– layout: default title: Welcome nav_order: 1 description: “Just the Docs is a responsive Jekyll theme with built-in search that is easily customizable and hosted on GitHub Pages.” permalink: / —
Welcome to BSafes Library
BSafes library includes mobile-friendly cybersecurity publications.
News
April 24, 2025 – Business
Push Security raises $30M to expand browser-based identity threat detection Full Text
Abstract
Identity security company Push Security Ltd. announced today that it has raised $30 million. The Series B funding round was led by Redpoint Ventures, with Datadog Ventures also participating.Silicon Angle
April 24, 2025 – Phishing
Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals Full Text
Abstract
The Darcula phishing-as-a-service (PhaaS) platform has introduced generative AI (GenAI) capabilities, significantly enhancing its accessibility and effectiveness for cybercriminals.The Hacker News
April 24, 2025 – Outage
Cyberattack hits drinking water supplier in Spanish town near Barcelona Full Text
Abstract
Aigües de Mataró, the municipal water utility serving the town of Mataró in Catalonia, Spain, has confirmed a cyberattack that disrupted its corporate IT systems and website.The Record
April 24, 2025 – Vulnerabilities
Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely Full Text
Abstract
A critical vulnerability (CVE-2025-34028) in Commvault Command Center Innovation Release (versions 11.38.0 through 11.38.19) allows unauthenticated remote attackers to execute arbitrary code.The Hacker News
April 24, 2025 – Vulnerabilities
Linux ‘io_uring’ security blindspot allows stealthy rootkit attacks Full Text
Abstract
A critical security blind spot in the Linux kernel's io_uring interface enables stealthy rootkit attacks that bypass traditional runtime security tools. The io_uring interface supports 61 operation types.Bleeping Computer
April 24, 2025 – Vulnerabilities
Redis DoS Flaw Allows Attackers to Crash Servers or Drain Memory Full Text
Abstract
A high-severity DoS vulnerability in Redis, tracked as CVE-2025-21605, allows unauthenticated attackers to crash servers or exhaust memory by exploiting unlimited client output buffers. Redis versions 2.6 and above are affected.GBHackers
April 24, 2025 – General
9X Surge in Ivanti Connect Secure Scanning Activity Full Text
Abstract
A dramatic surge in reconnaissance activity has been detected targeting ICS and Pulse Secure VPN systems. GreyNoise reported a nine-fold increase in scanning activity, with over 1,000 unique IPs involved in the past 90 days.Grey Noise
April 24, 2025 – Vulnerabilities
SonicWall SSLVPN Flaw Allows Hackers to Crash Firewalls Remotely Full Text
Abstract
SonicWall has disclosed a high-severity vulnerability (CVE-2025-32818) in its SSLVPN Virtual Office interface that allows unauthenticated attackers to remotely crash firewalls, causing denial-of-service (DoS) and widespread network disruptions.GBHackers
April 24, 2025 – Vulnerabilities
BBOT 2.1.0 - Local Privilege Escalation via Malicious Module Execution Full Text
Abstract
A local privilege escalation vulnerability has been identified in BBOT version 2.1.0. When configured with sudo access, BBOT can be exploited to execute malicious Python modules, allowing attackers to escalate privileges and gain root access.Seclists
April 24, 2025 – Malware
DslogdRAT Malware Installed in Ivanti Connect Secure - JPCERT/CC Eyes Full Text
Abstract
A new malware, DslogdRAT, was deployed via a zero-day vulnerability in Ivanti Connect Secure during targeted attacks in Japan. The malware was installed using a Perl-based CGI web shell and exhibits advanced command-and-control capabilities.JPCert
April 23, 2025 – Breach
Blue Shield of California leaked health data of 4.7 million members to Google Full Text
Abstract
Blue Shield of California disclosed it suffered a data breach after exposing protected health information of 4.7 million members to Google's analytics and advertisement platforms.Bleeping Computer
April 23, 2025 – Ransomware
Ransomware groups test new business models to hit more victims, increase profits Full Text
Abstract
DragonForce and Anubis are attempting to entice hackers to come and work with them by adopting affiliate models that would increase the volume of incidents their services can be used in.The Record
April 23, 2025 – APT
Russian APT Gamaredon targets Ukraine with new LNK Full Text
Abstract
Security researchers have uncovered a new campaign by the Russian-affiliated APT group Gamaredon, leveraging the PteroLNK variant of the Pterodo malware family to target Ukrainian military, government, and infrastructure sectors.SC World
April 23, 2025 – Vulnerabilities
Synology Network File System Vulnerability Allows Unauthorized File Access Full Text
Abstract
A critical vulnerability in Synology DiskStation Manager (DSM), tracked as CVE-2025-1021, allows unauthenticated remote attackers to access arbitrary files via the NFS service.GBHackers
April 23, 2025 – Attack
Hackers Deploy New Malware Disguised as Networking Software Updates Full Text
Abstract
A sophisticated backdoor campaign is actively targeting Russian government, financial, and industrial sectors by masquerading as legitimate ViPNet software updates. The malware leverages trusted update mechanisms to infiltrate systems.GBHackers
April 23, 2025 – APT
APT34 Hackers Use Port 8080 for Fake 404 Responses and Shared SSH Keys Full Text
Abstract
Researchers have identified dormant but potentially malicious infrastructure linked to the Iranian threat group APT34 (OilRig), known for targeting sectors such as education, government, energy, telecom, and NGOs.GBHackers
April 23, 2025 – Malware
AsyncRAT Abusing Python and TryCloudflare For Stealthy Malware Delivery Full Text
Abstract
A sophisticated malware campaign has been exploiting Cloudflare’s tunnel infrastructure since at least February 2024 to distribute multiple Remote Access Trojans (RATs), including AsyncRAT.GBHackers
April 23, 2025 – Breach
SK Telecom warns customer USIM data exposed in malware attack Full Text
Abstract
SK Telecom, South Korea’s largest mobile network operator, has disclosed a malware attack that compromised sensitive USIM-related customer data. The malware enabled access to USIM data, which typically includes IMSI, MSISDN, etc.Bleeping Computer
April 23, 2025 – Vulnerabilities
Samsung One UI Vulnerability Leaks Sensitive Data in Plain Text With no expiration! Full Text
Abstract
A significant privacy vulnerability has been discovered in Samsung’s One UI clipboard history feature. The system stores all copied text—including passwords, 2FA codes, and personal data—in plain text indefinitely, without auto-expiry.GBHackers
April 23, 2025 – Education
Cookie-Bite: How Your Digital Crumbs Let Threat Actors Bypass MFA and Maintain Access to Cloud Environments Full Text
Abstract
A new proof-of-concept attack dubbed Cookie-Bite demonstrates how a malicious Chrome extension can steal Azure Entra ID session cookies to bypass multi-factor authentication (MFA) and maintain unauthorized access to Microsoft cloud services.Varonis
April 22, 2025 – Vulnerabilities
Critical Security Vulnerability Found in WordPress Plugin InstaWP Connect Full Text
Abstract
The vulnerability, identified as CVE-2025-2636, specifically impacts older versions of the plugin. Versions prior to 0.1.0.88 are at risk. This security flaw enables unauthorized attackers to remotely execute malicious PHP code on affected websites.The Cyber Express
April 22, 2025 – Business
AI security firm Pillar raises $9m to secure the future of enterprise software Full Text
Abstract
The $9 million seed funding round for Pillar Security was led by Shield Capital, with participation from Golden Ventures, Ground Up Ventures, and a group of strategic angel investors.FinTech
April 22, 2025 – General
