Welcome to BSafes Library
BSafes library includes mobile-friendly cybersecurity publications.
News
July 30, 2025 – Hacker
Hafnium Tied to Advanced Chinese Surveillance Tools Full Text
Abstract
Recent investigations have revealed that the Chinese state-sponsored threat group Hafnium (also known as Silk Typhoon) is linked to a network of front companies developing advanced surveillance and cyber-espionage tools.Infosecurity Magazine
July 30, 2025 – Malware
Hidden Backdoor Found in ATM Network via Raspberry Pi Full Text
Abstract
An attack on ATM infrastructure was uncovered involving a Raspberry Pi device physically connected to a network switch shared with an ATM. UNC2891 used this device to bypass perimeter firewalls and gain remote access to the bank’s internal network.Infosecurity Magazine
July 30, 2025 – Outage
Cyberattack shuts down hundreds of Russian pharmacies, disrupts healthcare services Full Text
Abstract
A wave of cyberattacks severely disrupted healthcare and critical infrastructure services across Russia. Stolichki and Neofarm were forced to suspend operations, affecting access to medications and healthcare services for thousands of citizens.The Record
July 30, 2025 – Attack
Targeted attacks leverage accounts on popular online platforms as C2 servers Full Text
Abstract
A sophisticated cyberattack campaign active from late 2024 to April 2025 targeted Russian IT firms and international entities using Cobalt Strike Beacon. The attackers employed spear phishing, DLL hijacking, and social media-based payload delivery.Secure List
July 30, 2025 – Breach
US Tops Hit List as 396 SharePoint Systems Compromised Globally Full Text
Abstract
A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770/53771 and exploited via the ToolShell exploit, has led to the compromise of 396 systems across 41 countries.Infosecurity Magazine
July 30, 2025 – Business
Palo Alto Networks in talks to acquire CyberArk for over $20bn Full Text
Abstract
Palo Alto Networks is reportedly negotiating to acquire CyberArk Software, an Israeli publicly traded IT company, in a deal potentially exceeding $20bn. This potential acquisition of CyberArk would mark Palo Alto Networks’ largest deal to date.Yahoo
July 30, 2025 – Breach
Cybercriminals Attack Seychelles – Offshore Banking as a Target Full Text
Abstract
A cyberattack targeting Seychelles Commercial Bank (SCB) has resulted in the exfiltration of 2.2GB of sensitive customer and government data. The attacker, operating under the alias "ByteToBreach," exploited a vulnerability in Oracle WebLogic Server.ReSecurity
July 30, 2025 – Malware
Auto-Color Backdoor Malware Exploits SAP Vulnerability Full Text
Abstract
A new malware campaign has been identified targeting Linux systems via a critical SAP NetWeaver vulnerability (CVE-2025-31324). The malware, dubbed Auto-Color, was deployed in a targeted intrusion against a US-based chemicals company in April 2025.Infosecurity Magazine
July 30, 2025 – Attack
New Choicejacking Attack Steals Data from Phones via Public Chargers Full Text
Abstract
A newly identified USB-based attack technique, dubbed Choicejacking, enables cybercriminals to steal data from smartphones via public charging stations. This method bypasses traditional security prompts.Hack Read
July 30, 2025 – Government
Scattered Spider is targeting victims’ Snowflake data storage for quick exfiltration Full Text
Abstract
An updated joint advisory from U.S., U.K., Canadian, and Australian cybersecurity agencies warns of ongoing campaigns by Scattered Spider. This group is targeting Snowflake data storage environments to exfiltrate large volumes of sensitive data.The Record
July 29, 2025 – Breach
Cybercriminals give Indiana megachurch 7 days to pay $600K ransom after data breach Full Text
Abstract
Rhysida ransomware group has claimed responsibility for a cyberattack on the First Baptist Church of Hammond, Indiana. The attackers demanded a ransom of 5 BTC (~$594,000) and threatened to sell stolen data if unpaid.CompariTech
July 29, 2025 – Vulnerabilities
Critical Authentication Flaw Identified in Base44 Vibe Coding Platform Full Text
Abstract
A critical authentication vulnerability was discovered in Base44’s AI-driven "vibe coding" platform. The flaw allowed unauthorized users to bypass authentication mechanisms, including Single Sign-On (SSO), and gain access to private applications.Infosecurity Magazine
July 29, 2025 – Attack
GOLD BLADE Remote DLL Sideloading Attack Deploys RedLoader Full Text
Abstract
A new campaign by the GOLD BLADE threat group leverages remote DLL sideloading technique to deploy RedLoader malware. This attack chain combines malicious LNK files and WebDAV-based delivery mechanisms to evade detection and establish persistence.Sophos
July 29, 2025 – Criminals
FBI seizes $2.4M in Bitcoin from new Chaos ransomware operation Full Text
Abstract
The FBI has seized approximately 20.29 Bitcoins (valued at over $2.4 million) from a cryptocurrency address linked to a member of the new Chaos ransomware operation. This operation is believed to be a rebrand of the BlackSuit ransomware group.Bleeping Computer
July 29, 2025 – Solution
Cyware expands Intelligence Suite to streamline CTI program deployment and operations Full Text
Abstract
Cyware has announced a significant expansion of its Cyware Intelligence Suite, a modular and automated threat intelligence platform designed to streamline the deployment and operation of Cyber Threat Intelligence (CTI) programs.Help Net Security
July 29, 2025 – Vulnerabilities
Exploit available for critical Cisco ISE bug exploited in attacks Full Text
Abstract
A critical unauthenticated RCE vulnerability in Cisco ISE has been actively exploited in the wild. The issue was later split into two CVEs: CVE-2025-20281 (command injection) and CVE-2025-20337 (unsafe deserialization).Bleeping Computer
July 29, 2025 – Breach
Endgame Gear mouse config tool infected users with malware Full Text
Abstract
Between June 26 and July 9, 2025, the official configuration tool for the Endgame Gear OP1w 4k v2 wireless mouse—Endgame_Gear_OP1w_4k_v2_Configuration_Tool_v1_00.exe—was compromised with malware and distributed via Endgame Gear’s official website.Bleeping Computer
July 29, 2025 – Vulnerabilities
Flaw in Gemini CLI AI coding assistant allowed stealthy code execution Full Text
Abstract
A critical vulnerability in Google's Gemini CLI was discovered just two days later by researchers. The flaw allowed attackers to stealthily execute malicious commands and exfiltrate sensitive data from developers' systems using allowlisted programs.Bleeping Computer
July 29, 2025 – Breach
GLOBAL GROUP Ransomware Claims Breach of Media Giant Albavisión Full Text
Abstract
The GLOBAL GROUP ransomware gang, active since early June 2025, has claimed responsibility for a cyberattack on Albavisión. The group alleges the theft of 400 GB of data and has issued a 15-day ultimatum for negotiations before public data release.Hack Read
July 29, 2025 – Vulnerabilities
Lovense sex toy app flaw leaks private user email addresses Full Text
Abstract
A critical zero-day vulnerability in the Lovense sex toy app exposes users' private email addresses by leveraging publicly available usernames. The flaw enables attackers to automate email harvesting, posing significant privacy and security risks.Bleeping Computer
July 28, 2025 – Outage
Aeroflot blames IT issues for flight cancellations Full Text
Abstract
Russia’s largest airline, Aeroflot, experienced a major IT disruption on July 28, 2025, resulting in the cancellation of 49 flights (42 initially, with 7 more added later) and delays ranging from 25 minutes to nearly three hours.The Register
July 28, 2025 – Vulnerabilities
Naval Group Denies Hack Claims, Alleges “Reputational Attack” Full Text
Abstract
A high-severity vulnerability, tracked as CVE-2023-2533, has been identified in PaperCut's NG/MF product. This CSRF flaw could allow attackers to alter security settings or execute arbitrary code under specific conditions.Infosecurity Magazine
July 28, 2025 – Government
FBI alerts tie together threats of cybercrime, physical violence from The Com Full Text
Abstract
The FBI has issued a series of public service announcements (PSAs) warning about “The Com,” a rapidly growing and decentralized cybercriminal network composed primarily of minors and young adults aged 11 to 25.Cyber Scoop
July 28, 2025 – Breach
Massachusetts electric utility notifies hundreds of data breach that leaked SSNs and other info Full Text
Abstract
Massachusetts Municipal Wholesale Electric Company (MMWEC) disclosed a ransomware attack affecting at least 514 individuals, compromising SSNs, taxpayer IDs, and financial data. The BlackSuit gang claimed responsibility.CompariTech
July 28, 2025 – Criminals
Muddled Libra: From Social Engineering to Enterprise-Scale Disruption Full Text
Abstract
Muddled Libra, also known as Scattered Spider, has evolved from a small group of cryptocurrency-focused attackers into a highly organized, modular cybercrime syndicate capable of enterprise-scale disruption.Palo Alto Networks
July 28, 2025 – Policy and Law
Arizona Woman Jailed for Helping North Korea in $17M IT Job Scam Full Text
Abstract
The operation involved aiding North Korean IT workers in impersonating US residents to secure remote jobs at over 300 American companies, posing a significant threat to national security and corporate integrity.Hack Read
July 28, 2025 – Breach
Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack Full Text
Abstract
U.S. insurance giant Allianz Life has confirmed a significant data breach that compromised the personal information of the majority of its 1.4 million customers, financial professionals, and select employees.Tech Crunch
July 28, 2025 – Vulnerabilities
Post SMTP plugin flaw exposes 200K WordPress sites to hijacking attacks Full Text
Abstract
A critical vulnerability in the Post SMTP plugin for WordPress (CVE-2025-24000) exposes over 200,000 websites to potential account hijacking. The plugin has over 400,000 active installations, making the impact of this vulnerability significant.Bleeping Computer
July 26, 2025 – Ransomware
Hackers Use Weaponized .HTA Files to Infect Victims with Red Ransomware Full Text
Abstract
Hackers are using weaponized .HTA files to deploy the Epsilon Red ransomware, leveraging ActiveX and Windows Command Shell for stealthy payload delivery. The malware employs social engineering tactics.GBHackers
July 26, 2025 – Ransomware
