one of the largest credit reporting agencies in the United States, compromising the personal information of over 4.4 million individuals.Tech Crunch
August 28, 2025 – Attack
ShadowSilk Campaign Targets Central Asian Governments Full Text
Abstract
A series of cyberattacks against government organizations in Central Asia and the Asia-Pacific has been linked to a threat cluster known as ShadowSilk, according to new research by Group-IB.Infosecurity Magazine
August 28, 2025 – Attack
Hundreds of Swedish municipalities impacted by suspected ransomware attack on IT supplier Full Text
Abstract
A suspected ransomware attack on Miljödata, a Swedish software provider used for managing sick leave and similar HR reports, is believed to have impacted around 200 of the country’s municipal governments.The Record
August 28, 2025 – Vulnerabilities
300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 Full Text
Abstract
Over 300,000 internet-facing Plex Media Server instances are still vulnerable to attack via CVE-2025-34158, a critical vulnerability for which Plex issued a fix earlier this month, Censys warned.Help Net Security
August 28, 2025 – Attack
Allied spy agencies blame three Chinese tech companies for Salt Typhoon attacks Full Text
Abstract
The activity identified by the intelligence services partially overlaps with campaigns reported by the cybersecurity industry and tracked as Salt Typhoon, RedMike, OPERATOR PANDA, UNC5807 and Ghost Emperor among others, stated the document.The Record
August 28, 2025 – Breach
Ransomware group says it hacked West Chester Township, Ohio Full Text
Abstract
West Chester Township officials on August 12 announced they had isolated and contained a cybersecurity breach. PEAR claimed responsibility for the attack on August 15, 2025, saying it stole 2 TB of data.ComapriTech
August 28, 2025 – Vulnerabilities
FreePBX servers hacked via zero-day, emergency fix released Full Text
Abstract
In an advisory posted to the FreePBX forums, the Sangoma FreePBX Security Team warned that since August 21, hackers have been exploiting a zero-day vulnerability in exposed FreePBX administrator control panels.Bleeping Computer
August 27, 2025 – Vulnerabilities
HPE security advisory (AV25-544) Full Text
Abstract
Hewlett Packard Enterprise (HPE) has issued Security Advisory AV25-544 on August 26, 2025, addressing multiple vulnerabilities in HPE Compute Scale-up Server 3200 systems. These vulnerabilities affect systems running versions prior to v1.60.88.Government of Canada
August 27, 2025 – Ransomware
Researchers flag code that uses AI systems to carry out ransomware attacks Full Text
Abstract
Researchers have identified PromptLock, the first known AI-powered ransomware, written in Golang. This malware leverages prompt injection attacks on large language models (LLMs) to execute ransomware functions.Cyber Scoop
August 27, 2025 – Attack
Velociraptor incident response tool abused for remote access Full Text
Abstract
Threat actors have been observed abusing the legitimate Velociraptor digital forensics and incident response (DFIR) tool to establish remote access and execute further malicious payloads.Sophos
August 27, 2025 – Attack
Data Is the New Diamond: Heists in the Digital Age Full Text
Abstract
A financially motivated data extortion campaign, active since at least December 2024, is targeting high-end retailers and luxury commerce sectors. The campaign involves threat actors compromising Salesforce environments using social engineering .Palo Alto Networks
August 26, 2025 – Policy and Law
Chinese Developer Jailed for Deploying Malicious Code at US Company Full Text
Abstract
A former software developer has been sentenced to four years in prison for deploying malicious code within the network of his US-based employer, causing widespread disruption and financial losses.Infosecurity Magazine
August 26, 2025 – Breach
National Public Data Relaunches Despite 2.9 Billion SSNs Breach Full Text
Abstract
The breach exposed approximately 2.9 billion records, including highly sensitive personal information such as Social Security numbers (SSNs), names, addresses, phone numbers, and familial relationships.Hack Read
August 26, 2025 – Breach
Blistering Wyden letter seeks review of federal court cybersecurity, citing ‘incompetence,’ ‘negligence’ Full Text
Abstract
The breach, attributed to alleged Russian hackers, exploited vulnerabilities that had remained unpatched for five years, with unauthorized access dating back to at least July. The breach compromised highly sensitive information.Cyber Scoop