Report: $40bn Southeast Asian Scam Sector Growing “Like a Cancer” Full Text
Abstract
The findings are revealed in a new report from the UN Office on Drugs and Crime (UNODC), Inflection Point: Global Implications of Scam Centres, Underground Banking and Illicit Online Marketplaces in Southeast Asia.InfoSecurity Magazine
April 22, 2025 – Vulnerabilities
PoC Released for Critical Unauthenticated Erlang/OTP RCE Vulnerability Full Text
Abstract
The flaw (CVSSv3 10.0) stems from improper handling of SSH protocol messages, enabling attackers to bypass authentication and send malicious payloads during the connection phase.GBHackers
April 22, 2025 – General
Researchers claim breakthrough in fight against AI’s frustrating security hole Full Text
Abstract
Google DeepMind has unveiled CaMeL (CApabilities for MachinE Learning), a new approach to stopping prompt-injection attacks that abandons the failed strategy of having AI models police themselves.ArsTechnica
April 22, 2025 – Vulnerabilities
Over 50k WordPress Sites at Takeover Risk Via Vulnerable Plugin Full Text
Abstract
Tracked as CVE-2025-3616 and carrying a CVSS score of 8.8, this flaw allows authenticated users — even those with mere subscriber-level access — to upload arbitrary files, including malicious PHP scripts, and execute them remotely.Security Online
April 22, 2025 – Malware
New Malware Mimics Cisco Webex to Target Users in-the-Wild Full Text
Abstract
According to researchers, the attack begins when victims are persuaded to click on malicious meeting links that exploit a vulnerability in Cisco Webex App’s custom URL parser.Cybersecurity News
April 22, 2025 – Vulnerabilities
Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation Full Text
Abstract
A newly discovered vulnerability in the Windows Update Stack, tracked as CVE-2025-21204, could enable attackers to execute arbitrary code and escalate privileges to SYSTEM level on targeted machines.GBHackers
April 22, 2025 – Phishing
Report: Microsoft Remains the Most Targeted Brand for Phishing Attacks in Q1 2025, Mastercard Makes a Comeback Full Text
Abstract
In Q1 2025, Microsoft maintained its position as the most targeted brand, accounting for 36% of all phishing attempts. Google surged to second place with 12%, while Apple remained in the top 3 with 8%.CXO Today
April 22, 2025 – Vulnerabilities
Critical CVE-2025-1976 Vulnerability in Brocade Fabric OS Actively Exploited Full Text
Abstract
A critical security vulnerability has been identified in Brocade Fabric OS, posing a significant risk to affected systems. The vulnerability could allow a local user with admin privileges to execute arbitrary code with full root privileges.Security Online
April 21, 2025 – Vulnerabilities
WordPress ad-fraud plugins generated 1.4 billion ad requests per day Full Text
Abstract
A large-scale ad fraud operation called 'Scallywag' is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests.Bleeping Computer
April 21, 2025 – Vulnerabilities
Hackers Bypassed Windows Defender Policies Using WinDbg Preview via Microsoft Store Full Text
Abstract
A newly documented technique reveals how attackers can exploit the WinDbg Preview debugger to bypass even the strictest Windows Defender Application Control (WDAC) policies.GBHackers
April 21, 2025 – Malware
Hackers Claim to Sell ‘Baldwin Killer’ Malware That Evades AV and EDR Full Text
Abstract
A notorious threat actor has allegedly begun selling “Baldwin Killer,” a sophisticated malware toolkit designed to bypass leading antivirus (AV) and endpoint detection and response (EDR) systems.GBHackers
April 21, 2025 – General
Japan warns of hundreds of millions of dollars in unauthorized trades from hacked accounts Full Text
Abstract
Japan’s FSA issued an urgent warning following a surge in unauthorized access and fraudulent trading activities targeting online brokerage accounts. The incident has resulted in hundreds of millions of dollars in unauthorized transactions.The Record
April 21, 2025 – Attack
Zoom has a remote control feature and crypto thieves are abusing it - Risky Business Media Full Text
Abstract
A newly uncovered campaign by the threat group ELUSIVE COMET exploits Zoom’s remote control feature to hijack victims’ systems. The attackers use social engineering tactics, impersonating Bloomberg Crypto.Risky
April 21, 2025 – Phishing
Cybercriminals Exploit Google OAuth Loophole to Evade Gmail Security Full Text
Abstract
A sophisticated phishing attack exploiting a loophole in Google’s OAuth infrastructure has surfaced, raising significant concerns about the security of Gmail users worldwide.GBHackers
April 21, 2025 – Malware
New Android malware steals your credit cards for NFC relay attacks Full Text
Abstract
A new malware-as-a-service (MaaS) platform named 'SuperCard X' has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data.Bleeping Computer
April 21, 2025 – Attack
Chinese Ghost Hackers Hit Hospitals And Factories In America And U.K. Full Text
Abstract
Ghost ransomware hackers strike in 70 countries. However, North America and the U.K. have been most attacked by the Ghost ransomware hackers. The campaigns are operated by a financially motivated group from China.Forbes
April 21, 2025 – Ransomware
FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE Full Text
Abstract
Researchers found that FOG ransomware is being distributed by cybercriminals trolling users by abusing the name of the Department of Government Efficiency (DOGE), or individuals connected to the government initiative.Trend Micro
April 21, 2025 – Criminals
SheByte PaaS Launches Subscription Service for Cybercriminals Full Text
Abstract
Launched in June 2024, SheByte has rapidly gained traction among cybercriminals by offering customizable phishing kits and a subscription model, signaling a durable presence in the threat landscape.GBHackers
April 19, 2025 – Malware
New payment-card scam involves a phone call, some malware and a personal tap Full Text
Abstract
A new fraud campaign tracked by Cleafy in Italy leverages Android malware, social engineering, and NFC technology to steal payment card data. The malware, dubbed SuperCard X, is part of a malware-as-a-service (MaaS) operation .The Record
April 19, 2025 – Vulnerabilities
ASUS warns of critical auth bypass flaw in routers using AiCloud Full Text
Abstract
ASUS has disclosed a critical authentication bypass vulnerability (CVE-2025-2492) affecting multiple router models with AiCloud enabled. The flaw allows remote attackers to execute unauthorized functions without authentication.Bleeping Computer
April 19, 2025 – Phishing
UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants Full Text
Abstract
A spear-phishing campaign attributed to Russian-speaking threat actors targeted the UK Ministry of Defence (MOD) in late 2024. The attackers deployed a RomCom malware variant known as Damascened Peacock.Talos Intelligence
April 19, 2025 – Malware
KeyPlug Malware Server Leak Exposes Fortinet Firewall and VPN Exploitation Tools Full Text
Abstract
Cybersecurity researchers uncovered a RedGolf/APT41 server inadvertently exposed for less than 24 hours, offering a rare glimpse into an active staging ground used by the threat actor.GBHackers
April 19, 2025 – Cryptocurrency
The Zoom attack you didn’t see coming Full Text
Abstract
A threat actor known as ELUSIVE COMET is exploiting Zoom’s remote control feature to deploy malware during fake podcast interviews. The attacker is targeting individuals in the cryptocurrency and DeFi sectors.HelpNet Security
April 19, 2025 – Government
FBI Warns of Scammers Impersonating the IC3 Full Text
Abstract
The FBI has issued a warning about a persistent fraud scheme in which scammers impersonate employees of the Internet Crime Complaint Center (IC3) to deceive and revictimize individuals, particularly those who have already suffered financial fraud.IC3