New Gunra Ransomware Targets Windows Systems, Encrypts Files, and Erases Shadow Copies Full Text
Abstract
Gunra ransomware, active since April 2025, targets Windows systems and uses advanced tactics, including rapid file encryption and shadow copy deletion, to maximize impact. The ransomware shows similarities to Conti ransomware.GBHackers
July 26, 2025 – Policy and Law
Treasury sanctions North Koreans involved in IT-worker schemes Full Text
Abstract
The U.S. Department of the Treasury has sanctioned three North Korean nationals and their front company, Korea Sobaeksu Trading Co., for orchestrating remote IT-worker schemes that generate revenue for North Korea’s Munitions Industry Department.Cybersecurity Dive
July 26, 2025 – Phishing
Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files Full Text
Abstract
Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic intelligence. The campaign employs a five-stage execution chain.The Hacker News
July 25, 2025 – Vulnerabilities
Bloomberg Comdb2 null pointer dereference and denial-of-service vulnerabilities Full Text
Abstract
Researchers identified five critical vulnerabilities in Bloomberg’s Comdb2 version 8.1, an open-source clustered database system. These flaws can be exploited remotely to cause denial-of-service (DoS) conditions via specially crafted TCP packets.Talos Intelligence
July 25, 2025 – Botnet
New VoIP Botnet Targets Routers Using Default Passwords Full Text
Abstract
A newly discovered botnet campaign is exploiting VoIP-enabled routers by leveraging default password attacks over Telnet. Initially detected in a small New Mexico community, the operation has since expanded globally, compromising over 500 devices.GBHackers
July 25, 2025 – Breach
IR35 advisor Qdos confirms a data leak to techie clients Full Text
Abstract
Qdos, a UK-based business insurance and employment status specialist serving tech contractors, has confirmed a data breach involving unauthorized access to one of its web applications, mygoqdos.com.The Register
July 25, 2025 – Vulnerabilities
Tridium Niagara Framework Flaws Expose Sensitive Network Data Full Text
Abstract
Researchers uncovered 13 critical vulnerabilities in the Niagara Framework, developed by Tridium. These flaws, consolidated into 10 CVEs, affect building management, industrial automation, and smart infrastructure systems globally.GBHackers
July 25, 2025 – Outage
Morgan County 911 emergency services confirms ransomware attack via Qilin Full Text
Abstract
Morgan County 911, based in Decatur, Alabama, confirmed a ransomware attack by the Qilin group in May 2025. While administrative systems were disrupted, critical dispatch operations remained unaffected.CompariTech
July 25, 2025 – Breach
Toptal caught serving malware after GitHub compromise Full Text
Abstract
A recent supply chain attack compromised Toptal’s GitHub account, resulting in the distribution of malware through its Picasso developer toolbox. The attack affected over 5,000 downloads and involved 10 npm packages.The Register
July 24, 2025 – Breach
Hacker sneaks infostealer malware into early access Steam game Full Text
Abstract
Aether Forge Studios' early access game "Chemia" on Steam has been compromised by the threat actor EncryptHub (aka Larva-208) to distribute info-stealing malware. Despite the breach, the game remains available on Steam.Bleeping Computer
July 24, 2025 – Attack
Microsoft says Warlock ransomware deployed in SharePoint attacks as governments scramble Full Text
Abstract
A critical vulnerability in Microsoft SharePoint, tracked as CVE-2025-49706, is being actively exploited by the China-based threat actor Storm-2603 to deploy Warlock ransomware. This campaign has impacted over 400 organizations globally.The Record
July 24, 2025 – Malware
CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing Full Text
Abstract
CastleLoader is a newly identified malware loader actively used in campaigns to distribute a range of information stealers and remote access trojans (RATs), including DeerStealer, RedLine, StealC, NetSupport RAT, SectopRAT, and Hijack Loader.The Hacker News
July 24, 2025 – Breach
Cybercrime forum Leak Zone publicly exposed its users’ IP addresses Full Text
Abstract
A significant data exposure incident has been identified involving the cybercrime forum Leak Zone, which inadvertently leaked the IP addresses and login timestamps of its users due to a misconfigured Elasticsearch database.Tech Crunch
July 24, 2025 – Malware
Coyote malware abuses Microsoft UIA to hunt banking creds Full Text
Abstract
A new variant of the Coyote banking trojan has emerged as the first known malware to exploit Microsoft's UI Automation framework for credential theft. This enables the malware to extract banking credentials from users.The Register
July 24, 2025 – Vulnerabilities
Sonicwall fixes critical flaw in SMA appliances, urges customers to check for compromise (CVE-2025-40599) Full Text
Abstract
SonicWall has released a critical security update addressing CVE-2025-40599, a high-severity vulnerability in its SMA 100 series appliances. The flaw allows remote attackers with administrative privileges to upload arbitrary files, leading to RCE.Help Net Security
July 24, 2025 – Attack
Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems Full Text
Abstract
Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targeted systems. The attack chains entail the exploitation of CVE-2025-49706 and CVE-2025-49704.The Hacker News
July 24, 2025 – Government
U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog Full Text
Abstract
The CISA has added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These include critical flaws in CrushFTP, Google Chromium, and SysAid On-Prem software.Security Affairs
July 24, 2025 – General
Fake Receipt Generators Fuel Rise in Online Fraud Full Text
Abstract
A growing fraud-as-a-service ecosystem is leveraging fake receipt generators to facilitate online scams, particularly on resale platforms. MaisonReceipts and Receiptified.com, enable users to create highly realistic counterfeit receipts.Infosecurity Magazine
July 24, 2025 – Criminals
Suspected XSS Forum Admin Arrested in Ukraine Full Text
Abstract
A suspected administrator of the notorious Russian-language cybercrime forum XSS was arrested in Ukraine on July 22, 2025. The operation was a joint effort between Ukrainian authorities, French police, and Europol.Infosecurity Magazine
July 23, 2025 – Breach
France: New Data Breach Could Affect 340,000 Jobseekers Full Text
Abstract
France Travail, the French employment agency, experienced a data breach affecting approximately 340,000 jobseekers. The initial access vector was an infostealer malware that compromised a user account associated with a training organization.Infosecurity Magazine
July 23, 2025 – General
Ports are getting smarter and more hackable Full Text
Abstract
Maritime ports, which handle approximately 80% of global trade, are increasingly becoming targets of sophisticated cyberattacks. The most commonly affected systems include access control systems and vessel traffic management systems.Help Net Security
July 23, 2025 – Ransomware
Ransomware Groups Weaponize RMM Tools to Infiltrate Networks and Exfiltrate Data Full Text
Abstract
Ransomware groups are increasingly weaponizing Remote Monitoring and Management (RMM) tools—originally intended for legitimate IT operations—to conduct sophisticated cyber intrusions.GBHackers
July 23, 2025 – Phishing
Phishing campaign targets U.S. Department of Education’s G5 portal Full Text
Abstract
A sophisticated phishing campaign is targeting users of the U.S. Department of Education’s G5 portal, a critical platform used by educational institutions and vendors to manage federal education grants and funding.Help Net Security
July 23, 2025 – Breach
Global Fashion Label SABO’s 3.5M Customer Records Exposed Online Full Text
Abstract
A significant data breach has impacted global fashion brand SABO, exposing over 3.5 million customer records due to a misconfigured and unsecured database. The breach poses serious risks of phishing, social engineering, and financial fraud.Hack Read
July 23, 2025 – Vulnerabilities
ABB security advisory (AV25-441) Full Text
Abstract
ABB has issued a security advisory addressing a high-severity vulnerability (CVE-2025-7705) in its Switch Actuator 4 DU and Switch actuator, door/light 4 DU products. The bug, categorized as "Active Debug Code," affects all versions of these devices.Government of Canada
July 23, 2025 – Breach
Ransomware gang says it hacked PC maker iBUYPOWER Full Text
Abstract
A ransomware group known as Lynx has claimed responsibility for a cyberattack on gaming PC manufacturer iBUYPOWER and its sister brand HYTE. The attack disrupted several internal systems and has been listed on Lynx’s data leak site.CompariTech
July 23, 2025 – Vulnerabilities
Sophos security advisory (AV25-443) Full Text
Abstract
Sophos has released a security advisory (AV25-443) addressing multiple critical vulnerabilities in its firewall products. Sophos Firewall – version v21.0 GA (21.0.0) and prior Sophos Firewall – version v21.5 GA (21.5.0) and priorGovernment of Canada
July 23, 2025 – Attack
Microsoft SharePoint zero-day attacks pinned on China-linked ‘Typhoon’ threat groups Full Text
Abstract
Two critical zero-day vulnerabilities in Microsoft SharePoint—CVE-2025-53770 and CVE-2025-53771—are being actively exploited by China-linked threat actors Linen Typhoon, Violet Typhoon, and Storm-2603.Cyber Scoop
July 23, 2025 – Malware
Uncovering a Stealthy WordPress Backdoor in mu-plugins Full Text
Abstract
A stealthy backdoor has been discovered in WordPress installations, specifically targeting the mu-plugins directory. This malware leverages the must-use plugin mechanism to ensure automatic activation and persistence.Sucuri
July 22, 2025 – Policy and Law
Silicon Valley engineer admits theft of missile secrets Full Text
Abstract
A Silicon Valley-based engineer, Chenguang Gong, has pleaded guilty to stealing over 3,600 sensitive trade secret files from two US electronics manufacturers, including a military contractor.The Register
July 22, 2025 – Criminals
Startup takes personal data stolen by malware and sells it on to other companies Full Text
Abstract
Farnsworth Intelligence is offering access to data stolen by infostealer malware, claiming legality by sourcing it via a third-party vendor. The $50 entry-level version operates on a credit-based model.Malware Bytes
July 22, 2025 – Vulnerabilities
