– layout: default title: Welcome nav_order: 1 description: “Just the Docs is a responsive Jekyll theme with built-in search that is easily customizable and hosted on GitHub Pages.” permalink: / —
Welcome to BSafes Library
BSafes library includes mobile-friendly cybersecurity publications.
News
June 10, 2025 – Vulnerabilities
CVE-2025-4275: Insyde H2O UEFI Vulnerability Enables Certificate Injection via Unprotected NVRAM Variable Full Text
Abstract
A critical vulnerability (CVE-2025-4275) in Insyde H2O UEFI firmware allows attackers to inject unauthorised digital certificates via an unprotected NVRAM variable. This flaw enables the execution of arbitrary firmware during the early boot process.CERT
June 10, 2025 – Vulnerabilities
Critical Vulnerabilities in Ivanti Workspace Control Allow Credential Decryption via Hardcoded Keys Full Text
Abstract
Ivanti has released critical patches for three high-severity vulnerabilities in its Workspace Control software. These flaws are identified as CVE-2025-5353, CVE-2025-22463, and CVE-2025-22455.Ivanti
June 10, 2025 – Vulnerabilities
Critical Privilege Escalation and Remote Code Execution Vulnerability in ISPConfig 3.2.12p1 Full Text
Abstract
A critical vulnerability in ISPConfig version 3.2.12p1 enables authenticated attackers to escalate privileges to superadmin and execute arbitrary PHP code remotely. ISPConfig segregates users into clients, resellers, admins, and a unique superadmin.SSD Disclosure
June 9, 2025 – Vulnerabilities
New Salesforce SOQL Injection 0-Day Vulnerability Exposes Millions of Deployments Full Text
Abstract
A critical SOQL injection vulnerability was discovered in Salesforce's default Aura controller, potentially exposing millions of user records across thousands of deployments.Cyber Express
June 9, 2025 – Vulnerabilities
NICKNAME: Zero-Click iMessage Exploit Targeted Key Figures in US, EU Full Text
Abstract
A critical zero-click vulnerability in Apple’s iMessage service, dubbed NICKNAME, has been discovered and exploited in targeted attacks against high-value individuals in the US and EU.HackRead
June 9, 2025 – Phishing
Over 20 Malicious Apps on Google Play Target Users for Seed Phrases Full Text
Abstract
A coordinated phishing campaign has been discovered on the Google Play Store, involving over 20 malicious Android applications impersonating popular cryptocurrency wallets. These apps are designed to steal users’ 12-word mnemonic phrases.HackRead
June 9, 2025 – Phishing
Malware found in NPM packages with 1 million weekly downloads Full Text
Abstract
A major supply chain attack has compromised 16 popular Gluestack 'react-native-aria' packages on NPM, affecting nearly 960,000 weekly downloads. The attack involves the injection of obfuscated remote access trojan (RAT) code.Bleeping Computer
June 9, 2025 – Vulnerabilities
Critical Path Traversal and RCE Vulnerabilities Patched in Metasploit 6.4.68 Update Full Text
Abstract
Rapid 7
June 9, 2025 – Breach
Tax resolution firm Optima Tax Relief hit by ransomware, data leaked Full Text
Abstract
Optima Tax Relief, a prominent U.S.-based tax resolution firm, has been targeted in a ransomware attack by the Chaos ransomware gang. The attackers employed a double-extortion strategy, encrypting servers and exfiltrating sensitive data.Bleeping Computer
June 7, 2025 – Malware
New Rust-Developed InfoStealer Drains Sensitive Data from Chromium-Based Browsers Full Text
Abstract
A newly discovered Rust-based malware, dubbed RustStealer, poses a significant threat to users of Chromium-based browsers like Google Chrome and Microsoft Edge. It extracts sensitive data such as login credentials, cookies, and browsing history.GBHackers
June 7, 2025 – Vulnerabilities
Microsoft Unveils European Security Effort to Disrupt Cybercrime Networks Full Text
Abstract
A critical heap-based buffer overflow vulnerability, tracked as CVE-2025-24993, has been discovered in the Windows NTFS driver. Actively exploited as a zero-day, this flaw allows attackers to execute arbitrary code.GBHackers
June 7, 2025 – Vulnerabilities
Jenkins Gatling Plugin Vulnerability Addressed in Security Advisory AV25-321 Full Text
Abstract
On June 6, 2025, Jenkins published a security advisory addressing a vulnerability in the Gatling Plugin. The Canadian Centre for Cyber Security (CCCS) urges users and administrators to apply the necessary updates to mitigate potential risks.Government of Canada
June 7, 2025 – Breach
Sensata notifies victims of ransomware data breach that compromised SSNs, financial and medical info Full Text
Abstract
Sensata Technologies, a U.S.-based industrial tech firm, has disclosed a ransomware attack that compromised sensitive personal data, including Social Security numbers, financial account details, and medical information.CompariTech
June 7, 2025 – Vulnerabilities
Critical Fortinet flaws now exploited in Qilin ransomware attacks Full Text
Abstract
Qilin RaaS is now exploiting two critical Fortinet vulnerabilities—CVE-2024-21762 and CVE-2024-55591—to bypass authentication and deploy ransomware. These impacted high-profile organizations and are currently targeting Spanish-speaking countriesBleeping Computer
June 7, 2025 – Vulnerabilities
Critical RCE Flaw Found in HPE Insight Remote Support Tool Full Text
Abstract
Hewlett-Packard Enterprise (HPE) has released a critical security update addressing three high-severity vulnerabilities in its Insight Remote Support (IRS) software, versions prior to 7.15.0.646.GBHackers
June 7, 2025 – Vulnerabilities
Critical FreeRTOS-Plus-TCP Flaw Allows Code Execution or System Crash Full Text
Abstract
A critical memory corruption vulnerability, tracked as CVE-2025-5688 and rated 8.4 (High) on the CVSS scale, has been identified in FreeRTOS-Plus-TCP, Amazon’s open-source TCP/IP stack used in embedded and IoT devices.GBHackers
June 7, 2025 – Vulnerabilities
Critical RCE Vulnerability in AWS Amplify Studio – PoC Now Public Full Text
Abstract
A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-4318 and rated 9.5 on the CVSS scale, has been disclosed in the @aws-amplify/codegen-ui package used by AWS Amplify Studio.GBHackers
June 7, 2025 – Vulnerabilities
PoC Exploit Released for Apache Tomcat HTTP/2 DoS Vulnerability CVE-2025-31650 Full Text
Abstract
A critical memory leak vulnerability in Apache Tomcat’s HTTP/2 implementation (CVE-2025-31650) has been weaponized, enabling unauthenticated denial-of-service (DoS) attacks via malformed priority headers.NIST
June 7, 2025 – Criminals
Paste.ee Abuse Uncovered: XWorm & AsyncRAT Infrastructure Full Text
Abstract
Cybercriminals are exploiting the trusted text-sharing platform Paste.ee to deliver sophisticated malware strains, including XWorm and AsyncRAT. These campaigns leverage phishing emails and social engineering to distribute malicious payloads.Hunt
June 5, 2025 – Vulnerabilities
Critical Vulnerabilities in Dell PowerScale OneFS Allow Unauthorized Remote and Local Access Full Text
Abstract
Dell Technologies has released a critical security advisory (DSA-2025-208) addressing multiple flaws in its PowerScale OneFS. The most severe, CVE-2024-53298, allows unauthenticated remote attackers to access and manipulate the file system.GBHackers
June 5, 2025 – Phishing
Rhadamanthys Infostealer Delivered via Copyright-Themed Phishing Campaign Targeting Europe Full Text
Abstract
Since April 2025, the campaign has been opportunistically targeting entities in Albania, Austria, Bulgaria, Germany, Greece, Hungary, Ireland, Israel, Italy, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and the United Kingdom.KnowBe4
June 5, 2025 – Malware
Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine Full Text
Abstract
Researchers observed the deployment of PathWiper via a legitimate endpoint administration framework. The attackers likely had access to the admin console, which was used to push both the VBScript and the PathWiper executable to the endpoints.Talos Intelligence
June 5, 2025 – Vulnerabilities
Cisco warns of ISE and CCP flaws with public exploit code Full Text
Abstract
Cisco has released patches for three vulnerabilities in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP), all of which have public proof-of-concept exploit code.Bleeping Computer
June 5, 2025 – Attack
Ukraine’s military intelligence claims cyberattack on Russian strategic bomber maker Full Text
Abstract
Ukraine’s military intelligence agency (HUR) has claimed responsibility for a cyberattack on Russia’s state-owned aircraft manufacturer Tupolev. The operation reportedly resulted in the exfiltration of over 4.4 GB of sensitive data.The Record
June 5, 2025 – Phishing
Hive0131 Targets Colombian Users with DCRat Banking Trojan via Phishing Campaigns Full Text
Abstract
A financially motivated threat group, Hive0131, has launched a targeted phishing campaign in Colombia, impersonating the Judiciary of Colombia to distribute the DCRat banking trojan.GBHackers
June 5, 2025 – Malware
Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads Full Text
Abstract
A new variant of the Chaos RAT, an open-source remote access trojan written in Golang and inspired by frameworks like Cobalt Strike and Sliver, is actively targeting both Windows and Linux systems.The Hacker News
June 5, 2025 – Vulnerabilities
Thousands of Internet-Exposed Solar Power Devices Pose Critical Infrastructure Risk Full Text
Abstract
These devices, manufactured by 42 different vendors, include essential components for solar energy operations and are often exposed due to poor asset visibility and management.Cybersecurity Dive
June 5, 2025 – Malware
What 17,845 GitHub Repos Taught Us About Malicious MCP Servers Full Text
Abstract
A recent audit of nearly 18,000 Model Context Protocol (MCP) servers on GitHub revealed that 1,408 repositories may have been intentionally designed for malicious purposes.Virus Total
June 5, 2025 – Phishing
Malicious GitHub Repositories Impersonate Malware Tools and Game Cheats to Distribute Backdoors Full Text
Abstract
Cybersecurity researchers have uncovered a widespread campaign involving over 130 malicious GitHub repositories created by a threat actor using the alias "ischhfd83." These repositories impersonated malware tools and game cheats to lure users.Infosecurity Magazine
June 3, 2025 – Vulnerabilities
Critical Vulnerabilities in ABB Welcome IP-Gateway Products (AV25-311) Full Text
Abstract
On June 2, a security advisory was issued addressing critical vulnerabilities in ABB Welcome IP-Gateway product line. The vulnerabilities could potentially allow unauthorized access or other malicious activity within industrial control systems.Government of Canada
June 3, 2025 – Breach
North Carolina clinics notify 23K people of data breach; SSNs, financial and medical info leaked Full Text
Abstract
Compassion Health Care (CHC), a healthcare provider in North Carolina, has disclosed a ransomware attack that compromised the personal and medical data of 23,282 individuals.CompariTech
June 3, 2025 – Phishing
Fake Docusign Pages Deliver Multi-Stage NetSupport RAT Malware Full Text
Abstract
A sophisticated malware campaign has been uncovered that leverages spoofed DocuSign CAPTCHA verification pages to deliver the NetSupport RAT. It employs clipboard poisoning to trick users into executing malicious PowerShell scripts.Infosecurity Magazine
June 3, 2025 – Vulnerabilities
Multiple Vulnerabilities in SAP GuiXT Scripting Full Text
Abstract
Multiple critical vulnerabilities have been identified in SAP GuiXT scripting, enabling attackers to execute remote code, steal NTLM hashes, perform Client-Side Request Forgery (CSRF), and cause Denial-of-Service (DoS).SecLists
June 3, 2025 – Vulnerabilities
Safari XSS Vulnerability Exploits JavaScript TypeError Handling for Arbitrary Code Execution Full Text
Abstract
A novel cross-site scripting (XSS) technique has been identified in Safari that leverages JavaScript TypeError messages to execute arbitrary code. This method exploits Safari’s failure to escape embedded quotes in error messages.The Spanner
June 3, 2025 – Vulnerabilities
Lost in Resolution: Azure OpenAI’s DNS Resolution Issue Full Text
Abstract
A DNS misconfiguration in Azure OpenAI's domain resolution logic exposed a critical vulnerability that could have enabled cross-tenant data leaks and meddler-in-the-middle (MitM) attacks.Palo Alto Networks
June 3, 2025 – Malware
Android malware Crocodilus adds fake contacts to spoof trusted callers Full Text
Abstract
Crocodilus, a sophisticated Android malware, has evolved with new social engineering and evasion techniques. Initially observed in Turkey, it has now expanded globally, targeting users across all continents.Bleeping Computer
June 3, 2025 – Malware
Malicious NPM Packages Exploit Ethereum Wallets with Obfuscated JavaScript Full Text
Abstract
A new malware campaign is exploiting the NPM ecosystem to target Ethereum wallet users by distributing malicious packages with advanced JavaScript obfuscation techniques.GBHackers
June 3, 2025 – Ransomware
Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques Full Text
Abstract
A new ransomware variant named Lyrix is targeting Windows systems with advanced evasion and encryption techniques. It poses a significant threat to both individuals and enterprises by encrypting critical files and demanding cryptocurrency ransoms.GBHackers
June 3, 2025 – Vulnerabilities
New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch Full Text
Abstract
Google has released an emergency out-of-band update to patch a high-severity zero-day vulnerability (CVE-2025-5419) in its Chrome browser. The flaw, which affects the V8 JavaScript and WebAssembly engine, has been actively exploited in the wild.THe Hacker News
June 2, 2025 – Hacker
Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says Full Text
Abstract
BO Team (Black Owl) is a pro-Ukraine hacktivist group that has emerged as a significant cyber threat to Russian state institutions and critical industries. BO Team employs a sophisticated and patient approach to cyberattacks.The Record
June 2, 2025 – Breach
Next Step Healthcare data breach leaks patients’ SSNs, medical records, and credit cards Full Text
Abstract
Next Step Healthcare, a provider of nursing and rehabilitation services in Massachusetts, experienced a ransomware attack in June 2024 that compromised sensitive patient data.CompariTech
June 2, 2025 – Malware
Acreed Emerges as Dominant Infostealer Threat Following Lumma Takedown Full Text
Abstract
Acreed, a new infostealer malware strain, has rapidly risen to prominence in the cybercriminal ecosystem following the global takedown of Lumma Stealer (LummaC2) in May 2025.Infosecurity Magazine
June 2, 2025 – Vulnerabilities
50,000+ Azure AD Users Exposed via Unsecured API: BeVigil Uncovers Critical Flaw Full Text
Abstract
A critical security vulnerability was discovered in an aviation company’s infrastructure. The flaw involved an unauthenticated API endpoint embedded in a JavaScript file, which issued Microsoft Graph tokens with elevated privileges.CloudSek
June 2, 2025 – Malware
Hackers Weaponize Free SSH Client PuTTY to Deliver Malware on Windows Full Text
Abstract
A new malware campaign exploits OpenSSH, which has been a default component in Windows since version 1803, to establish stealthy and persistent access on compromised systems.GBHackers
June 2, 2025 – Vulnerabilities
Qualcomm fixes three Adreno GPU zero-days exploited in attacks Full Text
Abstract
Qualcomm has released security patches addressing three zero-day vulnerabilities in its Adreno GPU drivers—CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038—that are currently under active exploitation in targeted attacks.Bleeping Computer
June 2, 2025 – Criminals
Police takes down AVCheck site used by cybercriminals to scan malware Full Text
Abstract
An international law enforcement operation has dismantled AVCheck, a major Counter Antivirus (CAV) service used by cybercriminals to test malware against commercial antivirus solutions.Bleeping Computer
June 2, 2025 – Denial Of Service
DDoS incident disrupts internet for thousands in Moscow Full Text
Abstract
A significant Distributed Denial-of-Service (DDoS) attack targeted Russian internet service provider ASVT, disrupting internet access for tens of thousands of residents in Moscow and surrounding areas.The Record
June 2, 2025 – Vulnerabilities
Severe Vulnerabilities in Consilium CS5000 Fire Panels Allow Remote System Takeover Full Text
Abstract
On May 29, 2025, CISA issued alert ICSA-25-148-03 disclosing two critical vulnerabilities in the Consilium Safety CS5000 Fire Panel, a widely used industrial control system in safety-critical environments.GBHackers
June 2, 2025 – Criminals
U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation Full Text
Abstract
On May 27, 2025, a coordinated international law enforcement operation led by the DoJ, in collaboration with Dutch and Finnish authorities, resulted in the seizure of three publicly disclosed domains—AvCheck[.]net, Cryptor[.]biz, and Crypt[.]guru.The Hacker News
May 30, 2025 – Attack
Hackers Use Gh0st RAT to Hijack Internet Café Systems for Crypto Mining Full Text
Abstract
A sophisticated malware campaign has been targeting South Korean Internet cafés since mid-2024, exploiting management software to deploy Gh0st RAT and T-Rex CoinMiner for unauthorized cryptocurrency mining.GBHackers
May 30, 2025 – Breach
Threat Actor Claims TikTok Breach, Puts 428 Million Records Up for Sale Full Text
Abstract
A newly emerged threat actor, “Often9,” has claimed to possess a dataset containing 428 million unique TikTok user records. The data is allegedly being sold on a prominent cybercrime forum and includes sensitive, non-public user information.HackRead
May 30, 2025 – Hacker
Earth Lamia Develops Custom Arsenal to Target Multiple Industries Full Text
Abstract
A Chinese threat actor group known as Earth Lamia has been actively exploiting known vulnerabilities in public-facing web applications to compromise organizations across sectors such as finance, government, IT, logistics, retail, and education.Trend Micro
May 30, 2025 – Attack
Hackers give Botetourt County Schools 2 weeks to pay ransom after cyber attack Full Text
Abstract
A ransomware attack attributed to the Qilin group has targeted Botetourt County Public Schools (BCPS) in Virginia. The attackers claim to have exfiltrated 315 GB of sensitive data.CompariTech
May 30, 2025 – Phishing
Nifty.com Used as Phishing Infrastructure: How Raven Detected Abuse of Trusted Infrastructure Full Text
Abstract
A sophisticated phishing campaign has been uncovered leveraging the legitimate infrastructure of Japanese ISP Nifty[.]com. This multi-wave operation bypassed traditional email defenses by exploiting trusted domains and authentication protocols.Raven Mail
May 30, 2025 – Vulnerabilities
Critical Hardcoded Credential Vulnerabilities in Consilium Salwico CS5000 Fire Panels Full Text
Abstract
Critical vulnerabilities in Consilium Salwico CS5000 fire panels expose maritime vessels to severe operational risks. Hardcoded SSH and VNC credentials allow remote access, potentially disabling fire detection systems.Pentest Partners