April 18, 2025 – Phishing
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States Full Text
Abstract
A widespread and ongoing SMS phishing (smishing) campaign has been targeting toll road users across eight U.S. states since mid-October 2024. The campaign impersonates electronic toll systems.The Hacker News
April 18, 2025 – Malware
npm Malware Targets Telegram Bot Developers with Persistent … Full Text
Abstract
A new supply chain attack has been uncovered targeting Telegram bot developers via typosquatted npm packages. These malicious packages mimic the legitimate `node-telegram-bot-api` library.Socket
April 18, 2025 – Attack
SCAMONOMICS THE DARK SIDE OF STOCK & CRYPTO INVESTMENTS IN INDIA Full Text
Abstract
A coordinated fraud campaign is targeting investors using fake investment platforms, impersonation tactics, and compromised legitimate websites. These schemes aim to steal financial data and defraud victims through social engineering.Cyfirma
April 18, 2025 – Criminals
Look out! CapCut copycats are on the prowl Full Text
Abstract
Cybercriminals are exploiting the popularity of AI-powered content creation tools by deploying fake websites that impersonate platforms like CapCut, Adobe Express, and Canva.WeLive Security
April 17, 2025 – Ransomware
Ghost Ransomware Targets Organizations Across 70+ Countries Full Text
Abstract
A new ransomware variant known as Ghost (also referred to as Cring) has emerged as a significant global threat. The FBI and CISA issued a joint advisory in February 2025 in response to the growing threat.GBHackers
April 17, 2025 – Breach
Proton66 Part 2: Compromised WordPress Pages and Malware Campaigns Full Text
Abstract
A recent surge in malicious activity has been observed originating from the Proton66 ASN. This activity includes mass scanning, credential brute forcing, and exploitation attempts. The observed activity is targeting organizations worldwide.Trust Wave
April 17, 2025 – Vulnerabilities
Model Context Protocol Flaw Allows Attackers to Compromise Victim Systems Full Text
Abstract
A critical vulnerability in the widely adopted Model Context Protocol (MCP), an open standard for integrating generative AI (GenAI) tools with external systems, has exposed organizations to risks of data theft, ransomware, and unauthorized access.GBHackers
April 17, 2025 – General
Network Edge Devices the Biggest Entry Point for Attacks on SMBs Full Text
Abstract
Compromised network edge devices accounted for initial compromise in 30% of incidents impacting small and medium-sized businesses (SMBs) in 2024. VPN exploitation alone was the most frequent compromise point across all cases, at 19%.Infosecurity Magazine
April 17, 2025 – Malware
Unmasking the new XorDDoS controller and infrastructure Full Text
Abstract
Cisco Talos observed an existing DDoS malware known as XorDDoS, continuing to spread globally between November 2023 and February 2025. A significant finding shows that over 70 percent of attacks using XorDDoS targeted the U.S.Talos
April 17, 2025 – General
Cyber threats against energy sector surge as global tensions mount Full Text
Abstract
Cyberattacks on the energy sector are rising due to geopolitical/tech factors. A July 2024 Sophos report found 67% of 275 surveyed energy/utility leaders experienced ransomware attacks in the last year.HelpNet Security
April 17, 2025 – Government
CISA warns of increased breach risks following Oracle Cloud leak Full Text
Abstract
On Wednesday, CISA warned of heightened breach risks after the compromise of legacy Oracle Cloud servers earlier this year and highlighted the significant threat to enterprise networks.Bleeping Computer
April 17, 2025 – General
Around the World in 90 Days: State-Sponsored Actors Try ClickFix Full Text
Abstract
Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over three months from late 2024 through the beginning of 2025.Proof Point
April 17, 2025 – Malware
Inside Gamaredon’s PteroLNK: Dead Drop Resolvers and evasive Infrastructure Full Text
Abstract
Researchers unearthed the PteroLNK variant used by the Russian-nexus threat group, Gamaredon. The group targets Ukrainian entities, focusing on government, military, and critical infrastructure sectors.Harfang Lab
April 17, 2025 – Breach
Harvest Ransomware Attack: Stolen Data Now Publicly Disclosed Full Text
Abstract
French fintech leader Harvest SAS has become the latest high-profile victim of a sophisticated ransomware attack, culminating this week in the public release of a trove of sensitive stolen data.GBHackers
April 16, 2025 – APT
Mustang Panda: PAKLOG, CorKLOG, and SplatCloak Full Text
Abstract
Mustang Panda, a China-linked APT group, has expanded its malware arsenal with PAKLOG and CorKLOG and an EDR evasion driver named SplatCloak. The malware is delivered via RAR archives containing legitimate signed binaries and malicious DLLs.ZScalar
April 16, 2025 – Vulnerabilities
CVE-2025-24054: Actively Exploited NTLM Hash Disclosure Vulnerability Full Text
Abstract
Check Point Research has issued a warning over the active exploitation of a newly disclosed vulnerability—CVE-2025-24054—that allows attackers to leak NTLMv2-SSP hashes through specially crafted .library-ms files.Security Online
April 16, 2025 – Phishing
North Korean Hackers Targeted Nearly 18,000 in Phishing Campaign During Martial Law Turmoil Full Text
Abstract
North Korean hackers sent more than 120,000 phishing emails to nearly 18,000 individuals over a three-month campaign that impersonated South Korea’s Military Counterintelligence Command’s communication during the Martial Law turmoil.The Cyber Express
April 16, 2025 – Hacker
Hacktivist Group Becomes More Sophisticated, Targets Critical Infrastructure to Deploy Ransomware Full Text
Abstract
A recent report shed light on the evolving tactics of hacktivist groups, moving beyond traditional cyber disruptions like DDoS attacks and website defacements to engage in more advanced critical infrastructure attacks and ransomware operations.GBHackers
April 16, 2025 – Malware
Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users Full Text
Abstract
Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024.The Hacker News
April 16, 2025 – Malware
New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks Full Text
Abstract
Researchers unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024.The Hacker News
April 16, 2025 – Phishing
Byte Bandits: How Fake PDF Converters Are Stealing More Than Just Your Documents Full Text
Abstract
A phishing campaign where threat actors mimicked the legit pdfcandy[.]com site to distribute malware. Users were tricked into running a PowerShell command, triggering the download of a ZIP payload containing ArechClient2.CloudSek
April 16, 2025 – Vulnerabilities
Microsoft warns of blue screen crashes caused by April updates Full Text
Abstract
Microsoft warned customers this week that their systems might crash with a blue screen error caused by a secure kernel fatal error after installing Windows updates released since March.Bleeping Computer
April 16, 2025 – Malware
Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders Full Text
Abstract
Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that's designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens.The Hacker News
April 16, 2025 – Vulnerabilities
Firefox Fixes High-Severity Vulnerability Causing Memory Corruption via Race Condition Full Text
Abstract
Mozilla has released Firefox 137.0.2, addressing a high-severity security flaw that could potentially allow attackers to exploit memory corruption. The patched vulnerability, CVE-2025-3608, was found in the nsHttpTransaction component of Firefox.GBHackers
April 15, 2025 – Phishing
China-based SMS Phishing Triad Pivots to Banks – Krebs on Security Full Text
Abstract