Microsoft: Windows Server KB5062557 causes cluster, VM issues Full Text
Abstract
Microsoft has confirmed that the Windows Server 2019 security update KB5062557 is causing significant issues with Cluster Services and VMs. Affected systems may experience repeated service restarts, node failures, and errors.Bleeping Computer
July 22, 2025 – Vulnerabilities
ExpressVPN bug leaked user IPs in Remote Desktop sessions Full Text
Abstract
A vulnerability in ExpressVPN's Windows client caused RDP traffic to bypass the VPN tunnel, exposing users' real IP addresses. The issue was active from version 12.97 to 12.101.0.2-beta and has since been patched in version 12.101.0.45.Bleeping Computer
July 22, 2025 – Breach
Hackers hit Dell product demo platform, but impact is limited Full Text
Abstract
Dell Technologies has confirmed a security breach involving its Solution Center, a platform used for product demonstrations and proof-of-concept testing. The WorldLeaks ransomware group has claimed responsibility.The Record
July 22, 2025 – Vulnerabilities
ISC BIND security advisory (AV25-440) Full Text
Abstract
On July 16, 2025, the Internet Systems Consortium (ISC) published security advisories addressing two vulnerabilities in ISC BIND 9. These issues affect multiple versions of BIND 9, and users are strongly encouraged to apply the necessary updates.Government of Canada
July 22, 2025 – APT
MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict Full Text
Abstract
Iran-linked APT group MuddyWater (also known as SeedWorm, TEMP.Zagros, and Static Kitten) has deployed new variants of the DCHSpy Android spyware amid the ongoing Iran-Israel conflict.Security Affairs
July 22, 2025 – Breach
After website hack, Arizona election officials unload on Trump’s CISA Full Text
Abstract
Arizona election officials reported a cyberattack on the state’s online candidate portal, where attacker(s) replaced candidate photos with images of the late Iranian Ayatollah Ruhollah Khomeini.Cyber Scoop
July 21, 2025 – Hacker
Russia Linked to New Malware Targeting Email Accounts for Espionage Full Text
Abstract
Russian military intelligence (GRU)-linked threat actors have been using previously unknown malicious software to enable espionage against victim email accounts, the UK’s National Cyber Security Centre (NCSC) has reported.Infosecurity
July 21, 2025 – Attack
A surveillance vendor was caught exploiting a new SS7 attack to track people’s phone locations Full Text
Abstract
Researchers at Enea said that they have observed an unnamed surveillance vendor exploiting the new bypass attack as far back as late 2024 to obtain the locations of people’s phones without their knowledge.Tech Crunch
July 19, 2025 – Ransomware
New Phobos and 8base ransomware decryptor recover files for free Full Text
Abstract
Japanese police released a free decryptor for Phobos and 8Base ransomware victims, enabling file recovery without paying a ransom. The decryptor was likely developed using intelligence obtained during a 2024 international law enforcement operation.Bleeping Computer
July 19, 2025 – Breach
Boston clinic notifies 185,000+ people of data breach that compromised patients’ personal and medical info Full Text
Abstract
The breach exposed sensitive patient data, including names, medical record numbers, diagnoses, medications, treatment details, claims information, dates of birth, and addresses.CompariTech
July 19, 2025 – Cryptocurrency
New Surge of Crypto-Jacking Hits Over 3,500 Websites Full Text
Abstract
A new wave of crypto-jacking has infected over 3,500 websites using stealthy JavaScript miners. This campaign marks a resurgence of browser-based mining reminiscent of Coinhive but with advanced evasion techniques.GBHackers
July 19, 2025 – Attack
A surveillance vendor was caught exploiting a new SS7 attack to track people’s phone locations Full Text
Abstract
Researchers discovered a surveillance vendor exploiting a new SS7 attack to covertly track individuals' phone locations. The attack bypasses telecom security measures to access cell tower data, enabling geolocation without user consent.Tech Crunch
July 19, 2025 – Government
UK sanctions Russian cyber spies accused of facilitating murders Full Text
Abstract
The United Kingdom has imposed sanctions on 18 officers of Russia’s military intelligence agency, the GRU, for conducting cyber operations that facilitated targeted missile strikes and attempted assassinations.The Record
July 18, 2025 – Malware
LameHug malware uses AI LLM to craft Windows data-theft commands in real-time Full Text
Abstract
A newly discovered malware family named LameHug is leveraging artificial intelligence to dynamically generate Windows data-theft commands in real-time. LameHug is the first malware to integrate LLM for operational command generation.Bleeping Computer
July 18, 2025 – Malware
Microsoft Teams voice calls abused to push Matanbuchus malware Full Text
Abstract
Matanbuchus is a malware-as-a-service (MaaS) operation first advertised on the dark web in early 2021 for $2,500. It is designed to execute malicious payloads directly in memory, enabling it to evade traditional detection mechanisms.Bleeping Computer
July 18, 2025 – Vulnerabilities
VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin Full Text
Abstract
VMware has patched four zero-day vulnerabilities in ESXi, Workstation, Fusion, and Tools. Three of these flaws (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238) are critical, allowing guest-to-host code execution.Bleeping Computer
July 18, 2025 – Criminals
Threat hunting case study: Lumma infostealer Full Text
Abstract
Between April and June 2024, Lumma's marketplace listed over 21,000 stolen data logs. In May 2025, a coordinated law enforcement operation led by Microsoft, DOJ, Europol, and J3C disrupted Lumma’s infrastructure.Intel 471
July 17, 2025 – Breach
Hacker steals $27 million in BigONE exchange crypto breach Full Text
Abstract
A significant security breach at the BigONE cryptocurrency exchange has resulted in the theft of approximately $27 million in digital assets. The attack was identified as a supply-chain compromise targeting the platform’s hot wallet infrastructure.Bleeping Computer
July 16, 2025 – Criminals
Italian police dismantle Romanian ransomware gang targeting nonprofits, film companies Full Text
Abstract
Italian authorities, in collaboration with French and Romanian law enforcement, have dismantled a Romanian ransomware group known as “Diskstation.” The group targeted victims in northern Italy, particularly in the Lombardy region.The Record
July 16, 2025 – Attack
Threat actor targets end-of-life SonicWall SMA 100 appliances in ongoing campaign Full Text
Abstract
A sophisticated threat campaign by UNC6148 is actively targeting fully patched but end-of-life SonicWall Secure Mobile Access (SMA) 100 appliances. The targeted appliances are fully patched but have reached end-of-life status.Cybersecurity Dive
July 16, 2025 – Breach
Adoption Agency Data Exposure Revealed Information About Children and Parents Full Text
Abstract
A significant data exposure incident involving the Gladney Center for Adoption has revealed over 1.1 million sensitive records related to children, birth parents, adoptive families, and caregivers.Wired
July 16, 2025 – Breach
Compumedics data breach leaks patient info from a dozen hospitals and clinics Full Text
Abstract
Compumedics and its subsidiary NeuroMedical Supplies suffered a ransomware attack in March 2025, compromising sensitive data of at least 320,404 individuals. The Van Helsing ransomware group claimed responsibility for the attack.Comparitech
July 16, 2025 – Breach
UK retail giant Co-op confirms hackers stole all 6.5 million customer records Full Text
Abstract
UK retail giant Co-op has confirmed a significant data breach that compromised the personal information of all 6.5 million of its customers. The breach is attributed to the cybercriminal group Scattered Spider.Tech Crunch
July 16, 2025 – Criminals
Police disrupt “Diskstation” ransomware gang attacking NAS devices Full Text
Abstract
An international law enforcement operation, codenamed 'Operation Elicius', dismantled the Romanian ransomware gang known as 'Diskstation'. The group encrypted the systems of several companies in the Lombardy region of Italy.Bleeping Computer
July 16, 2025 – Vulnerabilities
Meta fixes bug that could leak users’ AI prompts and generated content Full Text
Abstract
The vulnerability posed a significant privacy risk, potentially exposing sensitive user-generated content. Although Meta found no evidence of abuse, the flaw could have allowed unauthorized access to private AI interactions.Tech Crunch
July 16, 2025 – Denial Of Service
Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors Full Text
Abstract
A new wave of hyper-volumetric Distributed Denial-of-Service (DDoS) attacks has reached unprecedented levels, with a record-breaking peak of 7.3 terabits per second (Tbps) and 4.8 billion packets per second (Bpps).The Hacker News
July 15, 2025 – Phishing
UK Pet Owners Targeted by Fake Microchip Renewal Scams Full Text
Abstract
A sophisticated phishing campaign is targeting UK pet owners with fake microchip renewal emails. These emails appear highly credible, often including accurate pet details such as name, breed, and microchip number.HackRead
July 15, 2025 – Malware
AsyncRAT evolves as ESET tracks its most popular malware forks Full Text
Abstract
ESET identified several prominent AsyncRAT forks actively used in cyberattacks, including DcRat, VenomRAT, and SilverRAT. DcRat offers an expanded feature set, while VenomRAT includes even more advanced capabilities.Help Net Security
July 15, 2025 – Malware
Android malware Konfety uses malformed APKs to evade detection Full Text
Abstract
Konfety masquerades as legitimate applications but delivers none of the promised functionality. It is designed to fetch hidden ads, exfiltrate device data, and potentially load additional malicious modules dynamically.Bleeping Computer
July 15, 2025 – Breach
DragonForce hackers claim responsibility for Belk data breach Full Text
Abstract
DragonForce, a ransomware group operating under a Ransomware-as-a-Service (RaaS) model, has claimed responsibility for a data breach targeting Belk, a North Carolina-based department store chain.Cybersecurity Dive
July 15, 2025 – Breach
Chicago-area school district notifies 11.5K people of data breach compromising student records, SSNs, finances, and medical info Full Text