May 29, 2025 – Malware
New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers Full Text
Abstract
A newly discovered Remote Access Trojan (RAT) targeting Windows systems employs corrupted DOS and PE headers to evade detection and hinder analysis. The malware was found running undetected for several weeks on a compromised host.The Hacker News
May 29, 2025 – Breach
ConnectWise Confirms Hack, “Very Small Number” of Customers Affected Full Text
Abstract
ConnectWise has confirmed a cyberattack on its ScreenConnect remote access platform, attributed to a sophisticated nation-state threat actor. The breach affected a limited number of customersInfosecurity Magazine
May 29, 2025 – Vulnerabilities
Apache InLong JDBC Vulnerability Enables Deserialization of Untrusted Data Full Text
Abstract
A moderate-severity vulnerability, CVE-2025-27522, has been identified in Apache InLong versions 1.13.0 through 2.1.0. It allows deserialization of untrusted data during JDBC verification, enabling attackers to bypass security mechanisms.GBHackers
May 29, 2025 – Criminals
Cybercriminals camouflaging threats as AI tool installers Full Text
Abstract
Cybercriminals are distributing malware disguised as AI tool installers, targeting users seeking AI solutions. Cisco Talos has identified three major threats: CyberLock ransomware, Lucky_Gh0$t ransomware, and a destructive malware named Numero.Talos Intelligence
May 28, 2025 – Vulnerabilities
XenServer Windows VM Tools Flaw Enables Attackers to Run Arbitrary Code Full Text
Abstract
Citrix has disclosed three high-severity vulnerabilities (CVE-2025-27462, CVE-2025-27463, CVE-2025-27464) in XenServer VM Tools for Windows, enabling attackers to escalate privileges within guest Windows VMs.GBHackers
May 28, 2025 – Breach
Data broker giant LexisNexis says breach exposed personal information of over 364,000 people Full Text
Abstract
LexisNexis Risk Solutions has disclosed a significant data breach that compromised the personal information of over 364,000 individuals. The breach involved unauthorized access to a third-party software development platform used by the company.Tech Crunch
May 28, 2025 – Vulnerabilities
Threat Actors Weaponizing DCOM to harvest credentials on Windows systems Full Text
Abstract
A new stealthy attack technique is leveraging Distributed Component Object Model (DCOM) objects on Windows systems to harvest credentials without deploying payloads or triggering traditional security alerts.GBHackers
May 28, 2025 – Phishing
Phishing Campaign Spoofs Coursera to Steal Facebook Credentials via Fake Meta Certificate Offer Full Text
Abstract
A sophisticated phishing campaign has been uncovered that impersonates Coursera and offers a free Meta Social Media Marketing certificate to lure victims into a multi-stage phishing trap.Cofense
May 28, 2025 – Malware
Zanubis Android Banking Trojan Evolves with Silent Installation and Credential Theft Capabilities Full Text
Abstract
Zanubis is a sophisticated Android banking Trojan active since 2022, targeting Peruvian financial institutions. It masquerades as legitimate apps to trick users into granting accessibility permissions, enabling full device control.Secure List
May 28, 2025 – Attack
Chinese spies blamed for attempted hack on Czech government network Full Text
Abstract
The Record
May 28, 2025 – Attack
251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch Full Text
Abstract
Researchers observed a coordinated cloud-based scanning operation involving 251 Amazon-hosted IP addresses geolocated in Japan. They targeted 75 known exposure points across various technologies, exploiting multiple high-severity vulnerabilities.The Hacker News
May 28, 2025 – Phishing
Crooks use a fake antivirus site to spread Venom RAT and a mix of malware Full Text
Abstract
A malicious campaign is distributing Venom RAT via a fake Bitdefender website (bitdefender-download[.]com), tricking users into downloading malware disguised as antivirus software.Security Affairs
May 28, 2025 – Government
CISA Publishes ICS Advisories Highlighting New Vulnerabilities and Exploits Full Text
Abstract
On May 27, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued ICS advisory ICSA-25-146-01, disclosing a high-severity vulnerability (CVE-2025-26383) in the Johnson Controls iSTAR Configuration Utility (ICU) Tool.GBHackers
May 28, 2025 – Vulnerabilities
Chrome 137 Fixes Critical Use-After-Free and Memory Corruption Vulnerabilities Full Text
Abstract
Google has released Chrome version 137.0.7151.55/56 to the stable channel for Windows, Mac, and Linux, addressing 11 security vulnerabilities. This update includes critical patches for memory corruption issues and API implementation flawsMay 27, 2025 – Vulnerabilities
Unpatched Critical Vulnerability in TI WooCommerce Wishlist Plugin Full Text
Abstract
A critical unauthenticated arbitrary file upload vulnerability, tracked as CVE-2025-47577, has been discovered in the TI WooCommerce Wishlist plugin for WordPress. The flaw affects all versions up to and including 2.9.2.Patch Stack
May 27, 2025 – Malware
AppleProcessHub macOS Malware Steals Sensitive Data Using Advanced Evasion and C2 Techniques Full Text
Abstract
A newly identified macOS malware, AppleProcessHub, is actively targeting Apple systems to steal sensitive data. This sophisticated stealer demonstrates advanced evasion and persistence techniques, signaling a growing threat to macOS environments.Kandji
May 27, 2025 – APT
Velvet Chollima APTHackers Target Government Officials Using Weaponized PDFs Full Text
Abstract
A new cyber-espionage campaign attributed to the North Korean APT group Velvet Chollima has been identified, targeting South Korean government officials and organizations across North America, South America, Europe, and East Asia.GBHackers
May 27, 2025 – Hacker
Russia-Affiliated Threat Actor Void Blizzard Targets NATO and Ukraine with Credential Theft and Cloud Abuse Full Text
Abstract
A newly identified Russia-affiliated threat actor, Void Blizzard (also known as LAUNDRY BEAR), has been conducting widespread cyberespionage operations targeting critical sectors across NATO member states and Ukraine.Microsoft
May 27, 2025 – Attack
DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers Full Text
Abstract
A recent targeted ransomware attack leveraged vulnerabilities in SimpleHelp remote monitoring and management (RMM) software to compromise a Managed Service Provider (MSP) and its clients.Sophos
May 27, 2025 – Malware
GhostSpy Android Malware Grants Full Device Control and Evades Detection Full Text
Abstract
GhostSpy is a newly identified Android malware that poses a severe threat to mobile security by granting attackers full control over infected devices. It employs advanced evasion, persistence, and surveillance techniques.Cyfirma
May 27, 2025 – Vulnerabilities
Arm Mali GPU Vulnerability Enables Bypass of MTE and Arbitrary Kernel Code Execution Full Text
Abstract
A critical vulnerability, CVE-2025-0072, has been identified in the Arm Mali GPU driver, affecting devices using the Command Stream Frontend (CSF) architecture, including Google Pixel 7, 8, and 9 series.GBHackers
May 27, 2025 – Vulnerabilities
Critical GitHub MCP Server Vulnerability Allows Unauthorized Access to Private Repositories Full Text
Abstract
A critical vulnerability in the GitHub MCP integration has been discovered, exposing private repository data through prompt injection attacks. This flaw affects users leveraging coding agents and IDEs integrated with GitHub MCP.GBHackers
May 27, 2025 – Vulnerabilities
Hackers Exploit HTTP/2 Flaw to Launch Arbitrary Cross-Site Scripting Attacks Full Text
Abstract
Researchers have uncovered critical vulnerabilities in HTTP/2 server push and Signed HTTP Exchange (SXG) that allow attackers to bypass the Same-Origin Policy (SOP). These flaws enable off-path attacks.GBHackers
May 27, 2025 – Malware
SilverRAT Remote Access Trojan Source Code Leaked on GitHub Full Text
Abstract
The full source code of SilverRAT was briefly leaked on GitHub under the repository “SilverRAT-FULL-Source-Code” before being swiftly removed. The leak included complete build instructions, Visual Studio solution files, and a READMEHackRead
May 26, 2025 – Phishing
Fake Zenmap. WinMRT sites target IT staff with Bumblebee malware Full Text
Abstract
Fake Zenmap and WinMRT websites are targeting IT staff with malware through SEO poisoning campaigns. These sites distribute trojanized installers for popular tools like Zenmap and WinMTR.Bleeping Computer
May 26, 2025 – Malware
De-obfuscating ALCATRAZ Full Text
Abstract
Elastic Security Labs identified a new malware family called DOUBLELOADER, which uses the ALCATRAZ obfuscator for evasion and pairs with the RHADAMANTHYS infostealer. DOUBLELOADER employs multiple obfuscation techniques such as LEA obfuscation.Elastic
May 26, 2025 – Malware
Case of Larva-25004 Group (Related to Kimsuky) Exploiting Additional Certificate - Malware Signed with Nexaweb Certificate - ASEC Full Text
Abstract
ASEC has discovered malware signed with the certification of Nexaweb Inc. by investigating a file with the same characteristics as the one signed with a Korean company’s certificate.AhnLab
May 26, 2025 – Phishing
Fake Google Meet Page Tricks Users into Running PowerShell Malware Full Text
Abstract
A fake Google Meet page was discovered, designed to trick users into running a malicious PowerShell command under the guise of fixing a "Microphone Permission Denied" error.Sucuri
May 26, 2025 – Vulnerabilities
Oracle TNS Flaw Exposes System Memory to Unauthorized Access Full Text
Abstract
Oracle has patched a medium-severity vulnerability (CVE-2025-30733) in its Transparent Network Substrate (TNS) protocol, which could allow unauthenticated remote attackers to access sensitive system memory.GBHackers
May 26, 2025 – Vulnerabilities
Critical RCE Vulnerability in vBulletin via PHP Reflection API Bypass Full Text
Abstract
A critical vulnerability in vBulletin versions 5.x and 6.x running on PHP 8.1 or later allows unauthenticated attackers to invoke protected methods remotely, leading to remote code execution (RCE).Karmain Security
May 26, 2025 – Vulnerabilities
D-Link Routers Exposed by Hard-Coded Telnet Credentials Full Text
Abstract
A critical vulnerability identified as CVE-2025-46176 affects D-Link DIR-605L and DIR-816L routers, exposing hardcoded Telnet credentials that allow unauthenticated remote command execution.GBHackers
May 24, 2025 – Criminals
Global Takedown Disrupts Danabot Malware-as-a-Service Infrastructure Full Text
Abstract
The FBI, DoD, and international partners dismantled Danabot’s infrastructure and identified key operators. Danabot was used to distribute malware like LockBit, Ursnif, and Zloader.We Live Security
May 24, 2025 – Vulnerabilities
Cloudflare Closes Security Gap That Could Leak Visitor URLs Full Text
Abstract
Cloudflare has addressed CVE-2025-4366, a request smuggling vulnerability in the Pingora OSS framework, affecting its CDN free tier and users of pingora-proxy and pingora-cache crates.The Cyber Express
May 24, 2025 – Vulnerabilities
Critical NETGEAR Router Flaw Allows Full Admin Access by Attackers Full Text
Abstract
A critical authentication bypass vulnerability (CVE-2025-4978) has been discovered in NETGEAR DGND3700v2 wireless routers. The flaw, rated CVSSv4 9.3, allows unauthenticated attackers to gain full administrative access via a hidden backdoor.GBHackers
May 23, 2025 – Vulnerabilities
Apple XNU Kernel Flaw Enables Attackers to Escalate Privileges Full Text
Abstract
Apple has patched CVE-2025-31219, a critical vulnerability in the XNU kernel affecting macOS, iOS, iPadOS, tvOS, watchOS, and visionOS. The flaw allows local attackers to escalate privileges and execute arbitrary code with kernel-level access.GBHackers
May 23, 2025 – Hacker
Russian hacker group Killnet returns with new identity Full Text
Abstract
Once known for its pro-Kremlin hacktivist campaigns, the group now appears to function as a profit-driven cyber mercenary collective, offering hack-for-hire services and targeting a broader range of victims.The Record
May 23, 2025 – Phishing
Hackers use fake Ledger apps to steal Mac users’ seed phrases Full Text
Abstract
A series of sophisticated phishing campaigns are targeting macOS users by distributing fake Ledger Live applications designed to steal 24-word seed phrases used to access cryptocurrency wallets.Bleeping Computer
May 23, 2025 – Phishing
Cybercriminals Using Trusted Google Domains to Spread Malicious Code Full Text
Abstract
A new malvertising campaign is leveraging trusted Google domains and outdated JSONP API calls to inject malicious scripts into legitimate e-commerce websites. These scripts redirect users to phishing pages that mimic payment portals.GBHackers
May 23, 2025 – Breach
Coca-Cola, Bottling Partner Named in Separate Ransomware and Data Breach Claims Full Text
Abstract
Everest has listed Coca-Cola as a victim on its dark web leak site, releasing samples of internal HR documents affecting 959 employees. These include scans of passports and visas, salary data, and other personally identifiable information (PII).HackRead
May 23, 2025 – Breach
Decentralized crypto platform Cetus hit with $223 million hack Full Text
Abstract
Cetus, a decentralized cryptocurrency exchange operating on the Sui blockchain, suffered a significant cyberattack on Thursday, 22nd May, resulting in the theft of approximately $223 million.The Record
May 23, 2025 – Vulnerabilities
Critical Vulnerabilities in ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Control Systems Full Text
Abstract
ABB has issued a security advisory (AV25-290) on May 22, 2025, addressing critical vulnerabilities in multiple control system products. These flaws affect ASPECT-Enterprise, NEXUS Series, and MATRIX Series devices running version 3.08.03 or earlier.Cyber
May 22, 2025 – Malware
AI-Generated TikTok Videos Used to Distribute Infostealer Malware Full Text
Abstract
A new campaign is exploiting TikTok’s vast user base and viral content model to distribute information-stealing malware, including Vidar and StealC. It uses AI-generated videos to socially engineer users into executing malicious PowerShell commands.Infosecurity Magazine
May 22, 2025 – Phishing
TAG-110 Targets Tajikistan: New Macro Word Documents Phishing Tactics Full Text
Abstract
A Russia-aligned threat actor, TAG-110—linked to APT28 and UAC-0063—has launched a phishing campaign targeting Tajikistan’s government, academic, and research institutions.Recorded Future
May 22, 2025 – Vulnerabilities
UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware Full Text
Abstract
A Chinese threat group, UAT-6382, is actively exploiting CVE-2025-0994—a remote code execution vulnerability in Trimble Cityworks—to deploy malware and maintain persistent access in U.S. local government networks.Talos Intelligence
May 22, 2025 – Vulnerabilities
Grafana security release: High severity security fix for CVE-2025-4123 Full Text
Abstract
A high-severity cross-site scripting (XSS) vulnerability, tracked as CVE-2025-4123 with a CVSS score of 7.6, has been discovered in Grafana. This flaw allows attackers to redirect users to malicious websites and execute arbitrary JavaScript code.Grafana
May 22, 2025 – Vulnerabilities
Versa Concerto 0-Day Flaw Enables Remote Code Execution by Bypassing Authentication Full Text
Abstract
Multiple critical vulnerabilities in Versa Concerto (versions 12.1.2–12.2.0) remain unpatched, enabling attackers to bypass authentication and achieve remote code execution (RCE) and host compromise.GBHackers
May 22, 2025 – Phishing
Fake CAPTCHA Attacks Deploy Infostealers and RATs in a Multistage Payload Chain Full Text
Abstract
A recent wave of phishing campaigns is exploiting fake CAPTCHA pages to trick users into executing malicious commands via the Windows Run dialog. These attacks deliver multistage payloads using obfuscated JavaScript embedded in MP3 or PDF files.Trend Micro
May 22, 2025 – Vulnerabilities
Cisco Identity Services RADIUS Process Vulnerability Let Attackers Trigger DoS Condition Full Text
Abstract
Cisco has disclosed a critical vulnerability in its Identity Services Engine (ISE) version 3.4 that allows unauthenticated remote attackers to trigger a denial-of-service (DoS) condition.Cybersecurity News
May 22, 2025 – Vulnerabilities
Several GitLab Vulnerabilities Enable Attackers to Launch DoS Attacks Full Text
Abstract
GitLab has released critical patches for 11 vulnerabilities in its CE and EE platforms, including three high-severity DoS flaws. These affect all deployment models and could lead to system downtime, data exposure, and authentication bypass.GBHackers
May 22, 2025 – General
Hackers Targets Coinbase Users Targeted in Advanced Social Engineering Hack Full Text
Abstract
A sophisticated social engineering campaign has been actively targeting Coinbase users since early 2025, resulting in over $300 million in annual losses and $45 million in a single week in May.GBHackers
May 22, 2025 – Phishing
Another Fake Cloudflare Verification Targets WordPress Sites Full Text
Abstract
A new malware campaign is targeting WordPress sites by impersonating a Cloudflare verification page. This multistage infection uses social engineering and obfuscated PowerShell commands to deliver a malicious Windows executableSucuri
May 20, 2025 – Outage
Major Russian state services disrupted, reportedly due to cyberattack Full Text
Abstract
A series of large-scale Distributed Denial-of-Service (DDoS) attacks have disrupted access to several major Russian state services, including tax, digital identity, and healthcare systems.The Record
May 20, 2025 – Ransomware
Ransomware strikes UK food distributor in latest retail blow Full Text
Abstract
Peter Green Chilled suffered a ransomware attack on May 14, 2025, severely impacting its operations and disrupting supply chains to major UK supermarkets including Asda, Tesco, Sainsbury’s, Waitrose, and M&S.The Register
May 20, 2025 – Vulnerabilities
300 Milliseconds to Admin: Mastering DLL Hijacking and Hooking to Win the Race (CVE-2025-24076 and CVE-2025-24994) Full Text
Abstract
A critical privilege escalation vulnerability in Windows 11, tracked as CVE-2025-24076, allows attackers to elevate privileges from a standard user to SYSTEM in just 300 milliseconds.Compass Security
May 20, 2025 – Ransomware
New Nitrogen Ransomware Targets Financial Firms in the US, UK and Canada Full Text
Abstract
Nitrogen ransomware, first publicly identified in September 2024, has emerged as a significant threat targeting organizations across the finance, construction, manufacturing, and technology sectors.HackRead
May 20, 2025 – Attack
Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization Full Text
Abstract
A threat actor known as UnsolicitedBooker has been observed targeting a Saudi Arabian organization over a span of three years using a newly identified backdoor named MarsSnake.The Hacker News
May 20, 2025 – Malware
Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts Full Text
Abstract
Researchers identified several malicious packages on PyPI and npm that exploit APIs and implant backdoors. checker-SaGaF (2,605 downloads) steinlurks (1,049 downloads) sinnercore (3,300 downloads) dbgpkg (~350 downloads) requestsdev (76 downloads)The Hacker News
May 20, 2025 – Vulnerabilities
Auth0-PHP Vulnerability Enables Unauthorized Access for Attackers Full Text
Abstract
GBHackers
May 20, 2025 – Breach
Cocospy stalkerware apps go offline after data breach | TechCrunch Full Text
Abstract
Cocospy, Spyic, and Spyzie—three near-identical stalkerware apps—have gone offline following a significant data breach. These apps were previously caught spying on millions of phones earlier in 2025.Tech Crunch
May 20, 2025 – Vulnerabilities
Critical Vulnerabilities in My Volkswagen App Expose Personal Data and Enable Unauthorized Vehicle Access Full Text
Abstract
A security researcher uncovered critical vulnerabilities in the My Volkswagen app that exposed sensitive personal and vehicle data. The flaws allowed unauthorized access to user accounts and vehicle features using only a vehicle’s VIN number.LoopSec
May 20, 2025 – Malware
Malicious Koishi Chatbot Plugin Exfiltrates Messages Trigger… Full Text
Abstract
A malicious npm package, koishi-plugin-pinhaofa, is targeting Koishi chatbot frameworks. Disguised as a spelling autocorrect plugin, it embeds a backdoor that exfiltrates messages containing 8-character hexadecimal strings to a hardcoded QQ account.Socket
May 19, 2025 – Vulnerabilities
Thousands of WordPress Sites at Risk Due to Critical Crawlomatic Plugin Vulnerability Full Text
Abstract
A critical vulnerability (CVE-2025-4389) in the Crawlomatic Multisite Scraper Post Generator WordPress plugin allows unauthenticated attackers to upload arbitrary files, leading to remote code execution.The Cyber Express
May 19, 2025 – Breach
How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes Full Text
Abstract
A critical breach of the TeleMessage Signal clone (TM SGNL) exposed sensitive data due to severe misconfigurations. Exploited in under 20 minutes, the breach compromised credentials, unencrypted chat logs, and encryption keys of users.Wired
May 19, 2025 – Vulnerabilities
Beware! A threat actor could steal the titles of your private (and draft) WordPress posts! Full Text
Abstract
A newly discovered vulnerability in WordPress allows attackers to exfiltrate titles of private and draft posts via the XMLRPC pingback feature. This flaw affects all WordPress installations with XMLRPC enabled.Imperva
May 19, 2025 – Vulnerabilities
New ‘Defendnot’ tool tricks Windows into disabling Microsoft Defender Full Text
Abstract
A new tool named Defendnot demonstrates a critical method to disable Microsoft Defender on Windows systems by exploiting an undocumented Windows Security Center (WSC) API.Bleeping Computer
May 19, 2025 – Vulnerabilities
CVE-2025-30072 Tiiwee X1 Alarm System - Authentication Bypass by Capture-replay Full Text
Abstract
A critical authentication bypass vulnerability (CVE-2025-30072) has been identified in the Tiiwee X1 Alarm System (version TWX1HAKV2). The system's use of unencrypted 433 MHz radio communication allows attackers to perform capture-replay attacks.Seclists
May 19, 2025 – Phishing
Dark Web Profile: Silent Ransom Group (LeakedData) - SOCRadar® Cyber Intelligence Inc. Full Text
Abstract
SRG employs highly tailored phishing campaigns, including callback phishing and impersonation of well-known brands like Duolingo and Masterclass. Victims are lured into calling fake support numbers and are socially engineered.Socradar
May 19, 2025 – Vulnerabilities
SEC Consult SA-20250506-0 :: Honeywell MB Secure Authenticated Command Injection Full Text
Abstract
A critical authenticated command injection vulnerability (CVE-2025-2605) has been identified in Honeywell MB-Secure and MB-Secure PRO systems. Exploiting this flaw allows authenticated attackers to execute arbitrary OS commands with root privileges.Seclists
May 19, 2025 – Vulnerabilities
Session Invalidation in Economizzer Allows Unauthorized Access After Logout Full Text
Abstract
A session management vulnerability has been identified in Economizzer v.0.9-beta1, which allows unauthorized access due to improper session invalidation. Even after a user logs out, the session remains active.Seclists
May 17, 2025 – Vulnerabilities
Multiple Critical Vulnerabilities Addressed in Latest Metasploit Framework Update Including RCE and Privilege Escalation Full Text
Abstract
The latest Metasploit Framework update introduces five new modules targeting critical vulnerabilities across multiple platforms, including POWERCOM UPSMON PRO, Car Rental System 1.0, WordPress plugins, and LINQPad.Rapid 7
May 17, 2025 – Outage
Russian hospital faces multi-day shutdown as pro-Ukraine group claims cyberattack Full Text
Abstract
Lecardo Clinic, a private hospital in Chuvashia, Russia, experienced a multi-day operational shutdown due to a cyberattack attributed to the pro-Ukraine hacker group 4B1D.The Record
May 16, 2025 – Criminals
Ransomware gang INC claims recent attack on South African Airways - Comparitech Full Text
Abstract
South African Airways (SAA) has confirmed a cyberattack on May 3, 2025, which temporarily disrupted its website, mobile app, and internal systems. The ransomware group INC has claimed responsibility, labeling the initial data leak as “Part 1."CompariTech
May 16, 2025 – Breach
Telecom SaaS firm Communications Data Group notifies 42K people of data breach on behalf of Duo Broadband Full Text
Abstract
Communications Data Group (CDG), a SaaS billing vendor for Duo Broadband, has notified 42,518 individuals of a data breach that occurred in February 2025. The breach, attributed to the ransomware group Qilin, exposed sensitive personal data.CompariTech
May 16, 2025 – Breach
Broadcom data stolen in payroll provider ransomware raid Full Text
Abstract
A ransomware attack on Business Systems House (BSH) in September 2024 resulted in the theft of Broadcom employee data. At the time, Broadcom was transitioning to a new payroll provider, which may have contributed to the exposure.The Register
May 16, 2025 – Malware
Printer company provided infected software downloads for half a year Full Text
Abstract
This investigation revealed that the vendor's official software downloads were infected with multiple strains of malware, including the XRed backdoor and a new clipbanker virus called SnipVex.GData Software
May 16, 2025 – Government
FBI: US officials targeted in voice deepfake attacks since April Full Text
Abstract
The FBI has issued a public service announcement warning of a surge in AI-generated voice deepfake attacks targeting U.S. government officials since April 2025. These leverage advanced voice cloning technologies to impersonate senior officials.Bleeping Computer
May 15, 2025 – Vulnerabilities
Node.js Vulnerability Enables Attackers to Crash Processes and Disrupt Services Full Text
Abstract
Node.js has released critical security updates addressing three vulnerabilities—CVE-2025-23166, CVE-2025-23167, and CVE-2025-23165—that could allow attackers to crash server processes and disrupt services.GBHackers
May 15, 2025 – APT
Fancy Bear campaign sought emails of high-level Ukrainians and their military suppliers Full Text
Abstract
A cyber-espionage campaign by Fancy Bear (APT28), linked to Russia’s GRU, has targeted Ukrainian government and military entities, as well as international defense contractors.Cyber Scoop
May 15, 2025 – Malware
Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper Full Text
Abstract
A newly discovered malicious npm package, os-info-checker-es6, masquerades as a utility for retrieving OS information but is designed to stealthily deliver a next-stage payload.The Hacker News
May 15, 2025 – Malware
TransferLoader Malware Loader Deploys Morpheus Ransomware Using Obfuscated Backdoor and IPFS-Based C2 Full Text
Abstract
TransferLoader is a newly identified malware loader active since at least February 2025. It comprises three main components—a downloader, a backdoor loader, and a backdoor—each employing advanced anti-analysis and obfuscation techniques.ZScaler
May 15, 2025 – Criminals
Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines Full Text
Abstract
A new wave of ransomware and extortion attacks is targeting the US retail sector, with threat intelligence suggesting the involvement of the advanced threat actor group Scattered Spider (UNC3944).May 15, 2025 – Phishing
CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users Full Text
Abstract
A sophisticated phishing campaign dubbed Meta Mirage has been uncovered, targeting users of Meta's Business Suite. This campaign specifically focuses on hijacking high-value accounts.The Hacker News
May 15, 2025 – Breach
Nova Scotia Power says customer banking details may have been stolen by hackers Full Text
Abstract
On April 25, 2025, Nova Scotia Power discovered a cyberattack that compromised sensitive customer data. The breach, which occurred over a month earlier, has prompted the utility to isolate affected systems.The Record
May 15, 2025 – Breach
Idaho hospital notifies 34K people of data breach that compromised SSNs, health info Full Text
Abstract
Weiser Memorial Hospital in Idaho has notified 34,249 individuals of a data breach that occurred in September 2024. The breach, attributed to the Embargo ransomware group, compromised sensitive personal and medical information.Comparitech
May 15, 2025 – Malware
Researchers Uncover Malicious .desktop File Campaign Targeting Linux Systems Full Text
Abstract
Researchers have identified a surge in malicious `.desktop` files targeting Linux systems. These files exploit standard desktop behaviors to execute hidden commands and download malware.Google Cloud Community
May 15, 2025 – Criminals
The Internet’s Biggest-Ever Black Market Just Shut Down Amid a Telegram Purge Full Text
Abstract
In a major disruption to global cybercrime infrastructure, the notorious Haowang Guarantee (formerly Huione Guarantee) black market has been shut down following Telegram’s enforcement action.Wired
May 14, 2025 – Malware
Katz Stealer Malware Hits 78+ Chromium and Gecko-Based Browsers Full Text
Abstract
Katz Stealer is a newly identified infostealer malware targeting over 78 Chromium and Gecko-based browser variants. It is capable of extracting sensitive data including credentials, cookies, CVV2 codes, OAuth tokens, and cryptocurrency wallets.GBHackers
May 14, 2025 – Malware
DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt Full Text
Abstract
DarkCloud Stealer is a sophisticated infostealer malware active since 2022 and advertised on hacking forums as early as January 2023. It has been used in targeted attacks against government organizations.Palo Alto Networks
May 14, 2025 – Botnet
High Risk Warning for Windows Ecosystem: New Botnet Family HTTPBot is Expanding Full Text
Abstract
HTTPBot is a newly identified Trojan botnet written in Go, first detected in August 2024 and named by NSFOCUS Fuying Lab for its use of HTTP-based DDoS techniques. It has rapidly expanded, issuing over 200 attack commands by April 2025.NSFocus Global
May 14, 2025 – APT
Swan Vector APT: Targeting Taiwan & Japan with DLL Implants Full Text
Abstract
A newly identified APT campaign, dubbed “Swan Vector,” has been targeting educational and mechanical engineering sectors in East Asia, particularly Taiwan and Japan. The campaign employs spearphishing emails with malicious ZIP attachmentsSeqRite
May 14, 2025 – Phishing
GovDelivery, an email alert system used by governments, abused to send scam messages Full Text
Abstract
A phishing campaign exploited the U.S. government’s GovDelivery email system to send scam messages impersonating official toll collection notices. The emails were sent from an official Indiana government email address.Tech Crunch
May 14, 2025 – Vulnerabilities
Critical Heap Overflow Vulnerabilities in Windows RDP and RD Gateway Allow Remote Code Execution Full Text
Abstract
Microsoft has disclosed two critical vulnerabilities in its Windows Remote Desktop services that could allow attackers to execute arbitrary code on vulnerable systems over a network.GBHackers
May 14, 2025 – Breach
PowerSchool data breach leads to school extortion attempts Full Text
Abstract
A major data breach at PowerSchool, a platform serving over 60 million students and 18,000 educational institutions, has led to extortion attempts targeting public schools. Threat actors are leveraging data stolen in the December 28, 2024 breach.K12 Dive
May 14, 2025 – Phishing
Telegram Bots Used for Real-Time Credential Exfiltration in Cross-Platform Phishing Campaign Full Text
Abstract
Based on our technical analysis of the campaign, researchers believe it is sold as part of a phishing-as-a-service kit that enables different threat actors to leverage the same infrastructure.KnowBe4
May 14, 2025 – Vulnerabilities
Critical Authentication Bypass in Ivanti Neurons for ITSM and Privilege Escalation in CSA Full Text
Abstract
Tracked as CVE-2025-22462, the security flaw can let unauthenticated attackers gain administrative access to unpatched systems in low-complexity attacks, depending on system configuration.Bleeping Computer
May 14, 2025 – Breach
PrepHero-Linked Database Exposed Data of 3M Students and Coaches Full Text
Abstract
A massive data exposure incident involving PrepHero, a college recruiting platform operated by EXACT Sports, has compromised the personal information of over 3 million student-athletes, their parents, and coaches.HackRead
May 13, 2025 – Government
Alabama says ‘cybersecurity event’ could disrupt state government services Full Text
Abstract
On May 13, 2025, Alabama Governor Kay Ivey announced that the state is responding to a “cybersecurity event” that may disrupt access to government websites and communications. Residents are advised to remain patient as mitigation efforts continue.The Record
May 13, 2025 – Malware
Unpacking PyInstaller Malware on macOS Full Text
Abstract
A newly discovered macOS infostealer leverages PyInstaller, an open-source Python bundler, to deploy malicious Mach-O binaries. The malware bypasses traditional detection mechanisms and supports both x86_64 and arm64 architectures.JAMF
May 13, 2025 – Malware
Chihuahua Stealer: A new Breed of Infostealer Full Text
Abstract
Chihuahua Stealer is a newly identified .NET-based infostealer that employs a multi-stage infection chain, advanced obfuscation, and stealth techniques to exfiltrate sensitive browser and cryptocurrency wallet data.GData Software
May 13, 2025 – Attack
DragonForce Goes Retail: Inside the Cyber Siege of M&S, Co-op, and Harrods Full Text
Abstract
DragonForce, a former hacktivist group turned Ransomware-as-a-Service (RaaS) operation, has launched a coordinated cyber offensive against major UK retailers—Marks & Spencer (M&S), Co-op, and Harrods.Irembezci
May 13, 2025 – Privacy
Marbled Dust leverages zero-day in Output Messenger for regional espionage Full Text
Abstract
A Turkish-aligned cyber-espionage group known as Marbled Dust has exploited a zero-day vulnerability in Output Messenger to conduct surveillance on Kurdish military operations in Iraq.Microsoft
May 13, 2025 – APT
Analysis of APT37 Attack Case Disguised as a Think Tank for National Security Strategy in South Korea (Operation. ToyBox Story) Full Text
Abstract
APT37 (ScarCruft), a North Korean state-sponsored threat actor, has launched a sophisticated spear-phishing campaign dubbed “Operation: ToyBox Story,” targeting activists focused on North Korean issues.Genians
May 13, 2025 – APT
Hackers now testing ClickFix attacks against Linux targets Full Text
Abstract
A new ClickFix campaign by APT36 (Transparent Tribe), a Pakistan-linked threat actor, has expanded its targeting to include Linux systems alongside Windows and macOS. It impersonates India's Ministry of Defence to lure victims.Bleeping Computer
May 13, 2025 – Phishing
Horabot Unleashed: A Stealthy Phishing Threat Full Text
Abstract
A new phishing campaign leveraging the Horabot malware has been observed targeting Spanish-speaking users in Latin America. Delivered via malicious HTML attachments in phishing emails, Horabot enables lateral propagation through Outlook.Fortinet
May 12, 2025 – Malware
“PupkinStealer” – .NET Malware Steals Browser Data and Exfiltrates via Telegram Full Text
Abstract
A newly identified .NET-based infostealer named PupkinStealer has emerged as a significant threat targeting Windows systems. First observed in April 2025, this malware is designed to harvest sensitive data.GBHackers
May 12, 2025 – Cryptocurrency
New Attack Exploits X/Twitter Ad URL Feature to Deceive Users Full Text
Abstract
A newly uncovered scam campaign exploits X/Twitter’s ad URL preview feature to deceive users into visiting fraudulent cryptocurrency sites. By manipulating how metadata is fetched for preview cards, attackers display trusted domains.GBHackers
May 10, 2025 – Vulnerabilities
Legacy Login in Microsoft Entra ID Exploited to Breach Cloud Accounts Full Text
Abstract
A targeted campaign exploited Microsoft Entra ID’s legacy authentication protocol BAV2ROPC, allowing attackers to bypass MFA and gain unauthorized access to admin accounts across finance, healthcare, and tech sectors.Hack Read
May 10, 2025 – Phishing
Hackers Weaponizing PDF Invoices to Attack Windows, Linux & macOS Systems Full Text
Abstract
A sophisticated email campaign has been uncovered targeting users in Spain, Italy, and Portugal, distributing the cross-platform RATty RAT. The campaign uses the legitimate Spanish email service provider serviciodecorreo.es to send phishing emails.Cybersecurity News
May 10, 2025 – Cryptocurrency
FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network Full Text
Abstract
A joint investigation has uncovered FreeDrain, a large-scale cryptocurrency phishing operation that exploits SEO manipulation, free-tier web services, and redirection techniques to deceive users of popular cryptocurrency wallets.Sentinel One
May 10, 2025 – Attack
Over 40 Hacktivist Groups Target India in Coordinated Cyber Campaign: High Noise, Low Impact Full Text
Abstract
A coordinated cyber campaign dubbed #OpIndia was launched by over 40 ideologically motivated hacktivist groups following recent geopolitical tensions between India and Pakistan.The Cyber Express
May 10, 2025 – Criminals
Ransomware gang says it hacked the Sheriff of Hamilton County, TN Full Text
Abstract
The Qilin ransomware gang claimed responsibility for a cyberattack on the Hamilton County Sheriff’s Office in Chattanooga, Tennessee, on April 14, 2025. The sheriff’s office stated that the attackers demanded a $300,000 ransom, which was not paid.CompariTech
May 9, 2025 – Malware
Stealthy .NET Malware: Hiding Malicious Payloads as Bitmap Resources Full Text
Abstract
A recent malware campaign leverages steganography to embed malicious payloads within bitmap resources of 32-bit .NET applications. These payloads are delivered via malspam targeting the financial sector in Türkiye and the logistics sector in Asia.Palo Alto Networks