August 26, 2025 – Breach
Farmers Insurance says 1 million customers affected by cyberattack on third-party vendor Full Text
Abstract
A significant data breach has impacted over 1 million customers of Farmers Insurance and its subsidiaries, stemming from a cyberattack on an undisclosed third-party vendor. The breach resulted in the exposure of sensitive personal information.The Record
August 26, 2025 – Breach
Auchan retailer data breach impacts hundreds of thousands of customers Full Text
Abstract
French multinational retailer Auchan has disclosed a significant data breach affecting several hundred thousand customers. The breach specifically impacted loyalty accounts, exposing personal data tied to these programs.Bleeping Computer
August 26, 2025 – Breach
New Jersey social services org notifies 42K people of data breach that leaked SSNs, medical and financial info Full Text
Abstract
Legacy Treatment Services, a New Jersey-based nonprofit healthcare provider, disclosed a ransomware attack affecting 41,826 individuals. The breach, attributed to the Interlock group, exposed extensive personal, financial, and medical data.CompariTech
August 26, 2025 – Vulnerabilities
AI browsers could leave users penniless: A prompt injection warning Full Text
Abstract
The rise of AI-powered and agentic browsers introduces a new class of cybersecurity threats—prompt injection attacks. These attacks exploit the language-processing capabilities of LLMs embedded in browsers.Malware Bytes
August 26, 2025 – Attack
New AI attack hides data-theft prompts in downscaled images Full Text
Abstract
An AI-based attack technique enables data theft by embedding malicious prompts within images. These prompts are revealed only after the images are downscaled by AI systems, allowing attackers to inject commands into LLMs without user awareness.Bleeping Computer
August 26, 2025 – Attack
Surge in coordinated scans targets Microsoft RDP auth servers Full Text
Abstract
A surge in coordinated scanning activity has been detected targeting Microsoft RDP Web Access and RDP Web Client authentication portals. This activity involves nearly 1,971 unique IP addresses.Bleeping Computer
August 25, 2025 – Phishing
ScreenConnect admins targeted with spoofed login alerts Full Text
Abstract
A low-volume spear-phishing campaign is targeting ScreenConnect Super Admins—users with full administrative control over their organization's deployment. The attackers aim to harvest login credentials MFA tokens.Help Net Security
August 25, 2025 – Malware
Android.Backdoor.916.origin malware targets Russian business executives Full Text
Abstract
A newly discovered Android spyware, Android.Backdoor.916.origin, is actively targeting Russian-speaking business executives by masquerading as a fake antivirus app named "GuardCB." The malware is designed for surveillance and data theft.Security Affairs
August 25, 2025 – Outage
O took offline operational systems following a ransomware attack Full Text
Abstract
Data I/O, a prominent manufacturer of manual and automated programming systems for flash memory, microcontrollers, and logic devices, reported a ransomware attack that forced the company to take several operational systems offline.Security Affairs
August 25, 2025 – Breach
Murky Panda hackers exploit cloud trust to hack downstream customers Full Text
Abstract
Murky Panda has recently compromised cloud service providers to abuse their trusted access to customer environments. In one case, they exploited zero-day vulnerabilities to access a SaaS provider’s cloud infrastructure.Bleeping Computer
August 25, 2025 – Education
Why satellite cybersecurity threats matter to everyone Full Text
Abstract
Many satellites currently in orbit are over 20 years old and were not designed with cybersecurity in mind. These legacy systems often lack the compute, memory, and storage capacity required to support modern cybersecurity tools.Help Net Security
August 25, 2025 – Botnet
GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets Full Text
Abstract
These campaigns—GeoServer exploitation, PolarEdge botnet, and the Gayfemboy Mirai variant—demonstrate a shift toward stealthy, persistent monetization and advanced evasion techniques.The Hacker News
August 25, 2025 – Phishing
Fake CoinMarketCap Journalists Targeting Crypto Executives in Spear-Phishing Campaign Full Text