Abstract
Indian Springs School District 109, located in Justice, Illinois, disclosed a ransomware attack that compromised the personal data of 11,542 individuals. The breach is attributed to the RansomHub ransomware group.CompariTech
July 15, 2025 – Breach
Ransomware gang to release data from Lorain County Auditor’s Office today Full Text
Abstract
The Lorain County Auditor’s Office in Ohio was targeted by the Global ransomware group in a cyberattack that occurred on May 27. Global RaaS)group, has claimed responsibility and alleges possession of private data, including bank account information.CompariTech
July 15, 2025 – Phishing
Abacus Market Shutters After Exit Scam, Say Experts Full Text
Abstract
Abacus Market, the Western world’s highest-grossing dark web marketplace, went offline in early July 2025, following user reports of withdrawal issues that began in late June. Experts believe this marks a classic exit scam.Infosecurity Magazine
July 15, 2025 – Vulnerabilities
Researchers Jailbreak Grok-4 AI Within 48 Hours of Launch Full Text
Abstract
Researchers successfully jailbroke Elon Musk’s Grok-4 AI within 48 hours of its launch. By combining two advanced techniques—Echo Chamber and Crescendo—they bypassed the AI’s security filters and extracted instructions for creating dangerous items.HackRead
July 15, 2025 – Vulnerabilities
Why skipping security prompting on Grok’s newest model is a huge mistake Full Text
Abstract
Researchers identified critical vulnerabilities in Grok 4, particularly when deployed without system-level security prompting. The model was found to be highly susceptible to prompt injection attacks and capable of generating harmful content.Cyber Scoop
July 14, 2025 – Malware
Malicious VSCode extension in Cursor IDE led to $500K crypto theft Full Text
Abstract
A malicious VSCode-compatible extension named Solidity Language distributed via the Cursor AI IDE's Open VSX registry led to the theft of $500,000 in cryptocurrency. The extension impersonated a legitimate Ethereum smart contract syntax highlighter.Bleeping Computer
July 12, 2025 – Vulnerabilities
Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257) Full Text
Abstract
Fortinet released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on susceptible instances. Tracked as CVE-2025-25257, the bug carries a CVSS score of 9.6.The Hacker News
July 12, 2025 – Vulnerabilities
CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch Full Text
Abstract
The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes.Bleeping Computer
July 12, 2025 – Vulnerabilities
NVIDIA shares guidance to defend GDDR6 GPUs against Rowhammer attacks Full Text
Abstract
NVIDIA is warning users to activate System Level Error-Correcting Code mitigation to protect against Rowhammer attacks on graphical processors with GDDR6 memory. New research demonstrates a Rowhammer attack against an NVIDIA A6000 GPU.Bleeping Computer
July 12, 2025 – Vulnerabilities
The zero-day that could’ve compromised every Cursor and Windsurf user Full Text
Abstract
A security researcher stumbled upon a critical zero-day buried deep in the infrastructure powering today’s AI coding tools. Had it been exploited, a non-sophisticated attacker could’ve hijacked over 10 million machines with a single stroke.Bleeping Computer
July 11, 2025 – Breach
Louis Vuitton says UK customer data stolen in cyber-attack Full Text
Abstract
Louis Vuitton, the flagship brand of French luxury conglomerate LVMH, has confirmed a cyber-attack targeting its UK operations, resulting in the unauthorized access and theft of customer data.The Guardian
July 11, 2025 – Vulnerabilities
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild Full Text
Abstract
A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild. The vulnerability, CVE-2025-47812, is a case of improper handling of null ('\0') bytes in the server's web interface.The Hacker News
July 11, 2025 – Cryptocurrency
Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord Full Text
Abstract
Cryptocurrency users are the target of an ongoing social engineering campaign that employs fake startup companies to trick users into downloading malware that can drain digital assets from both Windows and macOS systems.The Hacker News
July 11, 2025 – Malware
Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques Full Text
Abstract
The SLOW#TEMPEST campaign employs sophisticated obfuscation techniques such as dynamic jumps and obfuscated function calls to evade detection. CFG obfuscation disrupts the predictable execution flow, complicating both static and dynamic analysis.Palo Alto Networks
July 11, 2025 – Ransomware
Anatomy of a Scattered Spider attack: A growing ransomware threat evolves Full Text
Abstract
Scattered Spider is increasingly making headlines of late, evolving its techniques and broadening the scope of its criminal activities against a wider array of enterprises.CSO Online
July 11, 2025 – Government
MPs Warn of “Significant” Iranian Cyber-Threat to UK Full Text
Abstract
A recent report by the UK Parliament’s ISC has raised alarms over the potential for significant disruption to the UK’s petrochemical, utilities, and finance sectors, especially amid escalating geopolitical tensions.Infosecurity Magazine
July 10, 2025 – Malware
macOS.ZuRu Resurfaces | Modified Khepri C2 Hides Inside Doctored Termius App Full Text
Abstract
A new variant of the macOS.ZuRu malware has resurfaced, targeting macOS users through a trojanized version of the Termius SSH client. This version incorporates a modified Khepri C2 beacon and introduces new techniques for persistence.Sentinel One
July 10, 2025 – Vulnerabilities
Critical Bluetooth Protocol Vulnerabilities Expose Devices to RCE Attacks Full Text
Abstract
Security researchers have uncovered a critical set of Bluetooth vulnerabilities, dubbed PerfektBlue, in OpenSynergy’s BlueSDK framework. These flaws affect millions of devices, including in-vehicle infotainment systems.GBHackers
July 10, 2025 – Vulnerabilities
Asus and Adobe vulnerabilities Full Text
Abstract
Researchers have discovered four critical vulnerabilities—two in Asus Armoury Crate and two in Adobe Acrobat Reader. These vulnerabilities have been patched by their respective vendors.Talos Intelligence
July 10, 2025 – Breach
Pierce County, WA libraries notify 336K people of data breach Full Text
Abstract
The Pierce County Library System (PCLS) has notified 336,826 individuals of a ransomware attack by the Inc group in April 2025, which exposed names and dates of birth. Inc posted images of stolen driver’s licenses, passports, and internal documents.Comparitech
July 10, 2025 – Vulnerabilities<br
AMD warns of new Meltdown, Spectre-like bugs affecting CPUs Full Text
Abstract
AMD has disclosed four new side-channel vulnerabilities, collectively termed Transient Scheduler Attacks (TSA), affecting a broad range of its CPUs. Successful exploitation of the TSA vulnerabilities could lead to information disclosure.The Register
July 10, 2025 – Breach
Bitcoin Depot breach exposes data of nearly 27,000 crypto users Full Text
Abstract
Bitcoin Depot has disclosed a data breach affecting nearly 27,000 customers. The breach exposed sensitive personal information typically collected during Know-Your-Customer (KYC) verification processesBleeping Computer
July 10, 2025 – Breach
Nippon Steel Solutions suffered a data breach following a zero-day attack Full Text
Abstract
Nippon Steel Solutions disclosed a data breach resulting from a zero-day attack on its network equipment. The breach led to unauthorized access and potential leakage of personal data belonging to customers, partners, and employees.Security Affairs
July 10, 2025 – Malware
Browser extensions turn nearly 1 million browsers into website-scraping bots Full Text
Abstract
A recent investigation uncovered that 245 browser extensions—installed on nearly 1 million devices—are covertly turning users' browsers into web scraping bots. These extensions, available on Chrome, Firefox, and Edge, embed the MellowTel-jsx library.Ars Technica
July 10, 2025 – APT
DoNot APT is expanding scope targeting European foreign ministries Full Text
Abstract
DoNot APT, also known as APT-C-35 and Origami Elephant, is a cyberespionage group likely linked to India. In a recent campaign, the group deployed a new malware variant, LoptikMod, to infiltrate European foreign ministries.Security Affairs
July 10, 2025 – Breach
McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried the Password ‘123456’ Full Text
Abstract
A critical security vulnerability in McDonald’s AI-powered hiring platform, McHire.com, exposed the personal data of millions of job seekers. The breach was caused by the use of the weak password “123456” for administrative access.Wired
July 9, 2025 – Breach
Server with Rockerbox Tax Firm Data Exposed 286GB of Records Full Text
Abstract
A significant data exposure incident has been uncovered involving Rockerbox, a Texas-based tax credit consultancy. The exposure involved 245,949 records totaling 286.9 GB of data, including highly sensitive personal and financial information.HackRead
July 9, 2025 – Breach
Canadian media giant Rogers named as victim of Chinese telecom hackers Full Text
Abstract
Rogers Communications has been identified as a victim of the Chinese state-sponsored threat actor Salt Typhoon. The campaign exploited vulnerabilities in Cisco routers to gain access to sensitive communications infrastructure.NextGov
July 9, 2025 – Vulnerabilities
New ServiceNow flaw lets attackers enumerate restricted data Full Text
Abstract
A critical vulnerability in ServiceNow, tracked as CVE-2025-3648 and dubbed Count(er) Strike, allows low-privileged users to enumerate restricted data from protected tables. The flaw stems from overly permissive Access Control List configurations.Bleeping Computer
July 9, 2025 – Attack
New Android TapTrap attack fools users with invisible UI trick Full Text
Abstract
A newly discovered Android attack technique, dubbed TapTrap, enables stealthy tapjacking by exploiting UI animation transitions. Unlike traditional overlay-based methods, TapTrap works even with zero-permission apps.Bleeping Computer
July 9, 2025 – Breach
M&S confirms social engineering led to massive ransomware attack Full Text
Abstract
M&S confirmed today that the retail outlet's network was initially breached in a "sophisticated impersonation attack" that ultimately led to a DragonForce ransomware attack. The breach began on April 17.Bleeping Computer