May 9, 2025 – Vulnerabilities
CVSS 10.0 Vulnerability Found in Ubiquity UniFi Protect Cameras Full Text
Abstract
Ubiquity has disclosed two vulnerabilities in its UniFi Protect platform, including a critical RCE flaw (CVE-2025-23123) with a CVSS score of 10.0 and a medium-severity livestream access issue (CVE-2025-23164) with a CVSS score of 4.4.The Cyber Express
May 9, 2025 – Attack
Hackers Exploit Windows Remote Management to Evade Detection in AD Networks Full Text
Abstract
A new wave of cyberattacks is exploiting WinRM to conduct stealthy lateral movement within AD environments. By leveraging this legitimate administrative tool, attackers evade detection and blend into normal network activity.GBHackers
May 9, 2025 – Criminals
Kickidler employee monitoring software abused in ransomware attacks Full Text
Abstract
Ransomware groups Qilin and Hunters International are abusing Kickidler, a legitimate employee monitoring tool used by over 5,000 organizations across 60 countries, to conduct stealthy reconnaissance and credential harvesting.Bleeping Computer
May 9, 2025 – Breach
Supply chain attack hits npm package with 45,000 weekly downloads Full Text
Abstract
A supply chain attack has compromised the npm package rand-user-agent, which averaged 45,000 weekly downloads. Although deprecated, the package remained popular, making it an attractive target for attackers.Bleeping Computer
May 7, 2025 – Phishing
Using Blob URLs to Bypass SEGs and Evade Analysis Full Text
Abstract
Threat actors are increasingly leveraging blob URIs (Uniform Resource Identifiers) to deliver credential phishing pages that bypass Secure Email Gateways (SEGs) and evade automated analysis.Cofense
May 7, 2025 – Vulnerabilities
SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version Full Text
Abstract
Multiple critical vulnerabilities have been discovered in the on-premise version of SysAid IT support software, enabling pre-authenticated remote code execution (RCE) with elevated privileges.The Hacker News
May 7, 2025 – Vulnerabilities
Microsoft: April updates cause Windows Server auth issues Full Text
Abstract
Microsoft has confirmed that the April 2025 security update (KB5055523) is causing authentication issues on domain controllers running Windows Server 2016, 2019, 2022, and 2025.Bleeping Computer
May 7, 2025 – Malware
Lampion Is Back With ClickFix Lures Full Text
Abstract
A newly uncovered campaign by the Lampion banking malware group has targeted Portuguese organizations in the government, finance, and transportation sectors. Lampion is an info stealer known for stealing sensitive banking credentials.Palo Alto Networks
May 7, 2025 – Vulnerabilities
IBM Cognos Analytics Security Vulnerability Allowed Unauthorized File Uploads Full Text
Abstract
IBM has disclosed two high-severity vulnerabilities in its Cognos Analytics platform—CVE-2024-40695 and CVE-2024-51466. These flaws allow unauthorized file uploads and remote code execution.GBHackers
May 7, 2025 – Criminals
Digital welfare fraud: ALTSRUS syndicate exploits the financially vulnerable Full Text
Abstract
A newly uncovered fraud syndicate named ALTSRUS is exploiting vulnerable segments of the digital economy by stealing and reselling accounts tied to Electronic Benefit Transfer (EBT), pharmacy prescriptions, and consumer rewards programs.Help Net Security
May 7, 2025 – Malware
Malicious PyPI Package Targets Discord Developers with Remot… Full Text
Abstract
A malicious Python package named discordpydebug was uploaded to PyPI, posing as a debugging tool for Discord bot developers. Despite lacking a README or documentation, it was downloaded over 11,000 times.Socket
May 7, 2025 – Vulnerabilities
Unexpected behavior in Snowflake’s Cortex AI Full Text
Abstract
Snowflake’s CORTEX Search Service introduces a critical security risk: unintended data exposure. This vulnerability persists even in environments with tightly configured access and masking policies due to the inherent design of the AI service.Cyera
May 7, 2025 – Vulnerabilities
Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet Full Text
Abstract
Threat actors are actively exploiting critical vulnerabilities in end-of-life (EoL) GeoVision IoT devices and Samsung MagicINFO servers to deploy the Mirai botnet. These attacks leverage command injection and path traversal flaws.The Hacker News
May 6, 2025 – Vulnerabilities
Critical RCE Vulnerability in Samsung MagicINFO 9 Server Actively Exploited Full Text
Abstract
The vulnerability stems from inadequate input validation in the file upload functionality of Samsung MagicINFO 9 Server. Specifically, the server fails to sanitize filename inputs and does not enforce file extension or authentication checks.Arctic Wolf
May 6, 2025 – Vulnerabilities
Researcher Exploits Regex Filter Flaw to Gain Remote Code Execution Full Text
Abstract
The vulnerability enables attackers to execute arbitrary commands on the server, potentially leading to full system compromise, data exfiltration, and unauthorized access.GBHackers
May 6, 2025 – Vulnerabilities
Critical Windows Deployment Services UDP Flaw Exposes Enterprise Networks to Remote DoS Attacks Full Text
Abstract
A newly discovered pre-authentication denial-of-service (DoS) vulnerability in Microsoft’s Windows Deployment Services (WDS) allows remote attackers to crash systems by sending malicious UDP packets.Windows Forum
May 6, 2025 – Government
CISA Issues Alert on Langflow Vulnerability Actively Exploited in Attacks Full Text
Abstract
The CISA has issued an urgent alert about an actively exploited vulnerability in Langflow, an open-source framework for building language model applications. The flaw allows unauthenticated attackers to execute malicious code remotelyGBHackers
May 6, 2025 – Phishing
CoGUI Phish Kit Targets Japan with Millions of Messages Full Text
Abstract
Proofpoint has observed a notable increase in high-volume Japanese language campaigns targeting organizations in Japan to deliver a phishing kit named CoGUI. Most of the campaigns abuse Amazon, PayPay, Rakuten, and others.Proof Point
May 6, 2025 – Phishing
Smishing on a Massive Scale: “Panda Shop” Chinese Carding Syndicate Full Text
Abstract
A new smishing kit named "Panda Shop" has emerged, linked to Chinese cybercriminals and believed to be a rebranded evolution of the Smishing Triad. This kit enables large-scale phishing campaigns targeting global consumers and financial institutions.Resecurity
May 5, 2025 – Vulnerabilities
Multiple Flaws in Tenda RX2 Pro Let Attackers Gain Admin Access Full Text
Abstract
Security researchers have identified 11 critical vulnerabilities in the Tenda RX2 Pro Dual-Band Gigabit Wi-Fi 6 Router (Firmware V16.03.30.14), enabling remote attackers to gain administrative and root access.GBHackers
May 5, 2025 – Malware
StealC V2: ThreatLabz Unveils the Evolution of a Stealthy Info-Stealer and Malware Loader Full Text
Abstract
StealC V2, introduced in March 2025, utilizes a JSON-based network protocol with RC4 encryption implemented in recent variants. StealC V2 supports loader options that can deliver Microsoft Software Installer (MSI) packages, and PowerShell scripts.Security Online
May 5, 2025 – Vulnerabilities
Critical SQL Injection Vulnerability Found in ADOdb PHP Library – CVE-2025-46337 (CVSS 10.0) Full Text
Abstract
Tracked as CVE-2025-46337, the vulnerability resides in the PostgreSQL driver’s pg_insert_id() method, potentially allowing attackers to execute arbitrary SQL commands in vulnerable applications.Security Online
May 5, 2025 – Phishing
Venom Spider Evolves: Arctic Wolf Exposes More_eggs Campaign Targeting HR Full Text
Abstract
Venom Spider continues to use job seekers as a lure targeting HR departments and corporate recruiters in its phishing. The group spreads its infamous More_eggs backdoor with new levels of stealth and obfuscation.Security Online
May 5, 2025 – Criminals
Rhysida Ransomware gang claims the hack of the Government of Peru Full Text
Abstract
The Rhysida ransomware group has claimed responsibility for breaching the Government of Peru’s official digital platform, Gob.pe. The group published images of multiple documents allegedly stolen from the platform on May 2, 2025.Security Affairs
May 5, 2025 – Attack
Threat Actors Target Critical National Infrastructure with New Malware and Tools Full Text
Abstract
Between April and November 2024, attackers exfiltrated targeted email data and mapped virtualization infrastructure. Following containment efforts in late 2024, they escalated operations by deploying additional web shells, SystemBC and MeshCentral.GBHackers
May 2, 2025 – General
Third of Online Users Hit by Account Hacks Due to Weak Passwords Full Text
Abstract
More than a third (36%) of people have had at least one online account compromised due to weak or stolen passwords in the past year, according to new research by the FIDO Alliance.Infosecurity Magazine
May 2, 2025 – Phishing
200+ Fake Retail Sites Used in New Wave of Subscription Scams Full Text
Abstract
Bitdefender discovered over 200 incredibly realistic websites offering a wide range of products, including shoes, clothing, and electronics. Customers are tricked into providing credit card information and agreeing to monthly subscriptions.HackRead
May 2, 2025 – Attack
Harrods becomes latest retailer to announce attempted cyberattack Full Text
Abstract
Harrods, the luxury department store in London, has become the latest U.K. retailer to announce detecting an attempted cyberattack following similar announcements by Marks & Spencer and the Co-op.The Record
May 2, 2025 – Phishing
Mystery Box Scams Deployed to Steal Credit Card Data Full Text
Abstract
Cybercriminals are deploying highly sophisticated subscription scams, including deceptive “mystery box” offers, to harvest credit card data and commit financial fraud. These scams are spreading across social media platforms, particularly Facebook.Infosecurity Magazine
May 2, 2025 – Vulnerabilities
Netgear EX6200 Flaw Enables Remote Access and Data Theft Full Text
Abstract
Three critical vulnerabilities (CVE-2025-4148, CVE-2025-4149, CVE-2025-4150) have been discovered in the Netgear EX6200 Wi-Fi range extender (firmware version 1.0.3.94), a device widely used in homes and small businesses.GBHackers
May 2, 2025 – Privacy
Apple notifies victims in 100 countries of likely spyware targeting Full Text
Abstract
Apple has issued threat notifications to users in 100 countries, warning of targeted spyware attacks likely involving advanced commercial surveillance tools such as Paragon. These attacks are part of a broader trend of mercenary spyware campaigns.The Record
May 2, 2025 – General
Claude AI Exploited to Operate 100+ Fake Political Personas in Global Influence Campaign Full Text
Abstract
A recent investigation by Anthropic has uncovered a sophisticated misuse of its Claude AI chatbot in a commercial “influence-as-a-service” operation. This campaign involved the creation of over 100 politically-aligned fake personas on Facebook and X.The Hacker News
May 2, 2025 – Outage
Poland’s state registry temporarily blocked by cyber incident Full Text
Abstract
A suspected distributed denial-of-service (DDoS) attack temporarily disrupted Poland’s state registry systems on April 24, 2024, affecting access to critical government services. The attack targeted the PESEL registry.The Record
May 2, 2025 – Outage
Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists Full Text
Abstract
Multiple Dutch organizations have experienced significant service disruptions this week due to a series of coordinated Distributed Denial-of-Service (DDoS) attacks. These attacks are the work of a pro-Russian hacktivist group NoName057(16).GBHackers
April 30, 2025 – Vulnerabilities
PowerDNS DNSdist 1.9.9 released, fixing CVE-2025-30194 Full Text
Abstract
A critical vulnerability (CVE-2025-30194) has been identified in PowerDNS DNSdist versions 1.9.0 to 1.9.8, allowing remote attackers to trigger a denial-of-service (DoS) condition when DNS-over-HTTPS (DoH) is configured using the nghttp2 provider.Power DNS
April 30, 2025 – Vulnerabilities
Chrome 136 Released With Patch For 20-Year-Old Privacy Vulnerability Full Text
Abstract
Google has released Chrome 136 for Windows, Mac, and Linux, introducing critical privacy and security enhancements. The update addresses a 23-year-old privacy flaw and patches multiple vulnerabilities, including a critical heap buffer overflow.Cybersecurity News
April 30, 2025 – Vulnerabilities
Researchers Exploit OAuth Misconfigurations to Gain Unrestricted Access to Sensitive Data Full Text
Abstract
A researcher discovered a critical OAuth2 misconfiguration vulnerability. The flaw allowed unauthorized access to sensitive user and business data due to exposed client credentials and a lack of access controls.GBHackers
April 30, 2025 – Vulnerabilities
Zimbra Collaboration GraphQL Flaw Lets Hackers Steal User Information Full Text
Abstract
A critical Cross-Site Request Forgery (CSRF) vulnerability, tracked as CVE-2025-32354, has been identified in Zimbra Collaboration Suite (ZCS) versions 9.0 to 10.1. The flaw resides in the GraphQL endpoint (/service/extension/graphql).GBHackers
April 30, 2025 – Vulnerabilities
Docker Registry Vulnerability Lets macOS Users Access Any Registry Without Authorization Full Text
Abstract
A medium-severity vulnerability (CVE-2025-4095) in Docker Desktop for macOS allows authenticated users to bypass Registry Access Management (RAM) policies and access unapproved container registries.GBHackers
April 30, 2025 – Vulnerabilities
Apache Tomcat security advisory (AV25-239) Full Text
Abstract
Apache has released security advisories addressing vulnerabilities in multiple versions of Apache Tomcat. Users and administrators are urged to review the advisories and apply the necessary updates to maintain system security.Cyber
April 30, 2025 – Malware
New Gremlin Infostealer Distributed on Telegram Full Text
Abstract
Gremlin Stealer is a newly identified C#-based infostealer malware actively promoted on Telegram since March 2025. It targets Windows systems and is capable of harvesting a broad range of sensitive data.Infosecurity Magazine
April 30, 2025 – Vulnerabilities
GPUAF: Two Methods to Root Qualcomm-Based Android Phones Full Text
Abstract
Security researchers have uncovered two critical vulnerabilities—CVE-2024-23380 and CVE-2024-23373—in Qualcomm GPU drivers, affecting a wide range of Android devices from manufacturers such as Samsung, Xiaomi, Honor, and Vivo.GBHackers
April 30, 2025 – Malware
Yet Another NodeJS Backdoor (YaNB): A Modern Challenge Full Text
Abstract
Trustwave SpiderLabs uncovered a resurgence of malicious campaigns in March 2025 that exploit deceptive CAPTCHA verifications to deploy NodeJS-based backdoors. The campaign is referred to as "Yet Another NodeJS Backdoor (YANB)."TrustWave
April 30, 2025 – Malware
In Plain Sight: Uncovering SuperShell & Cobalt Strike from an Open Directory Full Text
Abstract
Hunt researchers uncovered a malicious server, revealing SuperShell C2 payloads and a Linux ELF Cobalt Strike beacon. The server also hosted reconnaissance tools, highlighting the sophistication and layered nature of modern cyber threats.Hunt
April 29, 2025 – Attack
Spike in Git Configuration Crawling Highlights Risk of Codebase Exposure Full Text
Abstract
A major spike in cyber reconnaissance was observed between April 20–21, 2025, with over 4,800 unique IPs attempting to access Git configuration files. This marked the fourth and largest such spike since September 2024.Grey Noise
April 29, 2025 – Attack
French BEC Threat Actor Targets Property Payments Full Text
Abstract
TA2900, is targeting French-speaking individuals with fraudulent rental payment schemes. The campaigns are designed to steal funds by impersonating rental agencies and redirecting rent payments to attacker-controlled bank accounts.Proof Point
April 29, 2025 – Vulnerabilities
Linux Kernel Exploitation Full Text
Abstract
A critical vulnerability in the Linux kernel, CVE-2025-21756 and dubbed Attack of the Vsock, allows local attackers to escalate privileges to root. The flaw resides in VMware vsock driver and affects systems using vsock for inter-VM communication.Hoefler
April 29, 2025 – Vulnerabilities
Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi Full Text
Abstract
Newly discovered vulnerabilities in Apple’s AirPlay protocol could allow attackers to move laterally across networks via Wi-Fi, spreading malware between devices. These pose a risk by enabling attackers to exploit wireless connections.Wired
April 29, 2025 – Attack
Finding Minhook in a sideloading attack – and Sweden too Full Text
Abstract
A sideloading campaign active from late 2023 to early 2024 targeted organisations in East Asia and later Sweden, delivering Cobalt Strike payloads via legitimate Windows executables and malicious DLLs.Sophos
April 29, 2025 – Botnet
Outlaw botnet detected in an incident contained by Kaspersky Full Text
Abstract
Outlaw (also known as “Dota”) is a Perl-based crypto mining botnet that typically takes advantage of weak or default SSH credentials for its operations. Telemetry data showed victims across the US, Germany, Italy, Thailand, and more.Secure List
April 29, 2025 – Phishing
Uyghur Diaspora Group Targeted with Remote Surveillance Malware Full Text
Abstract
A targeted spear phishing campaign has been uncovered against senior members of the World Uyghur Congress (WUC), aiming to deploy surveillance malware. The malware was delivered through a trojanized version of UyghurEditPP.InfoSecurity Magazine
April 29, 2025 – Malware
Technical Malware Analysis Report: Python-based RAT Malware Full Text
Abstract
A newly discovered Python-based Remote Access Trojan (RAT) leverages Discord as its command-and-control (C2) platform, transforming the popular communication tool into a hub for malicious operations.Cyfirma
April 29, 2025 – Malware
HANNIBAL Stealer: A Rebranded Threat Born from Sharp and TX Lineage - CYFIRMA Full Text
Abstract
Hannibal Stealer is a newly surfaced malware, identified as a cracked and rebranded variant of the Sharp and TX stealers, promoted by the reverse engineering group ‘llcppc_reverse.’Cyfirma
April 29, 2025 – Outage
Ransomware gang says it hacked the Malaysia’s Kuala Lumpur International Airport Full Text
Abstract
Ransomware group Qilin (also known as Agenda) claimed responsibility for a cyberattack on Kuala Lumpur International Airport (KLIA) in Malaysia. The attack disrupted flight information displays, check-in counters, and baggage handling systems.CompariTech
April 28, 2025 – Denial Of Service
Cloudflare mitigates record number of DDoS attacks in 2025 Full Text
Abstract
Cloudflare has reported a record-breaking surge in DDoS attacks, mitigating 21.3 million attacks in 2024—a 358% year-over-year (YoY) increase—and already handling 20.5 million attacks in Q1 2025 alone.Bleeping Computer
April 28, 2025 – Vulnerabilities
Viasat Modems Zero-Day Vulnerabilities Let Attackers Execute Remote Code Full Text
Abstract