China-based SMS phishing group “Smishing Triad” is now converting stolen payment card data into Apple and Google mobile wallets. Previously, they impersonated toll road and shipping firms.Kreb On Security
April 15, 2025 – Attack
Hackers Use Microsoft Teams Chats to Deliver Malware to Windows PCs Full Text
Abstract
A sophisticated cyberattack campaign has emerged, leveraging Microsoft Teams chats to infiltrate Windows PCs with malware, according to a recent report by cybersecurity firm ReliaQuest.GBHackers
April 15, 2025 – Vulnerabilities
Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence Full Text
Abstract
A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change.The Hacker News
April 15, 2025 – Breach
Ransomware gang says it hacked the Oregon Department of Environmental Quality Full Text
Abstract
The Oregon DEQ said it was investigating a cyber attack on its enterprise information services that forced the department to shut down its email system, computer workstations, help desk, and vehicle inspection stations.CompariTech
April 15, 2025 – Malware
PasivRobber Malware Emerges, Targeting macOS to Steal Data From Systems and Apps Full Text
Abstract
Identified on March 13, 2025, after a suspicious file named “wsus” was uploaded to VirusTotal, PasivRobber is a multi-component threat designed to steal a wide range of data from infected systems and popular applications.GBHackers
April 15, 2025 – Vulnerabilities
Australian Businesses at Risk as Threat Actors Exploit Fortinet Vulnerabilities Full Text
Abstract
Australian organizations using Fortinet products are being urged to take immediate action following a new advisory highlighting the active exploitation of previously known vulnerabilities.The Cyber Express
April 15, 2025 – Malware
Unmasking Xworm Payload Execution Path through Jailbreaking a Malicious JScript Loader Full Text
Abstract
Security researchers are analyzing a sophisticated malware delivery mechanism that uses a JScript loader to deploy different payloads based on the victim’s geographic location.GBHackers
April 15, 2025 – Malware
TROX Stealer: A deep dive into a new Malware as a Service (MaaS) attack campaign Full Text
Abstract
TROX Stealer, first seen by Sublime Security in December 2024, appears to be an obscure and undocumented information stealer with capabilities to exfiltrate sensitive data.Sublime
April 15, 2025 – Vulnerabilities
Gladinet flaw CVE-2025-30406 actively exploited in the wild Full Text
Abstract
Security researchers at Huntress warn of attacks in the wild exploiting a critical vulnerability, tracked as CVE-2025-30406, in Gladinet CentreStack and Triofox software.Security Affairs
April 15, 2025 – Breach
Hertz disclosed a data breach following 2024 Cleo zero-day attack Full Text
Abstract
Car rental giant Hertz Corporation disclosed a data breach that impacted its Hertz, Thrifty, and Dollar brands. Threat actors gained access to customer data via Cleo zero-day exploits in late 2024.Security Affairs
April 11, 2025 – Breach
US lab testing provider exposed health data of 1.6 million people Full Text
Abstract
Laboratory Services Cooperative (LSC) has released a statement informing it suffered a data breach where hackers stole sensitive information of roughly 1.6 million people from its systems.Bleeping Computer
April 10, 2025 – Criminals
Moroccan Cybercrime Group Atlas Lion Hiding in Plain Sight During Attacks on Retailers Full Text
Abstract
The Atlas Lion group used stolen credentials to enroll its own virtual machines (VMs) into an organization’s cloud domain, according to researchers at cybersecurity firm Expel.The Record
April 10, 2025 – Malware
Atomic and Exodus Crypto Wallets Targeted in Malicious NPM Package Campaign Full Text
Abstract
The new NPM package, pdf-to-office, masquerades as a utility for converting PDF files to Word documents. Instead, it injects malicious code into cryptocurrency wallet software associated with Atomic Wallet and Exodus.Reversing Labs
April 10, 2025 – Phishing
Sapphire Werewolf Upgrades Arsenal With Amethyst Stealer Targeting Energy Firms Full Text
Abstract
Sapphire Werewolf has introduced a potent new weapon into its cyber arsenal, unveiling the latest iteration of the Amethyst stealer in a calculated phishing attack against an energy firm.GBHackers
April 10, 2025 – Ransomware
Emulating the Misleading CatB Ransomware Full Text
Abstract
CatB ransomware, also known as CatB99 or Baxtoy, emerged in late 2022 and has gained attention for its use of DLL hijacking via MSDTC to execute its payload. It is suspected to be a rebrand of Pandora ransomware.Attack IQ
April 10, 2025 – Attack
GOFFEE’s recent attacks: new tools and techniques Full Text
Abstract
GOFFEE continued to launch targeted attacks against organizations in Russia, utilizing PowerTaskel, a non-public Mythic agent written in PowerShell, and introducing a new implant that researchers dubbed “PowerModul”.Security List
April 10, 2025 – Vulnerabilities
Dell Addresses Security Vulnerabilities in PowerScale OneFS Full Text
Abstract
Dell has released a security advisory addressing multiple vulnerabilities in PowerScale OneFS, its scale-out network-attached storage operating system. The vulnerabilities could be exploited by malicious users to compromise affected systems.Security Online
April 10, 2025 – Vulnerabilities
SonicWall Patches Multiple Vulnerabilities in NetExtender VPN Client Full Text
Abstract
SonicWall has issued a security advisory disclosing three newly identified vulnerabilities in its NetExtender Windows client, a popular VPN tool used by organizations for secure remote access to internal networks.Security Online
April 10, 2025 – Botnet
AI-Powered AkiraBot Bypasses CAPTCHAs, Spams Websites At Scale Full Text
Abstract
AkiraBot is designed to post AI-generated spam messages in chats, comments, and contact forms, tailored to the targeted website’s content to promote dubious Search Engine Optimization (SEO) services such as Akira and ServicewrapGO..Sentinel One
April 10, 2025 – Vulnerabilities
SureTriggers Vulnerability Exposes 100,000+ WordPress Sites to Full Takeover Full Text
Abstract
A critical vulnerability in the popular WordPress automation plugin SureTriggers has exposed over 100,000 sites to the risk of unauthenticated administrative account creation, potentially allowing full site takeover.Security Online
April 8, 2025 – Vulnerabilities
TVT DVR Devices Under Siege as Massive Exploitation Attempts Expose Critical Flaw Full Text
Abstract
GreyNoise intelligence reports “a significant spike 3 times that of typical activity in exploitation attempts against TVT NVMS9000 DVRs,” with the peak occurring on April 3rd, registering over 2,500 unique attacking IP addresses.Security Online
April 8, 2025 – Vulnerabilities
WhatsApp for Windows Spoofing Vulnerability Poses Code Execution Risk Full Text
Abstract
A security advisory from Facebook detailed a spoofing vulnerability (CVE-2025-30401) in WhatsApp for Windows, highlighting a potential risk where malicious actors could trick users into executing arbitrary code.Security Online
April 8, 2025 – Vulnerabilities
Critical BentoML Flaw Allows Full Remote Code Execution, Exploit Available Full Text
Abstract
The vulnerability, tracked as CVE-2025-27520 (CVSS 9.8), allows for remote code execution (RCE) and poses a significant risk to systems utilizing the affected versions of the library.Security Online
April 8, 2025 – Vulnerabilities
Pexip Issues Urgent Security Update to Address Critical Vulnerabilities Full Text
Abstract
The two high-severity vulnerabilities, tracked as CVE-2025-32095 and CVE-2025-30080, could allow a remote attacker to trigger a software abort, leading to a denial of service. Users are recommended to upgrade to Pexip Infinity v37.0 for the fixes.Security Online
April 8, 2025 – Criminals