Abstract
A targeted spear-phishing campaign is impersonating CoinMarketCap journalists to compromise cryptocurrency executives. The attackers exploit Zoom’s remote control feature to gain access to victims' systems.Hack Read
August 23, 2025 – Policy and Law
Dev gets 4 years for creating kill switch on ex-employer’s systems Full Text
Abstract
A software developer, Davis Lu, has been sentenced to four years in prison for deploying a kill switch and custom malware within the Windows production environment of a reportedly affected Ohio-based company.Bleeping Computer
August 23, 2025 – Phishing
Europol Denies $50K Reward for Qilin Ransomware, Calls It a Scam Full Text
Abstract
A fraudulent message claiming that Europol was offering a $50,000 reward for information on the Qilin ransomware group has been confirmed as a scam. The law enforcement agency has clarified that it does not use Telegram for official communications.Hack Read
August 23, 2025 – Vulnerabilities
U.S. CISA adds Apple iOS, iPadOS, and macOS flaw to its Known Exploited Vulnerabilities catalog Full Text
Abstract
CISA has added CVE-2025-43300, a zero-day vulnerability affecting Apple iOS, iPadOS, and macOS, to its KEV catalog. Successful exploitation can result in memory corruption, potentially allowing attackers to execute arbitrary code.Security Affairs
August 23, 2025 – Criminals
Interpol operation seizes $97 million in African cybercrime sweep Full Text
Abstract
A large-scale cybercrime crackdown across Africa, dubbed Operation Serengeti 2.0, has led to the arrest of 1,209 individuals, the dismantling of 11,432 malicious infrastructures, and the recovery of $97.4 million.Help Net Security
August 22, 2025 – Breach
Criminal background checker APCS faces data breach Full Text
Abstract
A significant data breach has impacted Access Personal Checking Services (APCS), a major UK-based provider of criminal background checks. The breach originated from a compromise at Intradev.The Register
August 22, 2025 – Malware
Fake Mac fixes trick users into installing new Shamos infostealer Full Text
Abstract
A new macOS infostealer malware named Shamos, developed by the cybercriminal group COOKIE SPIDER, is actively targeting Mac users through deceptive ClickFix attacks. Shamos is a variant of the Atomic macOS Stealer.Bleeping Computer
August 22, 2025 – Breach
DaVita says ransomware gang stole data of nearly 2.7 million people Full Text
Abstract
DaVita Inc., a leading kidney dialysis provider, has confirmed a ransomware attack that compromised the personal and health data of nearly 2.7 million individuals. The Interlock ransomware gang claimed responsibility.Bleeping Computer
August 22, 2025 – Policy and Law
Chinese national who sabotaged Ohio company’s systems handed four-year jail stint Full Text
Abstract
A former employee of Eaton Corporation, a power management company based in Ohio, has been sentenced to four years in prison for intentionally sabotaging the company’s computer systems.The Record
August 22, 2025 – General
The Good, the Bad and the Ugly in Cybersecurity – Week 34 Full Text
Abstract
Key incidents include the sentencing of high-profile cybercriminals, enhanced supply chain protections by PyPI, the evolution of the Noodlophile infostealer, and a sophisticated DPRK-linked espionage campaign using the MoonPeak RAT.Sentinel One
August 22, 2025 – Breach
IT staffing firm The Computer Merchant notifies 34K people of data breach that leaked SSNs Full Text
Abstract
The Computer Merchant, an IT staffing firm based in Norwell, Massachusetts, has disclosed a data breach affecting 34,127 individuals. The breach, attributed to the Play ransomware group, exposed sensitive personal data.Compari Tech
August 20, 2025 – Government
Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure Full Text
Abstract
The FBI has issued a warning about Russian FSB cyber actors (Center 16), also known as Berserk Bear and Dragonfly, targeting networking devices and critical infrastructure globally. These actors exploit CVE-2018-0171 in Cisco Smart Install.FBI
August 20, 2025 – Vulnerabilities
Commvault security advisory (AV25-531) Full Text
Abstract
Four high-severity vulnerabilities have been identified affecting versions 11.32.0 to 11.32.101 and 11.36.0 to 11.36.59 of Commvault software. Proof-of-concept exploit code exists for these issues, increasing the risk of exploitation.Government of Canada
August 20, 2025 – Policy and Law