A severe zero-day vulnerability has been uncovered in multiple Viasat satellite modem models, including the RM4100, RM4200, EM4100, RM5110, RM5111, RG1000, RG1100, EG1000, and EG1020.GBHackers
April 28, 2025 – Vulnerabilities
Critical FastCGI Library Flaw Exposes Embedded Devices to Code Execution Full Text
Abstract
A critical vulnerability (CVE-2025-23016) in the FastCGI library threatens embedded and IoT devices with remote code execution. The flaw, located in the ReadParams function, allows attackers to exploit heap buffer overflows.GBHackers
April 28, 2025 – Vulnerabilities
iOS and Android juice jacking defenses have been trivial to bypass for years Full Text
Abstract
Researchers have revealed that the defenses implemented by Apple and Google against "juice jacking" attacks have been fundamentally flawed. The input establishes a Bluetooth connection to a second miniaturized keyboard inside the malicious charger.ArsTechnica
April 28, 2025 – Criminals
JokerOTP Dismantled After 28,000 Phishing Attacks, 2 Arrested Full Text
Abstract
Two individuals have been arrested in a joint international operation dismantling JokerOTP, a sophisticated phishing tool used to intercept 2FA codes and steal over £7.5 million.HackRead
April 28, 2025 – Vulnerabilities
React Router Vulnerabilities Allow Attackers to Spoof Content and Alter Values Full Text
Abstract
Two high-severity vulnerabilities (CVE-2025-43864 and CVE-2025-43865) have been identified in the React Router library, affecting versions 7.0.0 to 7.5.1. Developers must update to version 7.5.2 immediately.GBHackers
April 28, 2025 – Vulnerabilities
NVIDIA Riva Vulnerabilities Leave AI-Powered Speech and Translation Services at Risk Full Text
Abstract
Trend Micro Research identified two vulnerabilities (CVE-2025-23242 and CVE-2025-23243) in NVIDIA Riva deployments, exposing AI-powered speech and translation services to unauthorized access, resource abuse, and intellectual property theft.Trend Micro
April 28, 2025 – Vulnerabilities
PII Disclosure Full Text
Abstract
A critical vulnerability chain involving CORS misconfiguration, CSRF, and open redirect flaws was discovered, potentially exposing sensitive PII for approximately 170,000 users.Infosec Writeups
April 28, 2025 – Hacker
AgeoStealer: How Social Engineering Targets Gamers Full Text
Abstract
Instead of relying on traditional malware distribution channels, the threat actors behind AgeoStealer leverage a popular communication platform among gamers to directly contact victims to test their video game.Flash Point
April 28, 2025 – Ransomware
VerdaCrypt: The PowerShell Ransomware That Thinks It’s a Philosophy Professor Full Text
Abstract
VerdaCrypt is a sophisticated PowerShell-based ransomware that blends technical stealth with psychological manipulation. Active since April 2025, it operates filelessly and delivers ransom notes filled with philosophical musings.Smith Brendan
April 26, 2025 – Vulnerabilities
Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers Full Text
Abstract
Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs.The Hacker News
April 26, 2025 – Breach
Interlock ransomware gang started leaking data allegedly stolen from leading kidney dialysis firm DaVita Full Text
Abstract
The group claimed the theft of 1510 GB of sensitive data, including patient records, insurance, and financial information. Interlock leaked DaVita’s alleged stolen files on their data leak site.Security Affairs
April 26, 2025 – APT
Operation SyncHole: Lazarus APT targets supply chains in South Korea Full Text
Abstract
The campaign has been active since at least November 2024, Lazarus Group is targeting South Korean organizations using watering hole tactics and exploiting software vulnerabilities.Security Affairs
April 26, 2025 – Breach
Data breach at Connecticut’s Yale New Haven Health affects over 5 million Full Text
Abstract
A data breach at Connecticut’s largest healthcare system Yale New Haven Health affects more than 5.5 million people, according to a legally required notice with the U.S. government’s health department.Tech Crunch
April 26, 2025 – Breach
Baltimore City Public Schools data breach affects over 31,000 people Full Text
Abstract
Baltimore City Public Schools notified tens of thousands of employees and students of a data breach following an incident in February when unknown attackers hacked into its network.Bleeping Computer
April 25, 2025 – Outage
M&S Shuts Down Online Orders Amid Ongoing Cyber Incident Full Text
Abstract
Marks & Spencer has paused taking online orders as the British retailer continues to tackle an ongoing cyber incident. It is unclear when these services will be restored.Infosecurity Magazine
April 25, 2025 – Ransomware
ELENOR-corp Ransomware Targets Healthcare Sector Full Text
Abstract
A new variant of the Mimic ransomware, named ELENOR-corp (v7.5), has been identified in targeted attacks against the healthcare sector. It has been deployed in a series of attacks on healthcare organizations, leveraging aggressive techniques.Infosecurity Magazine
April 25, 2025 – Malware
Chrome Extension Uses AI Engine to Act Without User Input Full Text
Abstract
Security researchers from ExtensionTotal have discovered a Chrome extension capable of interacting with local Model Context Protocol (MCP) servers without user permission or detection by Chrome’s security mechanisms.Infosecurity Magazine
April 25, 2025 – Criminals
How NFC-Enabled POS Terminals Facilitate Cybercriminal Money Laundering Chains Full Text
Abstract
Chinese cybercriminals are especially active in NFC-enabled fraud and are known for their well-established money laundering chains across multiple continents. They arrange for an NFC-enabled POS terminal and a merchant account linked to it.RESecurity
April 25, 2025 – Vulnerabilities
SonicWall security advisory (AV25-231) - Canadian Centre for Cyber Security Full Text
Abstract
SonicWall has released a security advisory (AV25-231), addressing a vulnerability affecting multiple SonicOS Gen7 and TZ series firewall products. Timely updates are essential to maintain network integrity and prevent unauthorized access.Canadian Centre for Cyber Security
April 24, 2025 – Business
Push Security raises $30M to expand browser-based identity threat detection Full Text
Abstract
Identity security company Push Security Ltd. announced today that it has raised $30 million. The Series B funding round was led by Redpoint Ventures, with Datadog Ventures also participating.Silicon Angle
April 24, 2025 – Phishing
Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals Full Text
Abstract
The Darcula phishing-as-a-service (PhaaS) platform has introduced generative AI (GenAI) capabilities, significantly enhancing its accessibility and effectiveness for cybercriminals.The Hacker News
April 24, 2025 – Outage
Cyberattack hits drinking water supplier in Spanish town near Barcelona Full Text
Abstract
Aigües de Mataró, the municipal water utility serving the town of Mataró in Catalonia, Spain, has confirmed a cyberattack that disrupted its corporate IT systems and website.The Record
April 24, 2025 – Vulnerabilities
Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely Full Text
Abstract
A critical vulnerability (CVE-2025-34028) in Commvault Command Center Innovation Release (versions 11.38.0 through 11.38.19) allows unauthenticated remote attackers to execute arbitrary code.The Hacker News
April 24, 2025 – Vulnerabilities
Linux ‘io_uring’ security blindspot allows stealthy rootkit attacks Full Text
Abstract
A critical security blind spot in the Linux kernel's io_uring interface enables stealthy rootkit attacks that bypass traditional runtime security tools. The io_uring interface supports 61 operation types.Bleeping Computer
April 24, 2025 – Vulnerabilities
Redis DoS Flaw Allows Attackers to Crash Servers or Drain Memory Full Text
Abstract
A high-severity DoS vulnerability in Redis, tracked as CVE-2025-21605, allows unauthenticated attackers to crash servers or exhaust memory by exploiting unlimited client output buffers. Redis versions 2.6 and above are affected.GBHackers
April 24, 2025 – General
9X Surge in Ivanti Connect Secure Scanning Activity Full Text
Abstract
A dramatic surge in reconnaissance activity has been detected targeting ICS and Pulse Secure VPN systems. GreyNoise reported a nine-fold increase in scanning activity, with over 1,000 unique IPs involved in the past 90 days.Grey Noise
April 24, 2025 – Vulnerabilities
SonicWall SSLVPN Flaw Allows Hackers to Crash Firewalls Remotely Full Text
Abstract
SonicWall has disclosed a high-severity vulnerability (CVE-2025-32818) in its SSLVPN Virtual Office interface that allows unauthenticated attackers to remotely crash firewalls, causing denial-of-service (DoS) and widespread network disruptions.GBHackers
April 24, 2025 – Vulnerabilities
BBOT 2.1.0 - Local Privilege Escalation via Malicious Module Execution Full Text
Abstract
A local privilege escalation vulnerability has been identified in BBOT version 2.1.0. When configured with sudo access, BBOT can be exploited to execute malicious Python modules, allowing attackers to escalate privileges and gain root access.Seclists
April 24, 2025 – Malware
DslogdRAT Malware Installed in Ivanti Connect Secure - JPCERT/CC Eyes Full Text
Abstract
A new malware, DslogdRAT, was deployed via a zero-day vulnerability in Ivanti Connect Secure during targeted attacks in Japan. The malware was installed using a Perl-based CGI web shell and exhibits advanced command-and-control capabilities.JPCert
April 23, 2025 – Breach
Blue Shield of California leaked health data of 4.7 million members to Google Full Text
Abstract
Blue Shield of California disclosed it suffered a data breach after exposing protected health information of 4.7 million members to Google's analytics and advertisement platforms.Bleeping Computer
April 23, 2025 – Ransomware
Ransomware groups test new business models to hit more victims, increase profits Full Text
Abstract
DragonForce and Anubis are attempting to entice hackers to come and work with them by adopting affiliate models that would increase the volume of incidents their services can be used in.The Record
April 23, 2025 – APT
Russian APT Gamaredon targets Ukraine with new LNK Full Text
Abstract
Security researchers have uncovered a new campaign by the Russian-affiliated APT group Gamaredon, leveraging the PteroLNK variant of the Pterodo malware family to target Ukrainian military, government, and infrastructure sectors.SC World
April 23, 2025 – Vulnerabilities
Synology Network File System Vulnerability Allows Unauthorized File Access Full Text
Abstract
A critical vulnerability in Synology DiskStation Manager (DSM), tracked as CVE-2025-1021, allows unauthenticated remote attackers to access arbitrary files via the NFS service.GBHackers
April 23, 2025 – Attack
Hackers Deploy New Malware Disguised as Networking Software Updates Full Text
Abstract
A sophisticated backdoor campaign is actively targeting Russian government, financial, and industrial sectors by masquerading as legitimate ViPNet software updates. The malware leverages trusted update mechanisms to infiltrate systems.GBHackers
April 23, 2025 – APT
APT34 Hackers Use Port 8080 for Fake 404 Responses and Shared SSH Keys Full Text
Abstract
Researchers have identified dormant but potentially malicious infrastructure linked to the Iranian threat group APT34 (OilRig), known for targeting sectors such as education, government, energy, telecom, and NGOs.GBHackers
April 23, 2025 – Malware
AsyncRAT Abusing Python and TryCloudflare For Stealthy Malware Delivery Full Text
Abstract
A sophisticated malware campaign has been exploiting Cloudflare’s tunnel infrastructure since at least February 2024 to distribute multiple Remote Access Trojans (RATs), including AsyncRAT.GBHackers
April 23, 2025 – Breach
SK Telecom warns customer USIM data exposed in malware attack Full Text
Abstract
SK Telecom, South Korea’s largest mobile network operator, has disclosed a malware attack that compromised sensitive USIM-related customer data. The malware enabled access to USIM data, which typically includes IMSI, MSISDN, etc.Bleeping Computer
April 23, 2025 – Vulnerabilities
Samsung One UI Vulnerability Leaks Sensitive Data in Plain Text With no expiration! Full Text
Abstract
A significant privacy vulnerability has been discovered in Samsung’s One UI clipboard history feature. The system stores all copied text—including passwords, 2FA codes, and personal data—in plain text indefinitely, without auto-expiry.GBHackers
April 23, 2025 – Education
Cookie-Bite: How Your Digital Crumbs Let Threat Actors Bypass MFA and Maintain Access to Cloud Environments Full Text
Abstract
A new proof-of-concept attack dubbed Cookie-Bite demonstrates how a malicious Chrome extension can steal Azure Entra ID session cookies to bypass multi-factor authentication (MFA) and maintain unauthorized access to Microsoft cloud services.Varonis
April 22, 2025 – Vulnerabilities
Critical Security Vulnerability Found in WordPress Plugin InstaWP Connect Full Text
Abstract
The vulnerability, identified as CVE-2025-2636, specifically impacts older versions of the plugin. Versions prior to 0.1.0.88 are at risk. This security flaw enables unauthorized attackers to remotely execute malicious PHP code on affected websites.The Cyber Express
April 22, 2025 – Business
AI security firm Pillar raises $9m to secure the future of enterprise software Full Text
Abstract
The $9 million seed funding round for Pillar Security was led by Shield Capital, with participation from Golden Ventures, Ground Up Ventures, and a group of strategic angel investors.FinTech
April 22, 2025 – General
Report: $40bn Southeast Asian Scam Sector Growing “Like a Cancer” Full Text
Abstract
The findings are revealed in a new report from the UN Office on Drugs and Crime (UNODC), Inflection Point: Global Implications of Scam Centres, Underground Banking and Illicit Online Marketplaces in Southeast Asia.InfoSecurity Magazine
April 22, 2025 – Vulnerabilities
PoC Released for Critical Unauthenticated Erlang/OTP RCE Vulnerability Full Text
Abstract
The flaw (CVSSv3 10.0) stems from improper handling of SSH protocol messages, enabling attackers to bypass authentication and send malicious payloads during the connection phase.GBHackers
April 22, 2025 – General
Researchers claim breakthrough in fight against AI’s frustrating security hole Full Text
Abstract
Google DeepMind has unveiled CaMeL (CApabilities for MachinE Learning), a new approach to stopping prompt-injection attacks that abandons the failed strategy of having AI models police themselves.ArsTechnica
April 22, 2025 – Vulnerabilities
Over 50k WordPress Sites at Takeover Risk Via Vulnerable Plugin Full Text
Abstract
Tracked as CVE-2025-3616 and carrying a CVSS score of 8.8, this flaw allows authenticated users — even those with mere subscriber-level access — to upload arbitrary files, including malicious PHP scripts, and execute them remotely.Security Online
April 22, 2025 – Malware
New Malware Mimics Cisco Webex to Target Users in-the-Wild Full Text
Abstract
According to researchers, the attack begins when victims are persuaded to click on malicious meeting links that exploit a vulnerability in Cisco Webex App’s custom URL parser.Cybersecurity News
April 22, 2025 – Vulnerabilities
Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation Full Text
Abstract
A newly discovered vulnerability in the Windows Update Stack, tracked as CVE-2025-21204, could enable attackers to execute arbitrary code and escalate privileges to SYSTEM level on targeted machines.GBHackers
April 22, 2025 – Phishing
Report: Microsoft Remains the Most Targeted Brand for Phishing Attacks in Q1 2025, Mastercard Makes a Comeback Full Text
Abstract
In Q1 2025, Microsoft maintained its position as the most targeted brand, accounting for 36% of all phishing attempts. Google surged to second place with 12%, while Apple remained in the top 3 with 8%.CXO Today
April 22, 2025 – Vulnerabilities
Critical CVE-2025-1976 Vulnerability in Brocade Fabric OS Actively Exploited Full Text
Abstract
A critical security vulnerability has been identified in Brocade Fabric OS, posing a significant risk to affected systems. The vulnerability could allow a local user with admin privileges to execute arbitrary code with full root privileges.Security Online
April 21, 2025 – Vulnerabilities
WordPress ad-fraud plugins generated 1.4 billion ad requests per day Full Text
Abstract
A large-scale ad fraud operation called 'Scallywag' is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests.Bleeping Computer
April 21, 2025 – Vulnerabilities
Hackers Bypassed Windows Defender Policies Using WinDbg Preview via Microsoft Store Full Text
Abstract
A newly documented technique reveals how attackers can exploit the WinDbg Preview debugger to bypass even the strictest Windows Defender Application Control (WDAC) policies.GBHackers
April 21, 2025 – Malware
Hackers Claim to Sell ‘Baldwin Killer’ Malware That Evades AV and EDR Full Text
Abstract
A notorious threat actor has allegedly begun selling “Baldwin Killer,” a sophisticated malware toolkit designed to bypass leading antivirus (AV) and endpoint detection and response (EDR) systems.GBHackers
April 21, 2025 – General
Japan warns of hundreds of millions of dollars in unauthorized trades from hacked accounts Full Text
Abstract
Japan’s FSA issued an urgent warning following a surge in unauthorized access and fraudulent trading activities targeting online brokerage accounts. The incident has resulted in hundreds of millions of dollars in unauthorized transactions.The Record
April 21, 2025 – Attack
Zoom has a remote control feature and crypto thieves are abusing it - Risky Business Media Full Text
Abstract
A newly uncovered campaign by the threat group ELUSIVE COMET exploits Zoom’s remote control feature to hijack victims’ systems. The attackers use social engineering tactics, impersonating Bloomberg Crypto.Risky
April 21, 2025 – Phishing
Cybercriminals Exploit Google OAuth Loophole to Evade Gmail Security Full Text
Abstract
A sophisticated phishing attack exploiting a loophole in Google’s OAuth infrastructure has surfaced, raising significant concerns about the security of Gmail users worldwide.GBHackers
April 21, 2025 – Malware
New Android malware steals your credit cards for NFC relay attacks Full Text
Abstract
A new malware-as-a-service (MaaS) platform named 'SuperCard X' has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data.Bleeping Computer
April 21, 2025 – Attack
Chinese Ghost Hackers Hit Hospitals And Factories In America And U.K. Full Text
Abstract
Ghost ransomware hackers strike in 70 countries. However, North America and the U.K. have been most attacked by the Ghost ransomware hackers. The campaigns are operated by a financially motivated group from China.Forbes
April 21, 2025 – Ransomware
FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE Full Text
Abstract
Researchers found that FOG ransomware is being distributed by cybercriminals trolling users by abusing the name of the Department of Government Efficiency (DOGE), or individuals connected to the government initiative.Trend Micro