EncryptHub’s Dual Life Between Cybercrime and Windows Bug Bounty Research Uncovered Full Text
Abstract
A new report by Outpost24 researchers linked the EncryptHub threat actor with SkorikARI, the account that reported CVE-2025-24061 and CVE-2025-24071, after they allegedly infected themselves and exposed their credentials.Bleeping Computer
April 8, 2025 – Vulnerabilities
PoC Exploit Released for Yelp Flaw Exposes SSH Keys on Ubuntu Systems Full Text
Abstract
A security vulnerability, identified as CVE-2025-3155, has been discovered in Yelp, the GNOME user help application that comes pre-installed on Ubuntu systems. The vulnerability involves the way Yelp handles the “ghelp://” URI scheme.Security Online
April 8, 2025 – Ransomware
Everest Ransomware’s Dark Web Leak Site Defaced, Now Offline Full Text
Abstract
The dark web leak site of the Everest ransomware gang was hacked over the weekend by an unknown attacker and is now offline. The Everest operation has since taken down its leak site.Bleeping Computer
April 8, 2025 – Vulnerabilities
Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities Full Text
Abstract
Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two flaws, CVE-2024-53150 (out-of-bounds read) and CVE-2024-53197 (privilege escalation), reside in the USB sub-component of Kernel.The Hacker News
April 8, 2025 – Attack
ToddyCat Group Abused Flaw in ESET Security Software to Plant Malicious DLLs Full Text
Abstract
During the campaign, the hackers exploited the ESET vulnerability (CVE-2024-11859) to load a new tool dubbed TCDSB onto victims' devices, disguising it as a legitimate DLL — a common file type in the Windows operating system.The Record
April 8, 2025 – Vulnerabilities
MediaTek’s April 2025 Security Bulletin Addresses Critical WLAN Vulnerability in Multiple Chipsets Full Text
Abstract
One of the most severe vulnerabilities highlighted in the bulletin is an out-of-bounds write in the WLAN service (CVE-2025-20654). This vulnerability could lead to remote code execution with no additional execution privileges needed.Security Online
April 7, 2025 – Vulnerabilities
Python JSON Logger Vulnerability Enables Remote Code Execution - PoC Released Full Text
Abstract
A recent security disclosure has revealed a remote code execution (RCE) vulnerability, CVE-2025-27607, in the Python JSON Logger package, affecting versions between 3.2.0 and 3.2.1.This vulnerability arises from a missing dependency.GBHackers
April 7, 2025 – Phishing
New Evasive Campaign Uses Fake CAPTCHAs to Deliver LegionLoader Full Text
Abstract
In this newly discovered campaign, the attackers use fake CAPTCHAs and CloudFlare Turnstile as part of their strategy to deliver the LegionLoader payload. The initial infection starts with a drive-by download when a victim searches for a document.Security Online
April 7, 2025 – Vulnerabilities
Critical pgAdmin Flaw Allows Remote Code Execution Full Text
Abstract
Notably, the flaw requires authentication, limiting immediate widespread exploitation. However, compromised accounts or phishing attacks could bypass this barrier. The pgAdmin team resolved the issue in version 9.2.GBHackers
April 7, 2025 – Phishing
E-ZPass toll payment texts return in massive phishing wave Full Text
Abstract
The messages embed links that, if clicked, take the victim to a phishing site impersonating E-ZPass, The Toll Roads, FasTrak, Florida Turnpike, or another toll authority that attempts to steal their personal information.Bleeping Computer
April 7, 2025 – Cryptocurrency
PoisonSeed Campaign: Uncovering a Web of Cryptocurrency and Email Provider Attacks Full Text
Abstract
This campaign involves a two-pronged approach: compromising CRM and bulk email providers and deploying a novel “crypto seed phrase” phishing attack.The PoisonSeed campaign has targeted a range of significant platforms.Security Online
April 5, 2025 – Malware
Lazarus Expands Contagious Interview Campaign With 11 New NPM Packages Containing Malware Loaders and Bitbucket Payloads Full Text
Abstract
These latest malware samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, signaling a variation in the threat actors’ obfuscation techniques.Socket
April 5, 2025 – Criminals
Smishing Triad is Now Targeting Toll Payment Services in a Massive Fraud Campaign Expansion Full Text
Abstract
The Smishing Triad group has been linked to a surge in smishing campaigns targeting the U.S. and the U.K. The fraudulent text messages claim unpaid toll bills or payment requests related to toll services like FasTrak, E-ZPass, and I-Pass.ReSecurity
April 5, 2025 – Breach
State Bar of Texas Confirms Data Breach, Begins Notifying Affected Consumers Full Text
Abstract
According to an official notice, the breach occurred between January 28, 2025, and February 9, 2025, during which an unauthorized actor gained access to sensitive information stored on the organization’s systems.GBHackers
April 5, 2025 – Criminals
Hunters International Dumps Ransomware, Goes Full-on Extortion Full Text
Abstract
The decision appears to come in the wake of international law enforcement operations over the past two years with names like Endgame, Morpheus, Cronos, and Magnus that disrupted the operations of cybercriminal groups.Security Boulevard
April 5, 2025 – Phishing
Threat Actors Leverage Tax Season To Deploy Tax-Themed Phishing Campaigns Full Text
Abstract
These campaigns lead to phishing pages delivered via the RaccoonO365 phishing-as-a-service (PhaaS) platform, remote access trojans (RATs) like Remcos, and other malware like Latrodectus, BruteRatel C4 (BRc4), AHKBot, and GuLoader.Microsoft
April 5, 2025 – Breach
Update: Port of Seattle Says 90,000 People Impacted in 2024 Ransomware Attack Full Text
Abstract
The Port of Seattle, which runs Seattle-Tacoma International Airport, several parks, container terminals, and other services, is sending breach notification letters to those affected, including about 71,000 people in Washington state.The Record
April 4, 2025 – Phishing
Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware Full Text
Abstract
These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection.The Hacker News
April 4, 2025 – Government
CISA, FBI, nations warn of fast flux DNS threat Full Text
Abstract
CISA, on Thursday urged organizations, internet service providers, and security firms to strengthen defenses against so-called fast flux attacks. Malicious cyber actors use fast flux to obfuscate the locations of malicious servers.The Register
April 4, 2025 – Breach
Australian Pension Funds Hacked Full Text
Abstract
Several major Australian pension funds have confirmed they were targeted in a coordinated hacking campaign that compromised thousands of customer accounts. REST Super revealed that about 20,000 people were affected.Security Online
April 4, 2025 – Vulnerabilities
OpenVPN Flaw Allows Attackers Crash Servers and Run Remote Code Full Text
Abstract
OpenVPN has patched a security vulnerability (CVE-2025-2704) that could potentially allow attackers to crash servers and execute remote code under certain conditions, with the flaw affecting specific server configurations.GBHackers
March 31, 2025 – Malware
Researchers Uncover the Shelby Malware Family Abusing GitHub for Command and Control Full Text
Abstract
Researchers found unused code and dynamic payload loading, hinting at the malware being under active development, indicating future updates may address any issues with contemporary versions.Elastic
March 31, 2025 – Malware
Python-based RAT Abuses Discord API to Execute Data Theft Attacks Full Text
Abstract
The Python-based Discord Remote Access Trojan (RAT) leverages Discord’s API as a C2 server to execute arbitrary system commands, steal sensitive information, capture screenshots, and manipulate both local machines and Discord servers.Cyfirma