A hacker tied to Yemen Cyber Army gets 20 months in prison Full Text
Abstract
A UK-based hacker, Al-Tahery Al-Mashriky (26), linked to the Yemen Cyber Army (YCA) and Spider Team, has been sentenced to 20 months in prison for defacing thousands of websites and possessing stolen personal data.Security Affairs
August 20, 2025 – Vulnerabilities
Google fixed Chrome flaw found by Big Sleep AI Full Text
Abstract
Google has released Chrome version 139 to address a high-severity vulnerability (CVE-2025-9132) in the V8 JavaScript and WebAssembly engine. CVE-2025-9132 is a high-severity out-of-bounds write vulnerability in the V8 engine.Security Affairs
August 20, 2025 – Vulnerabilities
Citizen Lab Reports Hidden VPN Networks Sharing Ownership and Security Flaws Full Text
Abstract
A new report by Citizen Lab titled “Hidden Links” has uncovered that several popular VPN apps, including Turbo VPN, VPN Monster, and Snap VPN, are secretly operated by the same entities and exhibit critical security flaws.Hack Read
August 20, 2025 – Vulnerabilities
Elastic rejects claims of a zero-day RCE flaw in Defend EDR Full Text
Abstract
On August 19, Elastic publicly refuted claims made by AshES Cybersecurity regarding a zero-day remote code execution (RCE) vulnerability in its Defend endpoint detection and response (EDR) product.Bleeping Computer
August 20, 2025a – Policy and Law
DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks Full Text
Abstract
U.S. authorities have charged 22-year-old Ethan Foltz for operating the RapperBot botnet, also known as "CowBot" and "Eleven Eleven Botnet." This botnet facilitated over 370,000 DDoS attacks across 80+ countries.The Hacker News
August 20, 2025 – Breach
`
NY Business Council discloses data breach affecting 47,000 people Full Text
Abstract
The Business Council of New York State (BCNYS) has disclosed a data breach affecting 47,329 individuals. The breach involved unauthorized access to sensitive personal, financial, and health data.Bleeping Computer
August 20, 2025 – Breach
Ransomware gang says it hacked drug research firm Inotiv Full Text
Abstract
On August 8, 2025, Inotiv, a U.S.-based drug research firm, disclosed a ransomware attack in an SEC filing. The Qilin ransomware group claimed responsibility, stating it exfiltrated 176 GB of sensitive data.CompariTech
August 20, 2025 – Vulnerabilities
Apache ActiveMQ attackers patch critical vuln after entry Full Text
Abstract
A new attack campaign is targeting Apache ActiveMQ servers by exploiting CVE-2023-46604, a critical vulnerability with a CVSS score of 9.8. Threat actors are deploying a custom Linux malware dubbed DripDropper to establish persistence.The Register
August 18, 2025 – Malware
PipeMagic in 2025: How the backdoor operators’ tactics have changed Full Text
Abstract
PipeMagic is a backdoor first detected in December 2022 while researchers were investigating a malicious campaign involving RansomExx. The victims were industrial companies in Southeast Asia.Secure List
August 18, 2025 – Criminals
Threat Actor Claims to Sell 15.8 Million Plain-Text PayPal Credentials Full Text
Abstract
A threat actor using the name Chucky_BF on a cybercrime and hacker forum is advertising what they claim to be a massive PayPal data dump. The post describes a trove allegedly containing more than 15.8 million records of email and plaintext passwords.Hack Read
August 18, 2025 – Outage
Colt Customers Face Prolonged Outages After Major Cyber Incident Full Text
Abstract
On August 14, the telecommunications giant publicly confirmed that an internal system was breached. Although this system was disconnected from its customer-facing infrastructure, the company has taken some systems offline in respond to the incident.Infosecurity Magazine
August 18, 2025 – Policy and Law
DoJ seizes $2.8M linked to Zeppelin Ransomware Full Text
Abstract
DoJ seized $2.8M in crypto from Ianis Antropenko, indicted in Texas and tied to the defunct Zeppelin ransomware. The U.S. Department of Justice (DoJ) seized more than $2.8 million in cryptocurrency from Ianis Aleksandrovich Antropenko.Security Affairs
August 18, 2025 – Breach
Human resources firm Workday disclosed a data breach Full Text
Abstract
Human resources firm Workday disclosed a data breach after attackers accessed a third-party CRM platform via social engineering. The company provides services to over 11,000 organizations, including over 60% of Fortune 500 firms.Security Affairs