April 21, 2025 – Criminals
SheByte PaaS Launches Subscription Service for Cybercriminals Full Text
Abstract
Launched in June 2024, SheByte has rapidly gained traction among cybercriminals by offering customizable phishing kits and a subscription model, signaling a durable presence in the threat landscape.GBHackers
April 19, 2025 – Malware
New payment-card scam involves a phone call, some malware and a personal tap Full Text
Abstract
A new fraud campaign tracked by Cleafy in Italy leverages Android malware, social engineering, and NFC technology to steal payment card data. The malware, dubbed SuperCard X, is part of a malware-as-a-service (MaaS) operation .The Record
April 19, 2025 – Vulnerabilities
ASUS warns of critical auth bypass flaw in routers using AiCloud Full Text
Abstract
ASUS has disclosed a critical authentication bypass vulnerability (CVE-2025-2492) affecting multiple router models with AiCloud enabled. The flaw allows remote attackers to execute unauthorized functions without authentication.Bleeping Computer
April 19, 2025 – Phishing
UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants Full Text
Abstract
A spear-phishing campaign attributed to Russian-speaking threat actors targeted the UK Ministry of Defence (MOD) in late 2024. The attackers deployed a RomCom malware variant known as Damascened Peacock.Talos Intelligence
April 19, 2025 – Malware
KeyPlug Malware Server Leak Exposes Fortinet Firewall and VPN Exploitation Tools Full Text
Abstract
Cybersecurity researchers uncovered a RedGolf/APT41 server inadvertently exposed for less than 24 hours, offering a rare glimpse into an active staging ground used by the threat actor.GBHackers
April 19, 2025 – Cryptocurrency
The Zoom attack you didn’t see coming Full Text
Abstract
A threat actor known as ELUSIVE COMET is exploiting Zoom’s remote control feature to deploy malware during fake podcast interviews. The attacker is targeting individuals in the cryptocurrency and DeFi sectors.HelpNet Security
April 19, 2025 – Government
FBI Warns of Scammers Impersonating the IC3 Full Text
Abstract
The FBI has issued a warning about a persistent fraud scheme in which scammers impersonate employees of the Internet Crime Complaint Center (IC3) to deceive and revictimize individuals, particularly those who have already suffered financial fraud.IC3
April 18, 2025 – Phishing
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States Full Text
Abstract
A widespread and ongoing SMS phishing (smishing) campaign has been targeting toll road users across eight U.S. states since mid-October 2024. The campaign impersonates electronic toll systems.The Hacker News
April 18, 2025 – Malware
npm Malware Targets Telegram Bot Developers with Persistent … Full Text
Abstract
A new supply chain attack has been uncovered targeting Telegram bot developers via typosquatted npm packages. These malicious packages mimic the legitimate `node-telegram-bot-api` library.Socket
April 18, 2025 – Attack
SCAMONOMICS THE DARK SIDE OF STOCK & CRYPTO INVESTMENTS IN INDIA Full Text
Abstract
A coordinated fraud campaign is targeting investors using fake investment platforms, impersonation tactics, and compromised legitimate websites. These schemes aim to steal financial data and defraud victims through social engineering.Cyfirma
April 18, 2025 – Criminals
Look out! CapCut copycats are on the prowl Full Text
Abstract
Cybercriminals are exploiting the popularity of AI-powered content creation tools by deploying fake websites that impersonate platforms like CapCut, Adobe Express, and Canva.WeLive Security
April 17, 2025 – Ransomware
Ghost Ransomware Targets Organizations Across 70+ Countries Full Text
Abstract
A new ransomware variant known as Ghost (also referred to as Cring) has emerged as a significant global threat. The FBI and CISA issued a joint advisory in February 2025 in response to the growing threat.GBHackers
April 17, 2025 – Breach
Proton66 Part 2: Compromised WordPress Pages and Malware Campaigns Full Text
Abstract
A recent surge in malicious activity has been observed originating from the Proton66 ASN. This activity includes mass scanning, credential brute forcing, and exploitation attempts. The observed activity is targeting organizations worldwide.Trust Wave
April 17, 2025 – Vulnerabilities
Model Context Protocol Flaw Allows Attackers to Compromise Victim Systems Full Text
Abstract
A critical vulnerability in the widely adopted Model Context Protocol (MCP), an open standard for integrating generative AI (GenAI) tools with external systems, has exposed organizations to risks of data theft, ransomware, and unauthorized access.GBHackers
April 17, 2025 – General
Network Edge Devices the Biggest Entry Point for Attacks on SMBs Full Text
Abstract
Compromised network edge devices accounted for initial compromise in 30% of incidents impacting small and medium-sized businesses (SMBs) in 2024. VPN exploitation alone was the most frequent compromise point across all cases, at 19%.Infosecurity Magazine
April 17, 2025 – Malware
Unmasking the new XorDDoS controller and infrastructure Full Text
Abstract
Cisco Talos observed an existing DDoS malware known as XorDDoS, continuing to spread globally between November 2023 and February 2025. A significant finding shows that over 70 percent of attacks using XorDDoS targeted the U.S.Talos
April 17, 2025 – General
Cyber threats against energy sector surge as global tensions mount Full Text
Abstract
Cyberattacks on the energy sector are rising due to geopolitical/tech factors. A July 2024 Sophos report found 67% of 275 surveyed energy/utility leaders experienced ransomware attacks in the last year.HelpNet Security
April 17, 2025 – Government
CISA warns of increased breach risks following Oracle Cloud leak Full Text
Abstract
On Wednesday, CISA warned of heightened breach risks after the compromise of legacy Oracle Cloud servers earlier this year and highlighted the significant threat to enterprise networks.Bleeping Computer
April 17, 2025 – General
Around the World in 90 Days: State-Sponsored Actors Try ClickFix Full Text
Abstract
Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over three months from late 2024 through the beginning of 2025.Proof Point
April 17, 2025 – Malware
Inside Gamaredon’s PteroLNK: Dead Drop Resolvers and evasive Infrastructure Full Text
Abstract
Researchers unearthed the PteroLNK variant used by the Russian-nexus threat group, Gamaredon. The group targets Ukrainian entities, focusing on government, military, and critical infrastructure sectors.Harfang Lab
April 17, 2025 – Breach
Harvest Ransomware Attack: Stolen Data Now Publicly Disclosed Full Text
Abstract
French fintech leader Harvest SAS has become the latest high-profile victim of a sophisticated ransomware attack, culminating this week in the public release of a trove of sensitive stolen data.GBHackers
April 16, 2025 – APT
Mustang Panda: PAKLOG, CorKLOG, and SplatCloak Full Text
Abstract
Mustang Panda, a China-linked APT group, has expanded its malware arsenal with PAKLOG and CorKLOG and an EDR evasion driver named SplatCloak. The malware is delivered via RAR archives containing legitimate signed binaries and malicious DLLs.ZScalar
April 16, 2025 – Vulnerabilities
CVE-2025-24054: Actively Exploited NTLM Hash Disclosure Vulnerability Full Text
Abstract
Check Point Research has issued a warning over the active exploitation of a newly disclosed vulnerability—CVE-2025-24054—that allows attackers to leak NTLMv2-SSP hashes through specially crafted .library-ms files.Security Online
April 16, 2025 – Phishing
North Korean Hackers Targeted Nearly 18,000 in Phishing Campaign During Martial Law Turmoil Full Text
Abstract
North Korean hackers sent more than 120,000 phishing emails to nearly 18,000 individuals over a three-month campaign that impersonated South Korea’s Military Counterintelligence Command’s communication during the Martial Law turmoil.The Cyber Express
April 16, 2025 – Hacker
Hacktivist Group Becomes More Sophisticated, Targets Critical Infrastructure to Deploy Ransomware Full Text
Abstract
A recent report shed light on the evolving tactics of hacktivist groups, moving beyond traditional cyber disruptions like DDoS attacks and website defacements to engage in more advanced critical infrastructure attacks and ransomware operations.GBHackers
April 16, 2025 – Malware
Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users Full Text
Abstract
Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024.The Hacker News
April 16, 2025 – Malware
New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks Full Text
Abstract
Researchers unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024.The Hacker News
April 16, 2025 – Phishing
Byte Bandits: How Fake PDF Converters Are Stealing More Than Just Your Documents Full Text
Abstract
A phishing campaign where threat actors mimicked the legit pdfcandy[.]com site to distribute malware. Users were tricked into running a PowerShell command, triggering the download of a ZIP payload containing ArechClient2.CloudSek
April 16, 2025 – Vulnerabilities
Microsoft warns of blue screen crashes caused by April updates Full Text
Abstract
Microsoft warned customers this week that their systems might crash with a blue screen error caused by a secure kernel fatal error after installing Windows updates released since March.Bleeping Computer
April 16, 2025 – Malware
Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders Full Text
Abstract
Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that's designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens.The Hacker News
April 16, 2025 – Vulnerabilities
Firefox Fixes High-Severity Vulnerability Causing Memory Corruption via Race Condition Full Text
Abstract
Mozilla has released Firefox 137.0.2, addressing a high-severity security flaw that could potentially allow attackers to exploit memory corruption. The patched vulnerability, CVE-2025-3608, was found in the nsHttpTransaction component of Firefox.GBHackers
April 15, 2025 – Phishing
China-based SMS Phishing Triad Pivots to Banks – Krebs on Security Full Text
Abstract
China-based SMS phishing group “Smishing Triad” is now converting stolen payment card data into Apple and Google mobile wallets. Previously, they impersonated toll road and shipping firms.Kreb On Security
April 15, 2025 – Attack
Hackers Use Microsoft Teams Chats to Deliver Malware to Windows PCs Full Text
Abstract
A sophisticated cyberattack campaign has emerged, leveraging Microsoft Teams chats to infiltrate Windows PCs with malware, according to a recent report by cybersecurity firm ReliaQuest.GBHackers
April 15, 2025 – Vulnerabilities
Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence Full Text
Abstract
A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change.The Hacker News
April 15, 2025 – Breach
Ransomware gang says it hacked the Oregon Department of Environmental Quality Full Text
Abstract
The Oregon DEQ said it was investigating a cyber attack on its enterprise information services that forced the department to shut down its email system, computer workstations, help desk, and vehicle inspection stations.CompariTech
April 15, 2025 – Malware
PasivRobber Malware Emerges, Targeting macOS to Steal Data From Systems and Apps Full Text
Abstract
Identified on March 13, 2025, after a suspicious file named “wsus” was uploaded to VirusTotal, PasivRobber is a multi-component threat designed to steal a wide range of data from infected systems and popular applications.GBHackers
April 15, 2025 – Vulnerabilities
Australian Businesses at Risk as Threat Actors Exploit Fortinet Vulnerabilities Full Text
Abstract
Australian organizations using Fortinet products are being urged to take immediate action following a new advisory highlighting the active exploitation of previously known vulnerabilities.The Cyber Express
April 15, 2025 – Malware
Unmasking Xworm Payload Execution Path through Jailbreaking a Malicious JScript Loader Full Text
Abstract
Security researchers are analyzing a sophisticated malware delivery mechanism that uses a JScript loader to deploy different payloads based on the victim’s geographic location.GBHackers
April 15, 2025 – Malware
TROX Stealer: A deep dive into a new Malware as a Service (MaaS) attack campaign Full Text
Abstract
TROX Stealer, first seen by Sublime Security in December 2024, appears to be an obscure and undocumented information stealer with capabilities to exfiltrate sensitive data.Sublime
April 15, 2025 – Vulnerabilities
Gladinet flaw CVE-2025-30406 actively exploited in the wild Full Text
Abstract
Security researchers at Huntress warn of attacks in the wild exploiting a critical vulnerability, tracked as CVE-2025-30406, in Gladinet CentreStack and Triofox software.Security Affairs
April 15, 2025 – Breach
Hertz disclosed a data breach following 2024 Cleo zero-day attack Full Text
Abstract
Car rental giant Hertz Corporation disclosed a data breach that impacted its Hertz, Thrifty, and Dollar brands. Threat actors gained access to customer data via Cleo zero-day exploits in late 2024.Security Affairs
April 11, 2025 – Breach
US lab testing provider exposed health data of 1.6 million people Full Text
Abstract
Laboratory Services Cooperative (LSC) has released a statement informing it suffered a data breach where hackers stole sensitive information of roughly 1.6 million people from its systems.Bleeping Computer
April 10, 2025 – Criminals
Moroccan Cybercrime Group Atlas Lion Hiding in Plain Sight During Attacks on Retailers Full Text
Abstract
The Atlas Lion group used stolen credentials to enroll its own virtual machines (VMs) into an organization’s cloud domain, according to researchers at cybersecurity firm Expel.The Record
April 10, 2025 – Malware
Atomic and Exodus Crypto Wallets Targeted in Malicious NPM Package Campaign Full Text
Abstract
The new NPM package, pdf-to-office, masquerades as a utility for converting PDF files to Word documents. Instead, it injects malicious code into cryptocurrency wallet software associated with Atomic Wallet and Exodus.Reversing Labs
April 10, 2025 – Phishing
Sapphire Werewolf Upgrades Arsenal With Amethyst Stealer Targeting Energy Firms Full Text
Abstract
Sapphire Werewolf has introduced a potent new weapon into its cyber arsenal, unveiling the latest iteration of the Amethyst stealer in a calculated phishing attack against an energy firm.GBHackers
April 10, 2025 – Ransomware
Emulating the Misleading CatB Ransomware Full Text
Abstract
CatB ransomware, also known as CatB99 or Baxtoy, emerged in late 2022 and has gained attention for its use of DLL hijacking via MSDTC to execute its payload. It is suspected to be a rebrand of Pandora ransomware.Attack IQ
April 10, 2025 – Attack
GOFFEE’s recent attacks: new tools and techniques Full Text
Abstract
GOFFEE continued to launch targeted attacks against organizations in Russia, utilizing PowerTaskel, a non-public Mythic agent written in PowerShell, and introducing a new implant that researchers dubbed “PowerModul”.Security List
April 10, 2025 – Vulnerabilities
Dell Addresses Security Vulnerabilities in PowerScale OneFS Full Text
Abstract
Dell has released a security advisory addressing multiple vulnerabilities in PowerScale OneFS, its scale-out network-attached storage operating system. The vulnerabilities could be exploited by malicious users to compromise affected systems.Security Online
April 10, 2025 – Vulnerabilities
SonicWall Patches Multiple Vulnerabilities in NetExtender VPN Client Full Text
Abstract
SonicWall has issued a security advisory disclosing three newly identified vulnerabilities in its NetExtender Windows client, a popular VPN tool used by organizations for secure remote access to internal networks.Security Online
April 10, 2025 – Botnet
AI-Powered AkiraBot Bypasses CAPTCHAs, Spams Websites At Scale Full Text
Abstract
AkiraBot is designed to post AI-generated spam messages in chats, comments, and contact forms, tailored to the targeted website’s content to promote dubious Search Engine Optimization (SEO) services such as Akira and ServicewrapGO..Sentinel One
April 10, 2025 – Vulnerabilities
SureTriggers Vulnerability Exposes 100,000+ WordPress Sites to Full Takeover Full Text
Abstract
A critical vulnerability in the popular WordPress automation plugin SureTriggers has exposed over 100,000 sites to the risk of unauthenticated administrative account creation, potentially allowing full site takeover.Security Online
April 8, 2025 – Vulnerabilities
TVT DVR Devices Under Siege as Massive Exploitation Attempts Expose Critical Flaw Full Text
Abstract
GreyNoise intelligence reports “a significant spike 3 times that of typical activity in exploitation attempts against TVT NVMS9000 DVRs,” with the peak occurring on April 3rd, registering over 2,500 unique attacking IP addresses.Security Online
April 8, 2025 – Vulnerabilities
WhatsApp for Windows Spoofing Vulnerability Poses Code Execution Risk Full Text
Abstract
A security advisory from Facebook detailed a spoofing vulnerability (CVE-2025-30401) in WhatsApp for Windows, highlighting a potential risk where malicious actors could trick users into executing arbitrary code.Security Online
April 8, 2025 – Vulnerabilities
Critical BentoML Flaw Allows Full Remote Code Execution, Exploit Available Full Text
Abstract
The vulnerability, tracked as CVE-2025-27520 (CVSS 9.8), allows for remote code execution (RCE) and poses a significant risk to systems utilizing the affected versions of the library.Security Online
April 8, 2025 – Vulnerabilities
Pexip Issues Urgent Security Update to Address Critical Vulnerabilities Full Text
Abstract
The two high-severity vulnerabilities, tracked as CVE-2025-32095 and CVE-2025-30080, could allow a remote attacker to trigger a software abort, leading to a denial of service. Users are recommended to upgrade to Pexip Infinity v37.0 for the fixes.Security Online
April 8, 2025 – Criminals
EncryptHub’s Dual Life Between Cybercrime and Windows Bug Bounty Research Uncovered Full Text
Abstract
A new report by Outpost24 researchers linked the EncryptHub threat actor with SkorikARI, the account that reported CVE-2025-24061 and CVE-2025-24071, after they allegedly infected themselves and exposed their credentials.Bleeping Computer
April 8, 2025 – Vulnerabilities
PoC Exploit Released for Yelp Flaw Exposes SSH Keys on Ubuntu Systems Full Text
Abstract
A security vulnerability, identified as CVE-2025-3155, has been discovered in Yelp, the GNOME user help application that comes pre-installed on Ubuntu systems. The vulnerability involves the way Yelp handles the “ghelp://” URI scheme.Security Online
April 8, 2025 – Ransomware
Everest Ransomware’s Dark Web Leak Site Defaced, Now Offline Full Text
Abstract
The dark web leak site of the Everest ransomware gang was hacked over the weekend by an unknown attacker and is now offline. The Everest operation has since taken down its leak site.Bleeping Computer
April 8, 2025 – Vulnerabilities
Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities Full Text