July 9, 2025 – Vulnerabilities
Microsoft Patch Tuesday for July 2025 — Snort rules and prominent vulnerabilities Full Text
Abstract
Microsoft’s July 2025 Patch Tuesday addresses 132 vulnerabilities, including 14 marked as critical. These span across Windows services, Microsoft Office, SharePoint, Hyper-V, and SQL Server.Talos Intelligence
July 9, 2025 – Ransomware
Iranian ransomware crew promises big bucks for US attacks Full Text
Abstract
An Iranian ransomware group, Pay2Key, has resurfaced as Pay2Key.I2P after a five-year hiatus, operating as a RaaS platform. The group is offering affiliates up to 80% of ransom proceeds for targeting US and Israeli organizations.The Register
July 9, 2025 – Policy and Law
Treasury slaps sanctions on people, companies tied to North Korean IT worker schemes Full Text
Abstract
The U.S. Department of the Treasury has imposed sanctions on individuals and entities involved in a North Korean IT worker scheme designed to covertly fund DPRK weapons of mass destruction and ballistic missile programs.Cyber Scoop
July 8, 2025 – Malware
Malicious Chrome extensions with 1.7M installs found on Web Store Full Text
Abstract
Security researchers have uncovered a widespread browser hijacking campaign involving 18 malicious extensions on the Chrome and Microsoft Edge Web Stores, collectively downloaded over 2.3 million times.Bleeping Computer
July 8, 2025 – Breach
IES Communications notifies 6,000+ employees of data breach that compromised SSNs and payroll info Full Text
Abstract
IES Communications, a U.S.-based IT contractor, has disclosed a ransomware attack that compromised sensitive data of 6,241 employees. The attack has been attributed to the Chaos ransomware group, which claims to have exfiltrated 1 TB of data.Comparitech
July 8, 2025 – Malware
Android malware Anatsa infiltrates Google Play to target US banks Full Text
Abstract
The Anatsa Android banking trojan has once again infiltrated Google Play, this time through an app disguised as a PDF viewer named ‘Document Viewer – File Reader’. The malware targets users of North American banking apps.Bleeping Computer
July 8, 2025 – Criminals
Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant Full Text
Abstract
Italian authorities have arrested Zewei Xu, a Chinese national suspected of cyberespionage activities linked to the China-nexus Advanced Persistent Threat (APT) group Hafnium, also known as Silk Typhoon.Security Affairs
July 8, 2025 – Malware
Atomic macOS infostealer adds backdoor for persistent attacks Full Text
Abstract
A new variant of AMOS has been discovered with an embedded backdoor. AMOS campaigns have impacted users in over 120 countries, with the US, France, Italy, the UK, and Canada among the most affected.Bleeping Computer
July 8, 2025 – Ransomware
Beware of Bert: New ransomware group targets healthcare, tech firms Full Text
Abstract
A new ransomware group named Bert has emerged, targeting healthcare, technology, and event services sectors across Asia, Europe, and the U.S. The ransomware affects both Windows and Linux systems and is under active development.The Record
July 8, 2025 – Breach
Rehab clinics in Jacksonville, FL targeted by new ransomware gang Full Text
Abstract
The breach affected 34,498 individuals and compromised sensitive data such as names, Social Security numbers, addresses, dates of birth, state-issued ID numbers, medical treatment details, and health insurance information.Comparitech
July 8, 2025 – Malware
Hackers abuse leaked Shellter red team tool to deploy infostealers Full Text
Abstract
Threat actors have exploited a leaked copy of Shellter Elite v11.0, a commercial AV/EDR evasion tool, to deploy infostealers including Rhadamanthys, Lumma, and Arechclient2.Bleeping Computer
July 8, 2025 – Attack
Cyberattack deals blow to Russian firmware used to repurpose civilian drones for Ukraine war Full Text
Abstract
A sophisticated cyberattack has disrupted the infrastructure used to distribute the “1001” firmware—custom software developed by Russian entities to convert civilian DJI drones for military use in the ongoing conflict in Ukraine.The Record
July 7, 2025 – Attack
Hackers Abuse Legitimate Inno Setup Installer to Deliver Malware Full Text
Abstract
The attack begins with a malicious Inno Setup installer that leverages Pascal scripting to execute a series of evasion techniques, including debugger and sandbox detection.GBHackers
July 7, 2025 – Vulnerabilities
Critical Sudo bugs expose major Linux distros to local root exploits Full Text
Abstract
Researchers disclosed two vulnerabilities (CVE-2025-32462 and CVE-2025-32463) in the Sudo command-line utility for Linux and Unix-like operating systems. Local attackers can exploit them to escalate privileges to root on affected systems.Security Affairs
July 7, 2025 – Vulnerabilities
Researchers Warn of Exposed JDWP Interfaces Targeted for Cryptomining Attacks Full Text
Abstract
Since JDWP lacks authentication or access control mechanisms, exposing the service to the internet can open up a new attack vector that attackers can abuse as an entry point, enabling full control over the running Java process.The Hacker News
July 7, 2025 – General
Cybercriminals jump on .es domain for credential phishing trip Full Text
Abstract
Cybersecurity experts at Cofense reported a 19x increase in malicious campaigns being launched from .es domains, making it the third most common, behind only .com and .ru.The Register
July 7, 2025 – Phishing
North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates Full Text
Abstract
Victims are tricked into installing the malware through phishing links sent via Calendly or Telegram. NimDoor is written in Nim, uses encrypted communications, and steals data like browser history and Keychain credentials.Security Affairs
July 7, 2025 – Outage
Ingram Micro confirms ransomware behind multi-day outage Full Text
Abstract
The Safepay ransomware claimed to have accessed sensitive information, including financial statements, intellectual property, accounting records, lawsuits and complaints, personal and customer files, bank details, transactions, etc.The Register
July 7, 2025 – Botnet
New Hpingbot Exploits Pastebin for Payload Delivery and Uses Hping3 for DDoS Attacks Full Text
Abstract
NSFOCUS Fuying Lab’s Global Threat Hunting System has discovered a new botnet family called “hpingbot” that has been quickly expanding since June 2025, marking a significant shift in the cybersecurity scene.GBHackers
July 7, 2025 – General
New technique detects tampering or forgery of a PDF document Full Text
Abstract
With the PDF format being used as a formal means of communication in multiple industries, it has become a good target for criminals who wish to affect contracts or aid in misinformation.Help Net Security
July 7, 2025 – Vulnerabilities
ScriptCase Vulnerabilities Allow Remote Code Execution and Full Server Compromise Full Text
Abstract
Two critical vulnerabilities have been discovered in ScriptCase, a popular low-code PHP web application generator, which puts thousands of servers at risk of remote code execution and complete compromise.GBHackers
July 5, 2025 – Vulnerabilities
Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack Full Text
Abstract
Three critical vulnerabilities in Apache Tomcat (CVE-2025-24813) and Apache Camel (CVE-2025-27636, CVE-2025-29891) enable remote code execution (RCE), allowing attackers to hijack systems.Palo Alto Network
July 5, 2025 – Botnet
RondoDox Unveiled: Breaking Down a New Botnet Threat Full Text
Abstract
RondoDox is a new botnet threat that exploits two critical vulnerabilities: CVE-2024-3721 (TBK DVR models) and CVE-2024-12856 (Four-Faith router models). These vulnerabilities allow remote attackers to execute arbitrary commands.Fortinet
July 5, 2025 – Attack
China-linked attacker hit France’s critical infrastructure via trio of Ivanti zero-days last year Full Text
Abstract
A China-linked threat actor, UNC5174, exploited three Ivanti CSA zero-days (CVE-2024-8190, CVE-2024-8963, CVE-2024-9380) to target French critical infrastructure sectors from September to November 2024.CyberScoop
July 5, 2025 – Phishing
Scammers have a new tactic: impersonating DOGE Full Text
Abstract
The campaign targeted over 1,800 email addresses and more than 350 organizations, including colleges, universities, transit entities, and government bodies. The attackers aim to steal PII.Fedscoop
July 5, 2025 – Vulnerabilities
Critical Vulnerabilities in Grafana Image Renderer and Synthetic Monitoring Agent Full Text
Abstract
On July 3, 2025, Grafana issued a security advisory addressing critical vulnerabilities in two of its products: Grafana Image Renderer (versions prior to 3.12.9) and Synthetic Monitoring Agent (versions prior to 0.38.3).Government of Canada
July 5, 2025 – Attack
NTLM relay attacks are back from the dead Full Text
Abstract
NTLM relay attacks can compromise domain-joined hosts without requiring password cracking. These attacks can reach Tier Zero assets, significantly increasing the risk and potential damage.Help Net Security
July 4, 2025 – Breach
Hacker leaks Telefónica data allegedly stolen in a new breach Full Text
Abstract
A threat actor affiliated with the HellCat ransomware group has claimed responsibility for a significant data breach at Telefónica. The attacker, known as "Rey", alleges the exfiltration of over 106GB of sensitive internal data.Bleeping Computer
July 4, 2025 – Breach
City of Coppell, TX notifies 17K residents of data breach following ransomware attack Full Text
Abstract
The City of Coppell, Texas, has notified 16,835 residents of a data breach following a ransomware attack in October 2024. The breach exposed sensitive personal data, including Social Security numbers.Comparitech
July 4, 2025 – Government
Taiwan Flags Chinese Apps Over Data Security Violations Full Text
Abstract
Taiwan’s National Security Bureau (NSB) has issued a public warning following random inspections of five Chinese-developed mobile applications—TikTok, WeChat, Weibo, Baidu Cloud, and rednote—widely used by Taiwanese citizens.Infosecurity Magazine
July 4, 2025 – Vulnerabilities
Researchers Defeat Content Security Policy Protections via HTML Injection Full Text
Abstract
Security researchers have demonstrated a method to bypass nonce-based Content Security Policy (CSP) protections using HTML injection, CSS-based nonce leakage, and browser cache manipulation.GBHackers
July 3, 2025 – Malware
TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns Full Text
Abstract
Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader.The Hacker News
July 3, 2025 – Vulnerabilities
Wing FTP Server Vulnerability Allows Full Server Takeover by Attackers Full Text
Abstract
A critical vulnerability identified as CVE-2025-47812 affects Wing FTP Server versions v7.4.3 and earlier. Wing FTP released a security update on May 14, 2025, to address this issue. Proof-of-concept exploit code is publicly available.GBHackers
July 3, 2025 – Ransomware
Hunters International ransomware shuts down, releases free decryptors Full Text
Abstract
Hunters International, a prolific Ransomware-as-a-Service (RaaS) operation responsible for nearly 300 global attacks, has officially shut down. The group announced the closure on July 3, 2025, offering free decryption tools to victims.Bleeping Computer
July 3, 2025 – Ransomware
Cl0p Ransomware’s Exfiltration Process Exposes RCE Vulnerability Full Text
Abstract
A newly disclosed vulnerability in the Python-based data-exfiltration utility used by the notorious Cl0p ransomware group has exposed the cybercrime operation itself to potential attack. The vulnerability is rated 8.9 (High) on the CVSS 4.0 scale.GBHackers
July 3, 2025 – Vulnerabilities
ModSecurity WAF Vulnerability Enables DoS Using Empty XML Elements Full Text
Abstract
A newly disclosed vulnerability in ModSecurity, a widely used open-source web application firewall (WAF), exposes servers to denial-of-service (DoS) attacks by exploiting a flaw in the way the software parses empty XML elements.GBHackers
July 3, 2025 – Phishing
China-linked hackers spoof big-name brand websites to steal shoppers’ payment info Full Text
Abstract
A sophisticated phishing campaign, likely operated by China-based cybercriminals, is targeting global online shoppers through thousands of fraudulent retail websites impersonating major brands.The Record
July 2, 2025 – Outage
Medical device company Surmodics reports cyberattack, says it’s still recovering Full Text
Abstract
Surmodics, a Minnesota-based medical device manufacturer, reported a cyberattack discovered on June 5, 2025, which forced the company to shut down parts of its IT infrastructure.The Record
July 2, 2025 – Vulnerabilities
Cisco warns that Unified CM has hardcoded root SSH credentials Full Text
Abstract
The flaw involves hardcoded root SSH credentials that could allow unauthenticated remote attackers to gain root access to affected systems. Successful exploitation of this vulnerability allows attackers to log in remotely with root privileges.Bleeping Computer
July 2, 2025 – Cryptocurrency
Dozens of fake wallet add-ons flood Firefox store to drain crypto Full Text
Abstract
A large-scale malicious campaign has been uncovered involving over 40 fake cryptocurrency wallet extensions on the Firefox add-ons store. These extensions impersonate legitimate wallets to steal sensitive user data.Bleeping Computer
July 2, 2025 – General
Windows Shortcut (LNK) Malware Strategies Full Text
Abstract
Hackers are increasingly leveraging LNK files to deliver malware, with malicious LNK samples rising from 21,098 in 2023 to 68,392 in 2024. They exploit the flexibility of LNKs to execute malicious payloads while masquerading as legitimate files.Palo Alto Networks
July 2, 2025 – Breach
Dozens of Corporates Caught in Kelly Benefits Data Breach Full Text
Abstract
Kelly Benefits disclosed a significant data breach that affected over 553,000 individuals. The breach, which occurred in December 2024, has impacted dozens of corporate clients across critical sectors including healthcare and financial services.Infosecurity Magazine
July 2, 2025 – Breach
Qantas reveals data theft impacting six million customers Full Text
Abstract
Australian airline Qantas detected a cyberattack involving a third-party platform used by its contact center. The breach, publicly disclosed on July 2, 2025, potentially exposed personal data of up to six million customers.The Register
July 2, 2025 – Government
U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog Full Text
Abstract
The CISA added two vulnerabilities in TeleMessage TM SGNL to its KEV catalog. These flaws—CVE-2025-48927 and CVE-2025-48928—have been actively exploited in the wild and pose a significant risk to federal and private sector networks.Security Affairs
July 1, 2025 – Criminals
Aeza Group sanctioned for hosting ransomware, infostealer servers Full Text
Abstract
The U.S. Department of the Treasury has sanctioned Russian hosting provider Aeza Group and four of its operators for providing bulletproof hosting services to cybercriminals.Bleeping Computer
July 1, 2025 – Breach
Food Retailer Ahold Delhaize Discloses Data Breach Impacting 2.2m Full Text
Abstract
Ahold Delhaize, a major global food retailer, disclosed a ransomware attack on its US operations that exposed personal data of over 2.2 million individuals. The attack was detected on November 6, and primarily affected internal employment records.Infosecurity Magazine
July 1, 2025 – Policy and Law
Seven months for IT worker who trashed his work network Full Text
Abstract
A British IT worker has been sentenced to over seven months in prison after launching a retaliatory cyberattack against his employer’s network. Within hours of suspension, he began altering login names and passwords, disrupting internal operations.The Register
July 1, 2025 – Criminals
DOJ raids 29 ‘laptop farms’ in operation against North Korean IT worker scheme Full Text
Abstract
The DOJ launched a major crackdown on a North Korean IT worker scheme, conducting raids on 29 "laptop farms" across 16 states. These workers accessed sensitive data, including International Traffic in Arms Regulations (ITAR) information.The Record
July 1, 2025 – Criminals
Identities of More Than 80 Americans Stolen for North Korean IT Worker Scams Full Text
Abstract
A recent DOJ operation has uncovered a large-scale North Korean impersonation scheme involving the theft of over 80 American identities. These identities were used to fraudulently secure remote IT jobs at more than 100 U.S. companies.Wired
July 1, 2025 – General
Crypto Hack Losses in First Half of 2025 Exceed 2024 Total Full Text
Abstract
The first half of 2025 has seen a dramatic surge in cryptocurrency-related cybercrime, with total losses from scams, hacks, and exploits reaching approximately $2.47 billion. This figure already surpasses the total losses recorded in all of 2024.Infosecurity Magazine
July 1, 2025 – Vulnerabilities
Google fixes fourth actively exploited Chrome zero-day of 2025 Full Text
Abstract
Google has released an emergency update to patch CVE-2025-6554, a high-severity zero-day vulnerability in the Chrome V8 JavaScript engine. This marks the fourth actively exploited Chrome zero-day addressed in 2025.Bleeping Computer
July 1, 2025 – Attack
International Criminal Court targeted by new ‘sophisticated’ attack Full Text
Abstract
The International Criminal Court (ICC) has reported a new, sophisticated, and targeted cybersecurity incident, detected and contained through its internal alert and response mechanisms.The Record
July 1, 2025 – Breach
Johnson Controls starts notifying people affected by 2023 breach Full Text
Abstract
The ransomware attack forced Johnson Controls to shut down large portions of its IT infrastructure, severely impacting global operations and customer-facing systems. The initial breach occurred in Johnson Controls’ Asian offices in February 2023.Bleeping Computer
July 1, 2025 – Criminals
Europol helps disrupt $540 million crypto investment fraud ring Full Text
Abstract
Spanish authorities, with support from Europol and international partners, have dismantled a transnational cryptocurrency investment fraud ring responsible for laundering approximately $540 million and defrauding over 5,000 victims globally.Bleeping Computer
June 30, 2025 – Malware
Stealthy WordPress Malware Drops Windows Trojan via PHP Backdoor Full Text
Abstract
A stealthy malware campaign has been discovered targeting WordPress websites to deliver a Windows-based RAT through a PHP backdoor. The infection chain involves a malicious ZIP archive containing the trojan executable.Sucuri
June 30, 2025 – Phishing
CapCut Con: Apple Phishing & Card-Stealing Refund Ruse Full Text
Abstract
Threat actors are leveraging the popularity of CapCut, a widely used video editing app, to execute a sophisticated phishing campaign aimed at stealing Apple ID credentials and credit card information.Cofense
June 30, 2025 – General
NFC data for contactless payments are the new target. Here is what you need to know. Full Text
Abstract
Cybercriminals are increasingly targeting Near Field Communication (NFC) data used in contactless payments, leveraging sophisticated malware and social engineering tactics.ESET
June 30, 2025 – Phishing
TikTok Videos Promise Pirated Apps, Deliver Vidar and StealC Infostealers Instead Full Text
Abstract
A sophisticated social engineering campaign is exploiting TikTok to distribute the Vidar and StealC information-stealing malware. The campaign uses pirated software themes such as Windows OS, Microsoft Office, CapCut, and Spotify to lure users.TrendMicro
June 30, 2025 – Vulnerabilities
Bluetooth flaws could let hackers spy through your microphone Full Text
Abstract
Three Bluetooth vulnerabilities in Airoha chipsets affect 29 audio devices from 10 vendors: Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs, and Teufel.Bleeping Computer
June 30, 2025 – Breach
RansomHub Breach: Six-Day Attack Leveraged RDP, RMM Tools & Mimikatz for Data Exfiltration & Ransomware Full Text
Abstract
A threat actor exploited RDP misconfigurations and password spraying to deploy RansomHub ransomware. The attacker used legitimate administrative tools and Windows features to maintain stealth and efficiency throughout the operation.Security Online
June 28, 2025 – APT
Tracing Blind Eagle to Proton66 Full Text
Abstract
Blind Eagle, also known as APT-C-36, is a persistent threat actor that targets organizations across Latin America, with a particular focus on Colombian financial institutions.TrustWave
June 28, 2025 – Phishing
Fake DocuSign email hides tricky phishing attempt Full Text
Abstract
A sophisticated phishing campaign has been observed leveraging legitimate services such as DocuSign, Webflow, and Google to deceive users and conduct system reconnaissance.MalwareBytes
June 27, 2025 – Vulnerabilities
Hunt Electronic DVR Vulnerability Leaves Admin Credentials Unprotected Full Text