March 31, 2025 – Attack
Russian Intelligence-backed Campaigns Impersonate the CIA to Target Ukraine Sympathizers, Russian Citizens, and Informants Full Text
Abstract
Silent Push Threat Analysts discovered a phishing campaign using website lures to gather information against Russian individuals sympathetic to defending Ukraine and willing to share sensitive information.Silent Push
March 31, 2025 – Malware
Python-based Triton RAT Found Targeting Roblox Credentials Full Text
Abstract
Cado Security Labs identified a Python Remote Access Tool (RAT) named Triton RAT. The open source RAT is available on GitHub and allows users to remotely access and control a system using Telegram.Cado Security
March 31, 2025 – Vulnerabilities
Canon Fixes Critical Printer Driver Flaw Full Text
Abstract
The vulnerability, identified as CVE-2025-1268, is described as an out-of-bounds vulnerability that “may prevent printing and/or potentially be able to execute arbitrary code when the print is processed by a malicious application“.Security Online
March 31, 2025 – Phishing
Lucid: The Rising Threat of Phishing-as-a-Service Full Text
Abstract
The end-to-end encryption in RCS and iMessage creates a blind spot, making network-level filtering ineffective. Threat actors also leverage visual trust indicators, such as blue bubbles in iMessage, to create a perception of legitimacy.Security Online
March 31, 2025 – Vulnerabilities
Dell Unity Hit by 9.8 CVSS Root-Level Command Injection Flaw Full Text
Abstract
Dell released an update for Unity OS version 5.4 and earlier, addressing a set of critical vulnerabilities that exposed the enterprise storage systems under Unity, UnityVSA, and Unity XT lines.Security Online
March 31, 2025 – Malware
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials Full Text
Abstract
As with other banking trojans of its kind, the malware is designed to facilitate device takeover (DTO) and ultimately conduct fraudulent transactions. An analysis of the source code and the debug messages revealed that the author is Turkish-speaking.The Hacker News
March 31, 2025 – Vulnerabilities
Mitel Addresses High Severity XSS Vulnerability in MiContact Center Business Full Text
Abstract
Mitel has issued a security advisory regarding a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2025-23092 (CVSS 7.1), in the Legacy Chat component of its MiContact Center Business software.Security Online
March 31, 2025 – Vulnerabilities
Critical Flaw Discovered in WordPress Plugin with 90,000+ Active Installs Full Text
Abstract
The vulnerability, tracked as CVE-2025-2294, is a Local File Inclusion (LFI) flaw present in the Kubio AI Page Builder plugin. This flaw affects all versions of the plugin up to and including 2.5.1.Security Online
March 29, 2025 – Government
CISA Warns of RESURGE Malware Exploiting Ivanti Vulnerability Full Text
Abstract
This new malware exhibits capabilities similar to the SPAWNCHIMERA variant, notably its ability to survive system reboots. However, RESURGE distinguishes itself through unique commands that enable it to alter its behavior.Security Online
March 29, 2025 – Vulnerabilities
New Ubuntu Linux Security Bypasses Require Manual Mitigations Full Text
Abstract
Three security bypasses have been discovered in Ubuntu Linux’s unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components.Bleeping Computer
March 29, 2025 – Malware
Stealthy Snake Keylogger Malware Targets Credentials in Sophisticated Attacks Full Text
Abstract
A new report from Seqrite Labs detailed a malicious campaign employing SnakeKeylogger, an info-stealing malware known for its advanced techniques and ability to evade detection.Security Online
March 29, 2025 – Government
CHOCO TEI WATCHER mini Devices Found Vulnerable to Critical Remote Exploits, CISA Warns Full Text
Abstract
The CISA has issued an advisory alerting organizations to multiple critical vulnerabilities affecting the CHOCO TEI WATCHER mini (IB-MCT001)—a device manufactured by Inaba Denki Sangyo Co., Ltd. for use in industrial and manufacturing environments.Security Online
March 28, 2025 – Phishing
Classiscam Scams Surge in Central Asia, Leveraging Telegram Bots Full Text
Abstract
These scams, which have evolved from simple fake ads to sophisticated operations using Telegram bots, are targeting online marketplaces and deceiving users into divulging their financial information.Security Online
March 28, 2025 – APT
APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware Full Text
Abstract
A Pakistan-linked APT group has been found creating a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country.The Hacker News
March 28, 2025 – Malware
PJobRAT Makes a Comeback, Takes Another Crack at Chat Apps Full Text
Abstract
In the latest campaign, Sophos X-Ops researchers found PJobRAT samples disguising themselves as instant messaging apps. As per their telemetry, all the victims appeared to be based in Taiwan.Sophos
March 28, 2025 – Vulnerabilities
Critical Severity Vulnerabilities in Ghostscript Put Users at Risk Full Text
Abstract
A series of security vulnerabilities has been identified in Artifex Ghostscript, a widely used interpreter for PostScript and PDF files. These vulnerabilities could lead to buffer overflows and unauthorized file access.Security Online
March 28, 2025 – Criminals
Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks Full Text
Abstract
A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of EDRKillShifter to disable endpoint security software, according to ESET.The Hacker News
March 28, 2025 – Breach
150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms Full Text
Abstract
The redirections have been found to occur via JavaScript hosted on five different domains (e.g., "zuizhongyj[.]com") that, in turn, serve the main payload responsible for performing the redirects.The Hacker News
March 27, 2025 – Vulnerabilities
Synology Mail Server Vulnerability Allows Remote Configuration Tampering Full Text
Abstract
“A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions,” according to Synology’s official advisory.Security Online
March 27, 2025 – Ransomware
RedCurl Threat Group Create QWCrypt Ransomware to Target Hyper-V Virtual Machines Full Text
Abstract
While most ransomware operations focus on VMware ESXi servers, RedCurl's new QWCrypt ransomware specifically targets virtual machines hosted on Hyper-V. Bitdefender observed attacks involving phishing emails with ".IMG" attachments disguised as CVs.Bleeping Computer
March 27, 2025 – Vulnerabilities
Millions of Web Applications at Risk Due to PoC Exploit Released for Vite Arbitrary File Read Flaw Full Text
Abstract
Vite, the frontend build tool that powers millions of modern web applications, has been found vulnerable to a file access control bypass flaw that could expose arbitrary file contents to the browser.Security Online
March 27, 2025 – Malware
Malware Found on npm Infecting Local Package With Reverse Shell Full Text
Abstract
In March, two harmful packages called ethers-provider2 and ethers-providerz were added to npm. They hid their malicious payload and modified the legitimate npm package ethers, which led to a reverse shell.Reversing Labs
March 27, 2025 – Vulnerabilities
RCE and Data Leak Vulnerabilities Patched in Splunk Enterprise and Splunk Cloud Platform Full Text
Abstract
CVE-2025-20229 allows low-privileged users to execute arbitrary code remotely by uploading malicious files. The second flaw, CVE-2025-20231, affects the Splunk Secure Gateway App and leads to the exposure of user session and authorization tokens.Security Online
March 27, 2025 – Criminals
BlackLock Ransomware Operation Disrupted by Cybersecurity Firm Full Text
Abstract
Resecurity discovered a local file inclusion flaw in the data leak site used by BlackLock Ransomware, allowing them to uncover clearnet IP addresses and other details about the cybercriminals' network, aiding in the investigation and disruption.Security Affairs