Abstract
Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two flaws, CVE-2024-53150 (out-of-bounds read) and CVE-2024-53197 (privilege escalation), reside in the USB sub-component of Kernel.The Hacker News
April 8, 2025 – Attack
ToddyCat Group Abused Flaw in ESET Security Software to Plant Malicious DLLs Full Text
Abstract
During the campaign, the hackers exploited the ESET vulnerability (CVE-2024-11859) to load a new tool dubbed TCDSB onto victims' devices, disguising it as a legitimate DLL — a common file type in the Windows operating system.The Record
April 8, 2025 – Vulnerabilities
MediaTek’s April 2025 Security Bulletin Addresses Critical WLAN Vulnerability in Multiple Chipsets Full Text
Abstract
One of the most severe vulnerabilities highlighted in the bulletin is an out-of-bounds write in the WLAN service (CVE-2025-20654). This vulnerability could lead to remote code execution with no additional execution privileges needed.Security Online
April 7, 2025 – Vulnerabilities
Python JSON Logger Vulnerability Enables Remote Code Execution - PoC Released Full Text
Abstract
A recent security disclosure has revealed a remote code execution (RCE) vulnerability, CVE-2025-27607, in the Python JSON Logger package, affecting versions between 3.2.0 and 3.2.1.This vulnerability arises from a missing dependency.GBHackers
April 7, 2025 – Phishing
New Evasive Campaign Uses Fake CAPTCHAs to Deliver LegionLoader Full Text
Abstract
In this newly discovered campaign, the attackers use fake CAPTCHAs and CloudFlare Turnstile as part of their strategy to deliver the LegionLoader payload. The initial infection starts with a drive-by download when a victim searches for a document.Security Online
April 7, 2025 – Vulnerabilities
Critical pgAdmin Flaw Allows Remote Code Execution Full Text
Abstract
Notably, the flaw requires authentication, limiting immediate widespread exploitation. However, compromised accounts or phishing attacks could bypass this barrier. The pgAdmin team resolved the issue in version 9.2.GBHackers
April 7, 2025 – Phishing
E-ZPass toll payment texts return in massive phishing wave Full Text
Abstract
The messages embed links that, if clicked, take the victim to a phishing site impersonating E-ZPass, The Toll Roads, FasTrak, Florida Turnpike, or another toll authority that attempts to steal their personal information.Bleeping Computer
April 7, 2025 – Cryptocurrency
PoisonSeed Campaign: Uncovering a Web of Cryptocurrency and Email Provider Attacks Full Text
Abstract
This campaign involves a two-pronged approach: compromising CRM and bulk email providers and deploying a novel “crypto seed phrase” phishing attack.The PoisonSeed campaign has targeted a range of significant platforms.Security Online
April 5, 2025 – Malware
Lazarus Expands Contagious Interview Campaign With 11 New NPM Packages Containing Malware Loaders and Bitbucket Payloads Full Text
Abstract
These latest malware samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, signaling a variation in the threat actors’ obfuscation techniques.Socket
April 5, 2025 – Criminals
Smishing Triad is Now Targeting Toll Payment Services in a Massive Fraud Campaign Expansion Full Text
Abstract
The Smishing Triad group has been linked to a surge in smishing campaigns targeting the U.S. and the U.K. The fraudulent text messages claim unpaid toll bills or payment requests related to toll services like FasTrak, E-ZPass, and I-Pass.ReSecurity
April 5, 2025 – Breach
State Bar of Texas Confirms Data Breach, Begins Notifying Affected Consumers Full Text
Abstract
According to an official notice, the breach occurred between January 28, 2025, and February 9, 2025, during which an unauthorized actor gained access to sensitive information stored on the organization’s systems.GBHackers
April 5, 2025 – Criminals
Hunters International Dumps Ransomware, Goes Full-on Extortion Full Text
Abstract
The decision appears to come in the wake of international law enforcement operations over the past two years with names like Endgame, Morpheus, Cronos, and Magnus that disrupted the operations of cybercriminal groups.Security Boulevard
April 5, 2025 – Phishing
Threat Actors Leverage Tax Season To Deploy Tax-Themed Phishing Campaigns Full Text
Abstract
These campaigns lead to phishing pages delivered via the RaccoonO365 phishing-as-a-service (PhaaS) platform, remote access trojans (RATs) like Remcos, and other malware like Latrodectus, BruteRatel C4 (BRc4), AHKBot, and GuLoader.Microsoft
April 5, 2025 – Breach
Update: Port of Seattle Says 90,000 People Impacted in 2024 Ransomware Attack Full Text
Abstract
The Port of Seattle, which runs Seattle-Tacoma International Airport, several parks, container terminals, and other services, is sending breach notification letters to those affected, including about 71,000 people in Washington state.The Record
April 4, 2025 – Phishing
Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware Full Text
Abstract
These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection.The Hacker News
April 4, 2025 – Government
CISA, FBI, nations warn of fast flux DNS threat Full Text
Abstract
CISA, on Thursday urged organizations, internet service providers, and security firms to strengthen defenses against so-called fast flux attacks. Malicious cyber actors use fast flux to obfuscate the locations of malicious servers.The Register
April 4, 2025 – Breach
Australian Pension Funds Hacked Full Text
Abstract
Several major Australian pension funds have confirmed they were targeted in a coordinated hacking campaign that compromised thousands of customer accounts. REST Super revealed that about 20,000 people were affected.Security Online
April 4, 2025 – Vulnerabilities
OpenVPN Flaw Allows Attackers Crash Servers and Run Remote Code Full Text
Abstract
OpenVPN has patched a security vulnerability (CVE-2025-2704) that could potentially allow attackers to crash servers and execute remote code under certain conditions, with the flaw affecting specific server configurations.GBHackers
March 31, 2025 – Malware
Researchers Uncover the Shelby Malware Family Abusing GitHub for Command and Control Full Text
Abstract
Researchers found unused code and dynamic payload loading, hinting at the malware being under active development, indicating future updates may address any issues with contemporary versions.Elastic
March 31, 2025 – Malware
Python-based RAT Abuses Discord API to Execute Data Theft Attacks Full Text
Abstract
The Python-based Discord Remote Access Trojan (RAT) leverages Discord’s API as a C2 server to execute arbitrary system commands, steal sensitive information, capture screenshots, and manipulate both local machines and Discord servers.Cyfirma
March 31, 2025 – Attack
Russian Intelligence-backed Campaigns Impersonate the CIA to Target Ukraine Sympathizers, Russian Citizens, and Informants Full Text
Abstract
Silent Push Threat Analysts discovered a phishing campaign using website lures to gather information against Russian individuals sympathetic to defending Ukraine and willing to share sensitive information.Silent Push
March 31, 2025 – Malware
Python-based Triton RAT Found Targeting Roblox Credentials Full Text
Abstract
Cado Security Labs identified a Python Remote Access Tool (RAT) named Triton RAT. The open source RAT is available on GitHub and allows users to remotely access and control a system using Telegram.Cado Security
March 31, 2025 – Vulnerabilities
Canon Fixes Critical Printer Driver Flaw Full Text
Abstract
The vulnerability, identified as CVE-2025-1268, is described as an out-of-bounds vulnerability that “may prevent printing and/or potentially be able to execute arbitrary code when the print is processed by a malicious application“.Security Online
March 31, 2025 – Phishing
Lucid: The Rising Threat of Phishing-as-a-Service Full Text
Abstract
The end-to-end encryption in RCS and iMessage creates a blind spot, making network-level filtering ineffective. Threat actors also leverage visual trust indicators, such as blue bubbles in iMessage, to create a perception of legitimacy.Security Online
March 31, 2025 – Vulnerabilities
Dell Unity Hit by 9.8 CVSS Root-Level Command Injection Flaw Full Text
Abstract
Dell released an update for Unity OS version 5.4 and earlier, addressing a set of critical vulnerabilities that exposed the enterprise storage systems under Unity, UnityVSA, and Unity XT lines.Security Online
March 31, 2025 – Malware
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials Full Text
Abstract
As with other banking trojans of its kind, the malware is designed to facilitate device takeover (DTO) and ultimately conduct fraudulent transactions. An analysis of the source code and the debug messages revealed that the author is Turkish-speaking.The Hacker News
March 31, 2025 – Vulnerabilities
Mitel Addresses High Severity XSS Vulnerability in MiContact Center Business Full Text
Abstract
Mitel has issued a security advisory regarding a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2025-23092 (CVSS 7.1), in the Legacy Chat component of its MiContact Center Business software.Security Online
March 31, 2025 – Vulnerabilities
Critical Flaw Discovered in WordPress Plugin with 90,000+ Active Installs Full Text
Abstract
The vulnerability, tracked as CVE-2025-2294, is a Local File Inclusion (LFI) flaw present in the Kubio AI Page Builder plugin. This flaw affects all versions of the plugin up to and including 2.5.1.Security Online
March 29, 2025 – Government
CISA Warns of RESURGE Malware Exploiting Ivanti Vulnerability Full Text
Abstract
This new malware exhibits capabilities similar to the SPAWNCHIMERA variant, notably its ability to survive system reboots. However, RESURGE distinguishes itself through unique commands that enable it to alter its behavior.Security Online
March 29, 2025 – Vulnerabilities
New Ubuntu Linux Security Bypasses Require Manual Mitigations Full Text
Abstract
Three security bypasses have been discovered in Ubuntu Linux’s unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components.Bleeping Computer
March 29, 2025 – Malware
Stealthy Snake Keylogger Malware Targets Credentials in Sophisticated Attacks Full Text
Abstract
A new report from Seqrite Labs detailed a malicious campaign employing SnakeKeylogger, an info-stealing malware known for its advanced techniques and ability to evade detection.Security Online
March 29, 2025 – Government
CHOCO TEI WATCHER mini Devices Found Vulnerable to Critical Remote Exploits, CISA Warns Full Text
Abstract
The CISA has issued an advisory alerting organizations to multiple critical vulnerabilities affecting the CHOCO TEI WATCHER mini (IB-MCT001)—a device manufactured by Inaba Denki Sangyo Co., Ltd. for use in industrial and manufacturing environments.Security Online
March 28, 2025 – Phishing
Classiscam Scams Surge in Central Asia, Leveraging Telegram Bots Full Text
Abstract
These scams, which have evolved from simple fake ads to sophisticated operations using Telegram bots, are targeting online marketplaces and deceiving users into divulging their financial information.Security Online
March 28, 2025 – APT
APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware Full Text
Abstract
A Pakistan-linked APT group has been found creating a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country.The Hacker News
March 28, 2025 – Malware
PJobRAT Makes a Comeback, Takes Another Crack at Chat Apps Full Text
Abstract
In the latest campaign, Sophos X-Ops researchers found PJobRAT samples disguising themselves as instant messaging apps. As per their telemetry, all the victims appeared to be based in Taiwan.Sophos
March 28, 2025 – Vulnerabilities
Critical Severity Vulnerabilities in Ghostscript Put Users at Risk Full Text
Abstract
A series of security vulnerabilities has been identified in Artifex Ghostscript, a widely used interpreter for PostScript and PDF files. These vulnerabilities could lead to buffer overflows and unauthorized file access.Security Online
March 28, 2025 – Criminals
Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks Full Text
Abstract
A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of EDRKillShifter to disable endpoint security software, according to ESET.The Hacker News
March 28, 2025 – Breach
150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms Full Text
Abstract
The redirections have been found to occur via JavaScript hosted on five different domains (e.g., "zuizhongyj[.]com") that, in turn, serve the main payload responsible for performing the redirects.The Hacker News
March 27, 2025 – Vulnerabilities
Synology Mail Server Vulnerability Allows Remote Configuration Tampering Full Text
Abstract
“A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions,” according to Synology’s official advisory.Security Online
March 27, 2025 – Ransomware
RedCurl Threat Group Create QWCrypt Ransomware to Target Hyper-V Virtual Machines Full Text
Abstract
While most ransomware operations focus on VMware ESXi servers, RedCurl's new QWCrypt ransomware specifically targets virtual machines hosted on Hyper-V. Bitdefender observed attacks involving phishing emails with ".IMG" attachments disguised as CVs.Bleeping Computer
March 27, 2025 – Vulnerabilities
Millions of Web Applications at Risk Due to PoC Exploit Released for Vite Arbitrary File Read Flaw Full Text
Abstract
Vite, the frontend build tool that powers millions of modern web applications, has been found vulnerable to a file access control bypass flaw that could expose arbitrary file contents to the browser.Security Online
March 27, 2025 – Malware
Malware Found on npm Infecting Local Package With Reverse Shell Full Text
Abstract
In March, two harmful packages called ethers-provider2 and ethers-providerz were added to npm. They hid their malicious payload and modified the legitimate npm package ethers, which led to a reverse shell.Reversing Labs
March 27, 2025 – Vulnerabilities
RCE and Data Leak Vulnerabilities Patched in Splunk Enterprise and Splunk Cloud Platform Full Text
Abstract
CVE-2025-20229 allows low-privileged users to execute arbitrary code remotely by uploading malicious files. The second flaw, CVE-2025-20231, affects the Splunk Secure Gateway App and leads to the exposure of user session and authorization tokens.Security Online
March 27, 2025 – Criminals
BlackLock Ransomware Operation Disrupted by Cybersecurity Firm Full Text
Abstract
Resecurity discovered a local file inclusion flaw in the data leak site used by BlackLock Ransomware, allowing them to uncover clearnet IP addresses and other details about the cybercriminals' network, aiding in the investigation and disruption.Security Affairs
March 27, 2025 – Vulnerabilities
Synapse Servers at Risk Due to Zero-Day DoS Flaw Exploited in the Wild Full Text
Abstract
A critical zero-day vulnerability has been discovered in Synapse, an open-source Matrix homeserver implementation. This flaw is actively being exploited in the wild and can lead to a denial-of-service condition.Security Online
March 27, 2025 – Malware
MacOS Malware ReaderUpdate Adds New Variants Written in Crystal, Nim, Rust, and Go Full Text
Abstract
The ReaderUpdate malware, which previously went relatively unnoticed, now includes variants written in Crystal, Nim, Rust, and most recently, Go, in addition to the original compiled Python binary.Sentinel One
March 27, 2025 – Vulnerabilities
Use-After-Free Vulnerability in Exim Exposes Systems to Privilege Escalation Full Text
Abstract
The use-after-free vulnerability can be exploited to achieve privilege escalation. This could allow an attacker to gain unauthorized access to system resources and execute arbitrary commands with elevated privileges.Security Online
March 27, 2025 – Attack
New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations Full Text
Abstract
The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad.The Hacker News
March 26, 2025 – Vulnerabilities
New Windows Zero-Day Leaks NTLM Hashes, Gets Unofficial Patch Full Text
Abstract
Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer.Bleeping Computer
March 26, 2025 – Vulnerabilities
Apache VCL Hit by SQL Injection and XSS Vulnerabilities Full Text
Abstract
Recent advisories revealed two vulnerabilities (CVE-2024-53678 and CVE-2024-53679) in Apache VCL, a widely-used open-source cloud computing platform designed to deliver custom computing environments.Security Online
March 26, 2025 – Malware
Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on Over 140 Platforms Full Text
Abstract
Atlantis AIO offers threat actors the ability to launch credential stuffing attacks at scale via pre-configured modules for targeting a range of platforms and cloud-based services, thereby facilitating fraud, data theft, and account takeovers.The Hacker News
March 26, 2025 – Criminals
Researchers Uncover Nearly 200 Unique C2 Domains Linked to Raspberry Robin Access Broker Full Text
Abstract
"Raspberry Robin (also known as Roshtyak or Storm-0856) is a complex and evolving threat actor that provides initial access broker (IAB) services to numerous criminal groups, many of which have connections to Russia," Silent Push said in a report.The Hacker News
March 26, 2025 – Vulnerabilities
CrushFTP Warns Users to Patch Unauthenticated Access Flaw Immediately Full Text
Abstract
CrushFTP warned customers of an unauthenticated HTTP(S) port access vulnerability and urged them to patch their servers immediately. The vulnerability is mitigated if the DMZ feature of CrushFTP is enabled.Bleeping Computer
March 26, 2025 – Vulnerabilities
NetApp SnapCenter Users at Risk Due to CVSS 9.9 Privilege Escalation Vulnerability Full Text
Abstract
A high-severity security vulnerability has been discovered in NetApp SnapCenter, posing a significant risk to systems utilizing this platform. NetApp has released a security advisory detailing the issue and urging users to take immediate action.Security Online
March 26, 2025 – Attack
Browser-in-the-Browser Attacks Target CS2 Players’ Steam Accounts Full Text
Abstract
This phishing technique creates fake browser windows within real browser windows (Browser in the Browser) to create login pages or other realistic forms to steal users' credentials or one-time MFA passcodes (OTP).Bleeping Computer
March 26, 2025 – Vulnerabilities
Critical Authentication Bypass Flaw Impacts VMware Tools for Windows Full Text
Abstract
The vulnerability is due to improper access control. Low-privileged local attackers can exploit this vulnerability in simple attacks without user interaction to escalate privileges on vulnerable VMs.Security Affairs
March 26, 2025 – Vulnerabilities
Critical RCE Flaw Found in MoxieManager Full Text
Abstract
Tiny Technologies recently issued a security advisory regarding a critical vulnerability discovered in MoxieManager, a file and media management solution popular for its integration into PHP and .NET environments.Security Online
March 26, 2025 – Vulnerabilities
EncryptHub Linked to MMC Zero-Day Attacks on Windows Systems Full Text
Abstract