Abstract
A critical vulnerability (CVE-2025-6561) in Hunt Electronics’ hybrid DVRs (models HBF-09KD and HBF-16NK) allows unauthenticated remote attackers to access configuration files containing plaintext administrator credentials.GBHackers
June 27, 2025 – Outage
Hawaiian Airlines discloses cyberattack, flights not affected Full Text
Abstract
Hawaiian Airlines, the tenth-largest commercial airline in the United States, has disclosed a cybersecurity incident that disrupted access to some of its IT systems. The nature of the attack remains under investigation.Bleeping Computer
June 27, 2025 – Hacker
GIFTEDCROOK’s Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations Full Text
Abstract
Threat actor UAC-0226 is leveraging the evolving GIFTEDCROOK malware in an espionage campaign. Initially a browser credential stealer, GIFTEDCROOK has transformed into a robust surveillance tool targeting Ukrainian government and military entities.Artic Wolf
June 26, 2025 – Deepfake
N. Korean Group BlueNoroff Uses Deepfake Zoom Calls in Crypto Scams Full Text
Abstract
BlueNoroff, a North Korean state-sponsored APT group and a subgroup of the Lazarus Group, is conducting a sophisticated campaign targeting macOS users in the cryptocurrency sector.Security Boulevard
June 26, 2025 – Vulnerabilities
Decrement by one to rule them all: AsIO3.sys driver exploitation Full Text
Abstract
Two critical vulnerabilities in the ASUS AsIO3.sys driver (CVE-2025-1533 and CVE-2025-3464) allow local privilege escalation to SYSTEM level. These flaws affect ASUS Armory Crate and AI Suite applications.Talos Intelligence
June 26, 2025 – Breach
Freight forwarder Estes notifies data breach victims; ransomware gang takes credit Full Text
Abstract
Estes Forwarding Worldwide experienced a ransomware attack on May 28, 2025. The Qilin ransomware gang claimed responsibility, posting stolen documents including passport scans, driver’s licenses, and spreadsheets.CompariTech
June 26, 2025 – Criminals
US, France crack down on BreachForums with arrests, IntelBroker indictment Full Text
Abstract
Authorities in the United States and France have intensified their crackdown on the cybercrime marketplace BreachForums, arresting key figures and issuing indictments in a coordinated international effort to dismantle the platform’s operations.SCWorld
June 26, 2025 – Phishing
Microsoft 365 ‘Direct Send’ abused to send phishing as internal users Full Text
Abstract
A phishing campaign is actively exploiting Microsoft 365's "Direct Send" feature to send spoofed internal emails and steal user credentials. Direct Send, which allows unauthenticated email sending via a tenant's smart host, is a known security risk.Bleeping Computer
June 26, 2025 – Vulnerabilities
Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks Full Text
Abstract
A critical vulnerability in the Open VSX Registry (open-vsx[.]org) exposed millions of developers to potential supply chain attacks. If exploited, attackers could have gained full control over the Visual Studio Code extensions marketplace.The Hacker News
June 26, 2025 – Attack
MOVEit Transfer Systems Hit by Wave of Attacks Using Over 100 Unique IPs Full Text
Abstract
A significant surge in scanning and exploitation activity has been observed targeting Progress Software’s MOVEit Transfer platform. Over 682 unique IP addresses have been identified in scanning operations.GBHackers
June 26, 2025 – APT
Blind Eagle (APT-C-36) Exploits WebDAV and Dynamic DNS in Post-Patch Malware Campaign Targeting Colombia Full Text
Abstract
Blind Eagle (APT-C-36), a threat group active since 2018, has launched a new phishing campaign targeting Colombian organizations. The group uses phishing emails to deliver malware via malicious URLs.Dark Trace
June 26, 2025 – Attack
The Case of Hidden Spam Pages Full Text
Abstract
A campaign targeting WordPress websites involves attackers brute-forcing wp-admin credentials to deploy spam posts and pages for blackhat SEO purposes. The attackers use two malicious plugins to conceal their activity and maintain persistent access.Sucuri
June 26, 2025 – Vulnerabilities
Multiple Vulnerabilities in Cisco ISE and ISE-PIC Could Allow for Remote Code Execution Full Text
Abstract
Two critical vulnerabilities in Cisco Identity Services Engine (ISE) and ISE-PIC (versions 3.3 and later) could allow unauthenticated remote attackers to execute arbitrary code with root privileges.Center for Internet Society
June 25, 2025 – Hacker
Hackers Use Open-Source Tools to Attack Financial Businesses in Africa Full Text
Abstract
A threat actor group tracked as CL-CRI-1014 has been targeting financial institutions across Africa since at least 2023. These attackers function as initial access brokers (IABs), compromising networks and selling access on the dark web.Infosecurity Magazine
June 25, 2025 – Breach
Ransomware attack contributed to patient’s death, says Britain’s NHS Full Text
Abstract
A ransomware attack by the Qilin cybercrime group on Synnovis, a pathology service provider in London, severely disrupted NHS services in June 2023. The breach also exposed sensitive data of over 900,000 individuals.The Record
June 25, 2025 – Outage
Glasgow City Council impacted by ‘cyber incident’ Full Text
Abstract
Glasgow City Council has reported a cyber incident that has disrupted several of its online services and may have resulted in the exfiltration of customer data. The council has taken affected servers offline as a precautionary measure.The Record
June 25, 2025 – Vulnerabilities
Kubernetes NodeRestriction Flaw Lets Nodes Bypass Resource Authorization Full Text
Abstract
A vulnerability in Kubernetes, tracked as CVE-2025-4563, allows compromised nodes to bypass authorization checks for dynamic resource allocation. It can lead to privilege escalation in clusters where specific configurations are enabled.GBHackers
June 25, 2025 – Phishing
Sextortion email scammers increase their “Hello pervert” money demands Full Text
Abstract
A new variant of the long-running "sextortion" scam campaign has emerged, featuring increased ransom demands, spoofed email addresses, and references to Pegasus spyware. The email usually starts with “Hello pervert.”Malware Bytes
June 25, 2025 – Breach
Home Office anti-encryption site pushes payday loan scheme Full Text
Abstract
A UK government website originally created for the Home Office’s 2022 “No Place to Hide” anti-encryption campaign has been hijacked to promote a payday loan scheme. The campaign was initially expected to target Facebook Messenger.The Register
June 25, 2025 – Vulnerabilities
NVIDIA Megatron LM Flaw Allows Attackers to Inject Malicious Code Full Text
Abstract
NVIDIA addressed two high-severity vulnerabilities—CVE-2025-23264 and CVE-2025-23265—in open-source Megatron-LM framework, addressing . These flaws allow attackers to inject and execute malicious code via specially crafted files.GBHackers
June 25, 2025 – General
Black Hat SEO Poisoning Search Engine Results For AI Full Text
Abstract
Threat actors are exploiting the popularity of AI tools by using Black Hat SEO to poison search engine results and Vidar Stealer, Lumma Stealer, and Legion Loader through complex redirection chains and obfuscated JavaScript.ZScalar
June 25, 2025 – Breach
Leak of data belonging to 7.4 million Paraguayans traced back to infostealers Full Text
Abstract
A massive data breach has compromised the personal information of approximately 7.4 million Paraguayan citizens. The stolen data includes names, ID card numbers, dates of birth, professions, and certificates.The Record
June 25, 2025 – Botnet
Androxgh0st Botnet Expands Reach, Exploiting US University Servers Full Text
Abstract
The Androxgh0st botnet has significantly evolved since its emergence in early 2023, now leveraging a broader range of attack vectors and targeting misconfigured servers, particularly in academic institutions.Hack Read
June 24, 2025 – Attack
New FileFix attack weaponizes Windows File Explorer for stealthy commands Full Text
Abstract
A new social engineering technique called FileFix has emerged as a variant of the ClickFix attack, leveraging the Windows File Explorer address bar to stealthily execute malicious PowerShell commands.Bleeping Computer
June 24, 2025 – Malware
Dissecting a Malicious Havoc Sample Full Text
Abstract
A sophisticated variant of the Havoc Remote Access Trojan (RAT) was deployed in a targeted cyber intrusion against critical national infrastructure in the Middle East. This variant leverages a disguised remote injector to deploy the Havoc payload.Fortinet
June 24, 2025 – Vulnerabilities
Critical Convoy Flaw Allows Remote Code Execution on Servers Full Text
Abstract
A critical vulnerability (CVE-2025-52562) in Performave Convoy, a KVM server management panel used by hosting providers, allows unauthenticated remote attackers to execute arbitrary PHP code on affected systems.GBHackers
June 24, 2025 – Skimming
Advanced Malware Campaign Targets WordPress and WooCommerce Sites with Hidden Skimmers Full Text
Abstract
A sophisticated malware campaign has been uncovered targeting WordPress and WooCommerce platforms. The campaign involves over 20 malware variants focused on credit card skimming, credential theft, ad fraud, and further payload distribution.GBHackers
June 24, 2025 – Vulnerabilities
Xiaomi Interoperability App Flaw Allows Unauthorized Access to User Devices Full Text
Abstract
A critical vulnerability, tracked as CVE-2024-45347, has been identified in Xiaomi’s Mi Connect Service App, exposing millions of users to the risk of unauthorized access. The flaw is rated 9.6 on the CVSS scale.GBHackers
June 24, 2025 – Vulnerabilities
WinRAR Vulnerability Exploited with Malicious Archives to Execute Code Full Text
Abstract
A critical vulnerability in RARLAB’s WinRAR for Windows, tracked as CVE-2025-6218 with a CVSS score of 7.8 (High), allows attackers to execute arbitrary code by tricking users into opening specially crafted archive files.GBHackers
June 24, 2025 – Vulnerabilities
Aviatrix Cloud Controller Flaw Enables Remote Code Execution via Authentication Bypass Full Text
Abstract
Two critical vulnerabilities—CVE-2025-2171 and CVE-2025-2172—were discovered in Aviatrix Controller. These flaws enable full system compromise through an authentication bypass followed by command injection, affecting versions 7.2.5012.GBHackers
June 24, 2025 – Vulnerabilities
Notepad++ Vulnerability Allows Full System Takeover — PoC Released Full Text