March 27, 2025 – Vulnerabilities
Synapse Servers at Risk Due to Zero-Day DoS Flaw Exploited in the Wild Full Text
Abstract
A critical zero-day vulnerability has been discovered in Synapse, an open-source Matrix homeserver implementation. This flaw is actively being exploited in the wild and can lead to a denial-of-service condition.Security Online
March 27, 2025 – Malware
MacOS Malware ReaderUpdate Adds New Variants Written in Crystal, Nim, Rust, and Go Full Text
Abstract
The ReaderUpdate malware, which previously went relatively unnoticed, now includes variants written in Crystal, Nim, Rust, and most recently, Go, in addition to the original compiled Python binary.Sentinel One
March 27, 2025 – Vulnerabilities
Use-After-Free Vulnerability in Exim Exposes Systems to Privilege Escalation Full Text
Abstract
The use-after-free vulnerability can be exploited to achieve privilege escalation. This could allow an attacker to gain unauthorized access to system resources and execute arbitrary commands with elevated privileges.Security Online
March 27, 2025 – Attack
New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations Full Text
Abstract
The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad.The Hacker News
March 26, 2025 – Vulnerabilities
New Windows Zero-Day Leaks NTLM Hashes, Gets Unofficial Patch Full Text
Abstract
Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer.Bleeping Computer
March 26, 2025 – Vulnerabilities
Apache VCL Hit by SQL Injection and XSS Vulnerabilities Full Text
Abstract
Recent advisories revealed two vulnerabilities (CVE-2024-53678 and CVE-2024-53679) in Apache VCL, a widely-used open-source cloud computing platform designed to deliver custom computing environments.Security Online
March 26, 2025 – Malware
Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on Over 140 Platforms Full Text
Abstract
Atlantis AIO offers threat actors the ability to launch credential stuffing attacks at scale via pre-configured modules for targeting a range of platforms and cloud-based services, thereby facilitating fraud, data theft, and account takeovers.The Hacker News
March 26, 2025 – Criminals
Researchers Uncover Nearly 200 Unique C2 Domains Linked to Raspberry Robin Access Broker Full Text
Abstract
"Raspberry Robin (also known as Roshtyak or Storm-0856) is a complex and evolving threat actor that provides initial access broker (IAB) services to numerous criminal groups, many of which have connections to Russia," Silent Push said in a report.The Hacker News
March 26, 2025 – Vulnerabilities
CrushFTP Warns Users to Patch Unauthenticated Access Flaw Immediately Full Text
Abstract
CrushFTP warned customers of an unauthenticated HTTP(S) port access vulnerability and urged them to patch their servers immediately. The vulnerability is mitigated if the DMZ feature of CrushFTP is enabled.Bleeping Computer
March 26, 2025 – Vulnerabilities
NetApp SnapCenter Users at Risk Due to CVSS 9.9 Privilege Escalation Vulnerability Full Text
Abstract
A high-severity security vulnerability has been discovered in NetApp SnapCenter, posing a significant risk to systems utilizing this platform. NetApp has released a security advisory detailing the issue and urging users to take immediate action.Security Online
March 26, 2025 – Attack
Browser-in-the-Browser Attacks Target CS2 Players’ Steam Accounts Full Text
Abstract
This phishing technique creates fake browser windows within real browser windows (Browser in the Browser) to create login pages or other realistic forms to steal users' credentials or one-time MFA passcodes (OTP).Bleeping Computer
March 26, 2025 – Vulnerabilities
Critical Authentication Bypass Flaw Impacts VMware Tools for Windows Full Text
Abstract
The vulnerability is due to improper access control. Low-privileged local attackers can exploit this vulnerability in simple attacks without user interaction to escalate privileges on vulnerable VMs.Security Affairs
March 26, 2025 – Vulnerabilities
Critical RCE Flaw Found in MoxieManager Full Text
Abstract
Tiny Technologies recently issued a security advisory regarding a critical vulnerability discovered in MoxieManager, a file and media management solution popular for its integration into PHP and .NET environments.Security Online
March 26, 2025 – Vulnerabilities
EncryptHub Linked to MMC Zero-Day Attacks on Windows Systems Full Text
Abstract
Attackers can leverage the vulnerability to evade Windows file reputation protections and execute code because the user is not warned before loading unexpected MSC files on unpatched devices.Bleeping Computer
March 25, 2025 – Phishing
Phishing Emails Distribute GuLoader by Impersonating an International Shipping Company Full Text
Abstract
The emails demand users open attachments that combine VBScript with PowerShell scripts, downloading files from external sources like planachiever.au and tripplebanks.duckdns.org.AhnLab
March 25, 2025 – Malware
New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI Full Text
Abstract
The McAfee Mobile Research Team discovered malware campaigns abusing .NET MAUI, a cross-platform development framework, to evade detection. These threats disguise themselves as legitimate apps, targeting users to steal sensitive information.March 25, 2025 – Malware
Rilide Stealer Disguises as a Browser Extension to Steal Crypto Full Text
Abstract
Pulsedive Threat Research identified multiple delivery mechanisms used to distribute Rilide. Phishing websites are the most common method, but newer versions have been adapted to work with Chrome Extension Manifest V3.Security Online
March 25, 2025 – Vulnerabilities
Update: Public Exploit Released for Linux Kernel Privilege Escalation Bug Full Text
Abstract
The vulnerability, tracked as CVE-2025-0927, a heap overflow in the HFS+ file system implementation, could allow an attacker to escalate local privileges on affected systems.Security Online
March 25, 2025 – Attack
Cyberattack Hits Ukrainian State Railway, Disrupting Online Ticket Sales Full Text
Abstract
The attack disrupted online services, including the mobile app used for ticket purchases, but did not affect train schedules, Ukrzaliznytsia said. The railway operator is investigating the incident along with Ukraine’s security services.The Record
March 25, 2025 – APT
Chinese Weaver Ant Hackers Spied on Telco Network for Four Years Full Text
Abstract
A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers.Bleeping Computer
March 25, 2025 – Breach
Inside Hunters International Group: How a Retailer Became the Latest Ransomware Victim Full Text
Abstract
In February 2025, Hunters International exploited CVE-2024-55591 in FortiOS to breach a retailer. They used VPN access, deceptive accounts, Rclone, and WinSCP for data exfiltration before deploying Rust-based ransomware and disabling recovery.Security Online
March 25, 2025 – Criminals
Over 300 Arrested in International Crackdown on Cyber Scams Full Text
Abstract
Law enforcement agencies in seven African countries arrested over 300 suspected cybercriminals involved in mobile banking, investment and messaging app scams, according to a statement on Monday by Interpol.The Record
March 25, 2025 – Malware
AMOS Stealer Revamped to Serve as a Fully Undetected macOS Threat Full Text
Abstract
The malware is distributed via a DMG file named Installer_v2.7.8.dmg, leveraging a clever trick to bypass macOS Gatekeeper. Victims are instructed to right-click and select “Open,” sidestepping Apple’s verification mechanism.Security Online
March 25, 2025 – Vulnerabilities
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication Full Text
Abstract