Attackers can leverage the vulnerability to evade Windows file reputation protections and execute code because the user is not warned before loading unexpected MSC files on unpatched devices.Bleeping Computer
March 25, 2025 – Phishing
Phishing Emails Distribute GuLoader by Impersonating an International Shipping Company Full Text
Abstract
The emails demand users open attachments that combine VBScript with PowerShell scripts, downloading files from external sources like planachiever.au and tripplebanks.duckdns.org.AhnLab
March 25, 2025 – Malware
New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI Full Text
Abstract
The McAfee Mobile Research Team discovered malware campaigns abusing .NET MAUI, a cross-platform development framework, to evade detection. These threats disguise themselves as legitimate apps, targeting users to steal sensitive information.March 25, 2025 – Malware
Rilide Stealer Disguises as a Browser Extension to Steal Crypto Full Text
Abstract
Pulsedive Threat Research identified multiple delivery mechanisms used to distribute Rilide. Phishing websites are the most common method, but newer versions have been adapted to work with Chrome Extension Manifest V3.Security Online
March 25, 2025 – Vulnerabilities
Update: Public Exploit Released for Linux Kernel Privilege Escalation Bug Full Text
Abstract
The vulnerability, tracked as CVE-2025-0927, a heap overflow in the HFS+ file system implementation, could allow an attacker to escalate local privileges on affected systems.Security Online
March 25, 2025 – Attack
Cyberattack Hits Ukrainian State Railway, Disrupting Online Ticket Sales Full Text
Abstract
The attack disrupted online services, including the mobile app used for ticket purchases, but did not affect train schedules, Ukrzaliznytsia said. The railway operator is investigating the incident along with Ukraine’s security services.The Record
March 25, 2025 – APT
Chinese Weaver Ant Hackers Spied on Telco Network for Four Years Full Text
Abstract
A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers.Bleeping Computer
March 25, 2025 – Breach
Inside Hunters International Group: How a Retailer Became the Latest Ransomware Victim Full Text
Abstract
In February 2025, Hunters International exploited CVE-2024-55591 in FortiOS to breach a retailer. They used VPN access, deceptive accounts, Rclone, and WinSCP for data exfiltration before deploying Rust-based ransomware and disabling recovery.Security Online
March 25, 2025 – Criminals
Over 300 Arrested in International Crackdown on Cyber Scams Full Text
Abstract
Law enforcement agencies in seven African countries arrested over 300 suspected cybercriminals involved in mobile banking, investment and messaging app scams, according to a statement on Monday by Interpol.The Record
March 25, 2025 – Malware
AMOS Stealer Revamped to Serve as a Fully Undetected macOS Threat Full Text
Abstract
The malware is distributed via a DMG file named Installer_v2.7.8.dmg, leveraging a clever trick to bypass macOS Gatekeeper. Victims are instructed to right-click and select “Open,” sidestepping Apple’s verification mechanism.Security Online
March 25, 2025 – Vulnerabilities
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication Full Text
Abstract
After responsible disclosure, the vulnerabilities were fixed in Ingress NGINX Controller versions 1.12.1, 1.11.5, and 1.10.7. Users should update promptly and secure the admission webhook endpoint from external exposure.The Hacker News
March 24, 2025 – Vulnerabilities
Critical Flaw in kcp Lets Attackers Manipulate Any Workspace Full Text
Abstract
The vulnerability, tracked as CVE-2025-29922 with a CVSS score of 9.6, allows for unauthorized creation and deletion of objects in arbitrary workspaces through the APIExport Virtual Workspace.Security Online
March 24, 2025 – Phishing
Fake Chat Used in Meta Business Account Phishing Full Text
Abstract
This phishing email warns recipients that their ad accounts have violated EU GDPR or Meta’s ad policies. They are encouraged to click a “Check More Details” button, which leads to a fake Meta page with a support chatbot.Security Online
March 24, 2025 – Ransomware
Babuk2 Ransomware Attempts Extortion Based on False Claims Full Text
Abstract
Babuk2, aka Babuk-Bjorka, appears to be reusing data from earlier breaches to back up its extortion claims. Many of the victims listed in their announcements have already been targeted by other groups such as RansomHub, FunkSec, LockBit, and Babuk.Halcyon
March 24, 2025 – Vulnerabilities
Nuxt Users Warned of Cache Poisoning Attacks Due to High-Severity Flaw Full Text
Abstract
Tracked as CVE-2025-27415 and scored 7.5 on the CVSS scale, this vulnerability affects Nuxt versions 3.0.0 up to but not including 3.16.0. The issue lies in how Nuxt handles certain HTTP requests.Security Online
March 24, 2025 – Malware
Microsoft Trusted Signing service abused to code-sign malware Full Text
Abstract
Signed malware has the advantage of potentially bypassing security filters that would normally block unsigned executable files, or at least treat them with less suspicion.Bleeping Computer
March 24, 2025 – Attack
Cybercriminals Exploit Check Point Driver Flaws in Malicious Campaign Full Text
Abstract
A security researcher found that a component of Check Point’s ZoneAlarm antivirus software is being exploited by threat actors in malicious campaigns to bypass Windows security measures.Infosecurity Magazine
March 24, 2025 – Vulnerabilities
Next.js Patches a Critical Authorization Bypass Flaw Full Text
Abstract
By abusing the flaw, malicious actors could gain unauthorized access to protected resources and functionalities within applications relying on Next.js middleware for authentication and authorization.Security Online
March 24, 2025 – Ransomware
VanHelsing, new RaaS in Town - Check Point Research Full Text
Abstract
In recent weeks, a new and rapidly expanding ransomware-as-a-service (RaaS) program called VanHelsingRaaS has been making waves in the cybercrime world, having infected three victims within just two weeks of its introduction.CheckPoint
March 24, 2025 – General
Report: Rooted Devices 250 Times More Vulnerable to Compromise Full Text
Abstract
A new analysis of mobile security threats by Zimperium has revealed that rooted and jailbroken devices are 250 times more vulnerable to system compromise incidents than standard devices.Infosecurity Magazine
March 24, 2025 – Breach
Update: Coinbase was the Primary Target of Recent Github Actions Breaches Full Text
Abstract
Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories.Bleeping Computer
March 22, 2025 – Ransomware
Albabat Ransomware Evolves to Target Linux and macOS Full Text
Abstract
Trend Micro researchers said the Albabat ransomware version 2.0 not only targets Microsoft Windows but also gathers system and hardware information on Linux and macOS systems.Infosecurity Magazine
March 22, 2025 – Vulnerabilities
Critical Security Flaw in ArcGIS Enterprise Exposes Admin Accounts to Remote Takeover Full Text
Abstract
The vulnerability, tracked as CVE-2025-2538, carries a CVSS score of 9.8, marking it as a critical severity issue. It specifically affects certain deployments of Portal for ArcGIS, a core component in the ArcGIS Enterprise ecosystem.Security Online
March 22, 2025 – APT
Chinese APT Aquatic Panda Conducted Global Espionage Campaign Affecting Seven Targets Using Five Malware Families Full Text
Abstract
The targeted entities include governments, catholic charities, non-governmental organizations (NGOs), and think tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States.The Hacker News
March 22, 2025 – Malware
Steam Pulls Game Demo Infecting Windows With Info-Stealing Malware Full Text
Abstract
Valve has removed from its Steam store the game title 'Sniper: Phantom's Resolution' following multiple users reporting that the demo installer infected their systems with information stealing malware.Bleeping Computer
March 22, 2025 – Ransomware
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates Full Text
Abstract
Researchers at Elastic Security Labs observed a Medusa ransomware attack that delivered the encryptor by means of a loader packed using a packer-as-a-service (PaaS) called HeartCrypt.The Hacker News
March 22, 2025 – Hacker
Dragon RaaS: Pro-Russian Hacktivist Group Walks the Razor’s Edge Between Cybercrime and Propaganda Full Text
Abstract
Known as Dragon RaaS, or simply Dragon Team, this emerging group blends political hacktivism with opportunistic cybercrime — all while operating under the shadowy umbrella of “The Five Families” cybercrime syndicate.Security Online
March 22, 2025 – Phishing
Fake Semrush Ads Used to Steal SEO Professionals’ Google Accounts Full Text
Abstract
In this latest case of "cascading fraud," the cybercriminals abuse the Semrush brand, a popular software-as-a-service (SaaS) platform used for SEO, online advertising, content marketing, and competitive research.Bleeping Computer
March 21, 2025 – Vulnerabilities
WordPress security plugin WP Ghost vulnerable to remote code execution bug Full Text
Abstract
The flaw, tracked as CVE-2025-26909, impacts all versions of WP Ghost up to 5.4.01 and stems from insufficient input validation in the 'showFile()' function. Exploitation could allow attackers to include arbitrary files via manipulated URL paths.Bleeping Computer
March 21, 2025 – Ransomware
VSCode Extensions Found Downloading Early-Stage Ransomware Full Text
Abstract
The two malicious extensions, named "ahban.shiba" and "ahban.cychelloworld," were downloaded seven and eight times, respectively, before they were eventually removed from the store.Bleeping Computer
March 21, 2025 – Hacker
Chinese Threat Actor UAT-5918 Targets Critical Infrastructure Entities in Taiwan Full Text
Abstract
Typical tooling used by UAT-5918 includes networking tools such as FRPC, FScan, In-Swor, Earthworm, and Neo-reGeorg. Credential harvesting is accomplished by dumping registry hives, NTDS, and using tools such as Mimikatz and browser data stealers.Talos
March 20, 2025 – Government
CISA Warns of Three Actively Exploited Security Vulnerabilities in IoT, Backup, and Enterprise Systems Full Text
Abstract
CISA reported three actively exploited vulnerabilities: a critical Edimax IP camera flaw (CVE-2025-1316) enabling botnet attacks, a NAKIVO backup issue (CVE-2024-48248) exposing data, and an SAP NetWeaver flaw (CVE-2017-12637) allowing file access.Security Online
March 20, 2025 – Malware
New Arcane Info-stealer Infects YouTube, Discord Users via Game Cheats Full Text
Abstract
The campaign distributing Arcane Stealer relies on YouTube videos promoting game cheats and cracks, tricking users into following a link to download a password-protected archive.Bleeping Computer
March 20, 2025 – Vulnerabilities
Multiple Vulnerabilities Patched in Dell SmartFabric OS10 Software Full Text
Abstract
The vulnerabilities, affecting version 10.5.6.x, could allow attackers to perform various malicious activities, including elevation of privileges, unauthorized access, code execution, and server-side request forgery.Security Online
March 20, 2025 – Phishing
Malware Campaign ‘DollyWay’ Targeted 20,000 WordPress Sites Full Text
Abstract
According to GoDaddy researcher Denis Sinegubko, DollyWay has been functioning as a large-scale scam redirection system in its latest version (v3). However, in the past, it has distributed more harmful payloads like ransomware and banking trojans.Bleeping Computer
March 20, 2025 – Vulnerabilities
Critical RCE Vulnerability Discovered in Veeam Backup & Replication Full Text
Abstract
While no public proof-of-concept (PoC) exploit has been released at the time of this publication, the large deployment footprint of Veeam Backup & Replication makes it an attractive target for attackers.Security Online
March 20, 2025 – Criminals
Leaked Black Basta Chats Suggest Russian Officials Aided Leader’s Escape from Armenia Full Text
Abstract
The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime gang and Russian authorities.The Hacker News
March 20, 2025 – Vulnerabilities
PoC Exploit Released for Windows Explorer Vulnerability Exposing NTLM Hashes Full Text
Abstract
A proof-of-concept (PoC) for the CVE-2025-24071 vulnerability is available on GitHub, and a Metasploit module for this flaw is also available. The flaw was addressed in the Microsoft Patch Tuesday this month.Security Online
March 20, 2025 – Attack
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners Full Text
Abstract
Bitdefender reported that hackers are exploiting a severe PHP flaw, CVE-2024-4577, on Windows CGI systems, deploying Quasar RAT and XMRig miners, with significant attacks in Taiwan, Hong Kong, and Brazil since late 2024.The Hacker News
March 19, 2025 – Vulnerabilities
Critical Flaws Expose SICK DL100 Devices to Code Execution and Password Hacks Full Text
Abstract
SICK strongly recommends operating the affected systems within a secure infrastructure to minimize risk. The advisory provides workarounds for each CVE, emphasizing the importance of applying general security practices.Security Online
March 19, 2025 – Vulnerabilities
Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems Full Text
Abstract
Organizations are recommended to apply the latest patches, enforce network segmentation by isolating SCADA systems from IT networks, enforce strong authentication, and monitor for suspicious activity.The Hacker News
March 19, 2025 – Government
CISA Warns of Critical Vulnerabilities in Sungrow iSolarCloud App and WiNet Firmware Full Text
Abstract
Sungrow has released updated firmware (WINET-SV200.001.00.P028 or higher) and advises all users to update the iSolarCloud Android App to the latest version immediately via their device’s app store.Security Online
March 19, 2025 – Malware
FIN7’s New Stealth Weapon, Anubis Backdoor, Emerges in the Wild Full Text
Abstract
The Anubis Backdoor is designed to provide attackers with full control over infected machines, employing evasion techniques to bypass traditional security measures. It allows attackers to execute remote shell commands and various system operations.Security Online
March 19, 2025 – Vulnerabilities
Stack Overflow Flaw Threatens Patient Data in PACS Servers, PoC Published Full Text
Abstract
Users of Sante PACS Server are strongly advised to upgrade to version 4.2.0 or later to patch these critical security flaws and protect their systems from potential attacks.Security Online
March 19, 2025 – Hacker
Indonesian Hacking Collective INDOHAXSEC Uncovered Full Text
Abstract
Throughout the last couple of months, the hacktivist group has conducted cyberattacks such as DDoS and has carried out ransomware attacks against numerous entities and governmental bodies in Southeast Asia.Artic Wolf
March 19, 2025 – Vulnerabilities
Node.js Library xml-crypto Hit by Critical Security Flaws Full Text
Abstract
Successful exploitation of these vulnerabilities can allow attackers to bypass authentication or authorization mechanisms in systems that use xml-crypto to verify signed XML documents.Security Online
March 19, 2025 – Attack
Update: GitHub Action Hack Likely Led to Another in Cascading Supply Chain Attack Full Text
Abstract
A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that leaked CI/CD secrets.Bleeping Computer
March 19, 2025 – Vulnerabilities
Synology Patches Critical Code Execution Flaw in Multiple Products Full Text
Abstract
Synology updated its security advisories to disclose a critical security vulnerability affecting several products, including Synology BeeStation Manager (BSM), Synology DiskStation Manager (DSM), and Synology Unified Controller (DSMUC).Security Online
March 19, 2025 – Malware
New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors Full Text
Abstract
Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects AI-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code.The Hacker News
March 18, 2025 – Vulnerabilities
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 Full Text
Abstract
An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017.The Hacker News
March 18, 2025 – Vulnerabilities
Multiple Security Vulnerabilities Plague PHP, Exposing Applications to Risk Full Text
Abstract
Researchers reported multiple security flaws in PHP’s HTTP stream wrapper, exposing web applications to risks like information leaks, denial of service, and request smuggling.Security Online
March 18, 2025 – Attack
Attackers Exploit OpenAI ChatGPT Vulnerability in the Wild Full Text
Abstract
A server-side request forgery (SSRF) vulnerability in ChatGPT, tracked as CVE-2024-27564, has become a significant target for cybercriminals, with over 10,479 attack attempts recorded from a single malicious IP, according to Veriti’s latest research.Security Online
March 18, 2025 – Phishing
Large-Scale Malicious App Campaign Bypasses Android Security to Conduct Ad Fraud Full Text
Abstract
A large-scale ad fraud campaign has resulted in more than 60 million downloads of malicious Android apps from the Google Play Store, according to a new analysis by Bitdefender.Infosecurity Magazine
March 18, 2025 – Phishing
New Steganographic Campaign Found Distributing Multiple Malware Variants Full Text
Abstract
The campaign was found distributing Remcos and AsyncRAT via phishing emails with malicious Excel files. These exploit vulnerabilities, download disguised JPGs with encoded payloads, and use process hollowing to steal data and maintain control.Seqrite
March 18, 2025 – Phishing
Sophisticated Phishing Campaign Exploiting Microsoft 365 Infrastructure Full Text
Abstract
By leveraging legitimate Microsoft domains and tenant misconfigurations, attackers conduct Business Email Compromise (BEC) operations, tricking users to provide information while maintaining a high degree of legitimacy.Quardz
March 18, 2025 – Phishing
OctoV2 Android Banking Trojan Masquerades as Deepseek AI in Phishing Attack Full Text
Abstract
A new report from K7 Labs uncovered a sophisticated Android banking trojan campaign that is disguised as a popular AI chatbot to deceive users. The OctoV2 malware is being spread through deceptive websites that mimic Deepseek AI.Security Online
March 18, 2025 – Government
FBI Issues Warning Over Free Online File Converters That Actually Install Malware Full Text
Abstract
Instead of converting files, the tools actually load malware onto victims’ computers. The FBI warned specifically that the malware infection can also lead to ransomware attacks.Malware Bytes
March 18, 2025 – Malware
Microsoft Warns of New StilachiRAT Malware Used for Crypto Theft, Reconnaissance Full Text
Abstract
While the malware (dubbed StilachiRAT) hasn't yet reached widespread distribution, Microsoft says it decided to publicly share indicators of compromise and mitigation guidance to help network defenders detect this threat and reduce its impact.Bleeping Computer
March 18, 2025 – Business
Varonis Acquires Database Security Firm Cyral Full Text
Abstract
New York City-based Varonis said it has acquired Florida-headquartered Cyral, a next-generation database activity monitoring provider, to enhance its data security platform offerings.CRN