Abstract
A critical privilege escalation vulnerability, CVE-2025-49144, has been identified in Notepad++ v8.8.1. This flaw allows attackers to gain full system control through a supply-chain attack by exploiting insecure search paths in the installer.GBHackers
June 24, 2025 – Vulnerabilities
HPE security advisory (AV25-365) - Canadian Centre for Cyber Security Full Text
Abstract
HPE issued a security advisory addressing a vulnerability in the HPE Telco Unified OSS Console. The affected versions include all releases prior to v3.1.16. Users and administrators should apply the necessary updates to mitigate potential risks.Government of Canada
June 24, 2025 – Government
CISA ICS security advisories (AV25–363) Full Text
Abstract
CISA published ICS advisories addressing vulnerabilities in several industrial control system products. These advisories cover multiple products from vendors including Dover Fueling Solutions, Fuji Electric, LS Electric, and Siemens.Government of Canada
June 23, 2025 – APT
Analysis of TAG-140 Campaign and DRAT V2 Development Targeting Indian Government Organizations Full Text
Abstract
A new Delphi-based variant of the DRAT remote access trojan, dubbed DRAT V2, has been deployed by TAG-140 (a subgroup of Transparent Tribe/APT36) in a campaign targeting Indian government entities.Recorded Future
June 23, 2025 – APT
Ukrainian Government Systems Targeted With Backdoors Hidden in Cloud APIs and Docs Full Text
Abstract
A sophisticated cyberattack campaign attributed to APT28 (Fancy Bear), a Russian GRU-linked threat actor, has targeted Ukrainian government systems. The campaign deployed two novel malware strains—BEARDSHELL and SLIMAGENT.The Cyber Express
June 23, 2025 – Malware
NCSC Issues Alert on ‘UMBRELLA STAND’ Malware Targeting Fortinet FortiGate Firewalls Full Text
Abstract
The NCSC issued an alert regarding a newly discovered malware dubbed UMBRELLA STAND, which targets internet-facing Fortinet FortiGate 100D firewalls. This malware is designed to establish persistent access to embedded network devices.GBHackers
June 23, 2025 – Malware
Threat Actors abuse signed ConnectWise application as malware builder Full Text
Abstract
A new malware campaign tracked as EvilConwi is actively abusing ConnectWise’s ScreenConnect software to distribute signed malware. This follows earlier exploitation of CVE-2024-1708 and CVE-2024-1709 in February 2024.GData Software
June 23, 2025 – Vulnerabilities
Amazon EKS Flaws Expose AWS Credentials and Enable Privilege Escalation Full Text
Abstract
Security researchers have identified critical vulnerabilities in Amazon Elastic Kubernetes Service (EKS) that could expose AWS credentials and enable privilege escalation. These flaws arise from misconfigured containers and excessive privileges.GBHackers
June 23, 2025 – Vulnerabilities
Critical Meshtastic Flaw Allows Attackers to Decrypt Private Messages Full Text
Abstract
A critical cryptographic vulnerability in the open-source Meshtastic project exposes users to message decryption and node hijacking risks. The issue affects multiple hardware platforms, increasing the scope of potential exposure.GBHackers
June 23, 2025 – Breach
Anubis Ransomware Lists Disneyland Paris as New Victim Full Text
Abstract
Anubis, a ransomware-as-a-service (RaaS) group that emerged in December 2024, has claimed responsibility for a significant data breach involving Disneyland Paris. The group alleges it exfiltrated 64GB of sensitive data.Hack Read
June 23, 2025 – Malware
Malicious WordPress Plugin Creates Hidden Admin User Backdoor Full Text
Abstract
A malicious WordPress plugin named php-ini.php was discovered that conditionally created a malicious admin user on infected websites. The plugin mimicked the legitimate wpforms plugin but only included a single file.Sucuri
June 23, 2025 – Botnet
Resurgence of the Prometei Botnet Full Text
Abstract
Prometei has evolved significantly, with its Linux variant gaining prominence since December 2020. As of March 2025, researchers have observed a renewed wave of Prometei botnet activity targeting Linux servers.Palo Alto Networks
June 23, 2025 – Vulnerabilities
Critical Authentication Bypass Vulnerability in Teleport (CVE-2025-49825) Affects SSH and Git Proxy Setups Full Text
Abstract
A critical authentication bypass vulnerability (CVE-2025-49825) has been identified in Teleport, an open-source platform used for secure access to infrastructure via SSH, RDP, Kubernetes, and other protocols.Fortiguard
June 21, 2025 – Vulnerabilities
IBM QRadar SIEM Bug Lets Attackers Run Arbitrary Commands Full Text
Abstract
IBM has released a critical security update for its QRadar SIEM platform following the discovery of multiple vulnerabilities, including a severe flaw that allows privileged users to execute arbitrary commands.GBHackers
June 21, 2025 – Malware
PowerShell Loaders Use In-Memory Execution to Evade Disk-Based Detection Full Text
Abstract
A newly discovered PowerShell-based shellcode loader, y1.ps1, was identified by Shenzhen Tencent Computer Systems Company Ltd. on June 1, 2025. This malware leverages advanced in-memory execution and evasion techniques.GBHackers
June 21, 2025 – Outage
Tonga Ministry of Health hit with cyberattack affecting website, IT systems Full Text
Abstract
Tonga’s Ministry of Health has suffered a ransomware attack that has crippled its National Health Information System, affecting hospital operations and public access to medical services.The Record
June 21, 2025 – Breach
Ransomware gang says it stole confidential files from Taos County, NM; demands ransom in 7 days Full Text
Abstract
The ransomware group Kairos has claimed responsibility for stealing 1.94 TB of sensitive data from the Taos County government in New Mexico. The group issued a 7-day ultimatum, threatening to sell or publicly release the data if a ransom is not paid.CompariTech
June 21, 2025 – Outage
Russian dairy supply disrupted by cyberattack on animal certification system Full Text
Abstract
A significant cyberattack has disrupted Russia’s Mercury platform, a critical component of the country’s Federal State Information System for Veterinary Surveillance (VetIS). The platform was taken offline.The Record
June 21, 2025 – Malware
New Mocha Manakin Malware Deploys NodeInitRAT via Clickfix Attack Full Text
Abstract
A newly identified cyber threat, Mocha Manakin, leverages social engineering and a custom NodeJS-based backdoor named NodeInitRAT to compromise systems. This threat uses deceptive paste-and-run tactics to bypass security controls and deliver malware.HackRead
June 20, 2025 – Malware
Famous Chollima deploying Python version of GolangGhost RAT Full Text
Abstract
PylangGhost is tailored for Windows, while the Golang version targets MacOS. The threat actors target professionals in cryptocurrency and blockchain industries, mostly in India, using fake job interviews.Talos Intelligence
June 20, 2025 – Ransomware
Qilin’s ‘on-call lawyer’ capability is fooling no one Full Text
Abstract
Qilin introduced a controversial new feature in its affiliate panel—a "Call lawyer" button. This feature is designed to provide affiliates with access to legal experts who can assist in ransom negotiations by advising on legal implications.The Register
June 20, 2025 – APT
APT36 Phishing Campaign Targets Indian Defense Using Credential-Stealing Malware Full Text
Abstract
APT36 is conducting a targeted phishing campaign against Indian defense personnel. The campaign uses spear-phishing emails with malicious PDF attachments that mimic official government documents to deliver credential-stealing malware.Cyfirma
June 20, 2025 – Attack
Russian Hackers Exploit Oracle Cloud Infrastructure to Target Scaleway Object Storage Full Text
Abstract
Russian threat actors have been leveraging trusted cloud infrastructure platforms like Oracle Cloud Infrastructure (OCI) Object Storage and Scaleway Object Storage to propagate sophisticated attacks using the Lumma Stealer malware.GBHackers
June 19, 2025 – Malware
Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication Full Text
Abstract
Amatera Stealer is a rebranded and significantly enhanced version of ACR Stealer, now distributed as a malware-as-a-service (MaaS). It features advanced evasion techniques, dynamic payload delivery, and a stealthy command-and-control (C2) mechanism.ProofPoint
June 19, 2025 – Denial Of Service
Active Exploitation of CVE-2024-3721 in TBK DVRs Enables Botnet-Driven DDoS Attacks Full Text
Abstract
A critical command injection vulnerability, CVE-2024-3721, in TBK DVR devices is being actively exploited by multiple botnet operators. This flaw enables unauthenticated remote code execution via crafted HTTP requests.Fortiguard
June 19, 2025 – Malware
Malicious WordPress Plugin ‘wordpress-player.php’ Redirects Users via Hidden Video and WebSocket C2 Full Text
Abstract
A new malicious WordPress plugin named wordpress-player.php has been discovered, designed to covertly redirect site visitors to suspicious domains. At least 26 websites have been confirmed as infected, indicating a growing campaign.Sucuri
June 19, 2025 – Deepfake
North Korean hackers deepfake execs in Zoom call to spread Mac malware Full Text
Abstract
A new campaign by the North Korean APT group BlueNoroff (also known as TA444 or Sapphire Sleet) leverages deepfake videos of company executives during Zoom calls to distribute custom macOS malware.Bleeping Computer
June 17, 2025 – Malware
Multi-Stage Malware Attack on PyPI: “chimera-sandbox-extensions” Malicious Package Threatens Chimera Sandbox Users Full Text
Abstract
A malicious Python package named chimera-sandbox-extensions was discovered on PyPI, targeting developers using the chimera-sandbox environment. The package is designed to steal sensitive infrastructure-specific data.JFrog
June 17, 2025 – Breach
Freedman HealthCare targeted by cyber extortionists Full Text
Abstract
A cyber extortion group known as World Leaks has claimed responsibility for a significant data breach at Freedman HealthCare. The attackers allege they have exfiltrated 52.4 GB of sensitive data comprising 42,204 files.The Register
June 17, 2025 – Malware
Malicious Windows Executable Hidden in JPEG Image via Steganography and Base64 Obfuscation Full Text
Abstract
A recent discovery has revealed a sophisticated steganographic technique used to embed a malicious Windows executable within a JPEG image. The payload was hidden using Base64 obfuscation and detected through dynamic analysis.Sans