After responsible disclosure, the vulnerabilities were fixed in Ingress NGINX Controller versions 1.12.1, 1.11.5, and 1.10.7. Users should update promptly and secure the admission webhook endpoint from external exposure.The Hacker News
March 24, 2025 – Vulnerabilities
Critical Flaw in kcp Lets Attackers Manipulate Any Workspace Full Text
Abstract
The vulnerability, tracked as CVE-2025-29922 with a CVSS score of 9.6, allows for unauthorized creation and deletion of objects in arbitrary workspaces through the APIExport Virtual Workspace.Security Online
March 24, 2025 – Phishing
Fake Chat Used in Meta Business Account Phishing Full Text
Abstract
This phishing email warns recipients that their ad accounts have violated EU GDPR or Meta’s ad policies. They are encouraged to click a “Check More Details” button, which leads to a fake Meta page with a support chatbot.Security Online
March 24, 2025 – Ransomware
Babuk2 Ransomware Attempts Extortion Based on False Claims Full Text
Abstract
Babuk2, aka Babuk-Bjorka, appears to be reusing data from earlier breaches to back up its extortion claims. Many of the victims listed in their announcements have already been targeted by other groups such as RansomHub, FunkSec, LockBit, and Babuk.Halcyon
March 24, 2025 – Vulnerabilities
Nuxt Users Warned of Cache Poisoning Attacks Due to High-Severity Flaw Full Text
Abstract
Tracked as CVE-2025-27415 and scored 7.5 on the CVSS scale, this vulnerability affects Nuxt versions 3.0.0 up to but not including 3.16.0. The issue lies in how Nuxt handles certain HTTP requests.Security Online
March 24, 2025 – Malware
Microsoft Trusted Signing service abused to code-sign malware Full Text
Abstract
Signed malware has the advantage of potentially bypassing security filters that would normally block unsigned executable files, or at least treat them with less suspicion.Bleeping Computer
March 24, 2025 – Attack
Cybercriminals Exploit Check Point Driver Flaws in Malicious Campaign Full Text
Abstract
A security researcher found that a component of Check Point’s ZoneAlarm antivirus software is being exploited by threat actors in malicious campaigns to bypass Windows security measures.Infosecurity Magazine
March 24, 2025 – Vulnerabilities
Next.js Patches a Critical Authorization Bypass Flaw Full Text
Abstract
By abusing the flaw, malicious actors could gain unauthorized access to protected resources and functionalities within applications relying on Next.js middleware for authentication and authorization.Security Online
March 24, 2025 – Ransomware
VanHelsing, new RaaS in Town - Check Point Research Full Text
Abstract
In recent weeks, a new and rapidly expanding ransomware-as-a-service (RaaS) program called VanHelsingRaaS has been making waves in the cybercrime world, having infected three victims within just two weeks of its introduction.CheckPoint
March 24, 2025 – General
Report: Rooted Devices 250 Times More Vulnerable to Compromise Full Text
Abstract
A new analysis of mobile security threats by Zimperium has revealed that rooted and jailbroken devices are 250 times more vulnerable to system compromise incidents than standard devices.Infosecurity Magazine
March 24, 2025 – Breach
Update: Coinbase was the Primary Target of Recent Github Actions Breaches Full Text
Abstract
Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories.Bleeping Computer
March 22, 2025 – Ransomware
Albabat Ransomware Evolves to Target Linux and macOS Full Text
Abstract
Trend Micro researchers said the Albabat ransomware version 2.0 not only targets Microsoft Windows but also gathers system and hardware information on Linux and macOS systems.Infosecurity Magazine
March 22, 2025 – Vulnerabilities
Critical Security Flaw in ArcGIS Enterprise Exposes Admin Accounts to Remote Takeover Full Text
Abstract
The vulnerability, tracked as CVE-2025-2538, carries a CVSS score of 9.8, marking it as a critical severity issue. It specifically affects certain deployments of Portal for ArcGIS, a core component in the ArcGIS Enterprise ecosystem.Security Online
March 22, 2025 – APT
Chinese APT Aquatic Panda Conducted Global Espionage Campaign Affecting Seven Targets Using Five Malware Families Full Text
Abstract
The targeted entities include governments, catholic charities, non-governmental organizations (NGOs), and think tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States.The Hacker News
March 22, 2025 – Malware
Steam Pulls Game Demo Infecting Windows With Info-Stealing Malware Full Text
Abstract
Valve has removed from its Steam store the game title 'Sniper: Phantom's Resolution' following multiple users reporting that the demo installer infected their systems with information stealing malware.Bleeping Computer
March 22, 2025 – Ransomware
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates Full Text
Abstract
Researchers at Elastic Security Labs observed a Medusa ransomware attack that delivered the encryptor by means of a loader packed using a packer-as-a-service (PaaS) called HeartCrypt.The Hacker News
March 22, 2025 – Hacker
Dragon RaaS: Pro-Russian Hacktivist Group Walks the Razor’s Edge Between Cybercrime and Propaganda Full Text
Abstract
Known as Dragon RaaS, or simply Dragon Team, this emerging group blends political hacktivism with opportunistic cybercrime — all while operating under the shadowy umbrella of “The Five Families” cybercrime syndicate.Security Online
March 22, 2025 – Phishing
Fake Semrush Ads Used to Steal SEO Professionals’ Google Accounts Full Text
Abstract
In this latest case of "cascading fraud," the cybercriminals abuse the Semrush brand, a popular software-as-a-service (SaaS) platform used for SEO, online advertising, content marketing, and competitive research.Bleeping Computer
March 21, 2025 – Vulnerabilities
WordPress security plugin WP Ghost vulnerable to remote code execution bug Full Text
Abstract
The flaw, tracked as CVE-2025-26909, impacts all versions of WP Ghost up to 5.4.01 and stems from insufficient input validation in the 'showFile()' function. Exploitation could allow attackers to include arbitrary files via manipulated URL paths.Bleeping Computer
March 21, 2025 – Ransomware
VSCode Extensions Found Downloading Early-Stage Ransomware Full Text
Abstract
The two malicious extensions, named "ahban.shiba" and "ahban.cychelloworld," were downloaded seven and eight times, respectively, before they were eventually removed from the store.Bleeping Computer
March 21, 2025 – Hacker
Chinese Threat Actor UAT-5918 Targets Critical Infrastructure Entities in Taiwan Full Text
Abstract
Typical tooling used by UAT-5918 includes networking tools such as FRPC, FScan, In-Swor, Earthworm, and Neo-reGeorg. Credential harvesting is accomplished by dumping registry hives, NTDS, and using tools such as Mimikatz and browser data stealers.Talos
March 20, 2025 – Government
CISA Warns of Three Actively Exploited Security Vulnerabilities in IoT, Backup, and Enterprise Systems Full Text
Abstract
CISA reported three actively exploited vulnerabilities: a critical Edimax IP camera flaw (CVE-2025-1316) enabling botnet attacks, a NAKIVO backup issue (CVE-2024-48248) exposing data, and an SAP NetWeaver flaw (CVE-2017-12637) allowing file access.Security Online
March 20, 2025 – Malware
New Arcane Info-stealer Infects YouTube, Discord Users via Game Cheats Full Text
Abstract
The campaign distributing Arcane Stealer relies on YouTube videos promoting game cheats and cracks, tricking users into following a link to download a password-protected archive.Bleeping Computer
March 20, 2025 – Vulnerabilities
Multiple Vulnerabilities Patched in Dell SmartFabric OS10 Software Full Text
Abstract
The vulnerabilities, affecting version 10.5.6.x, could allow attackers to perform various malicious activities, including elevation of privileges, unauthorized access, code execution, and server-side request forgery.Security Online
March 20, 2025 – Phishing
Malware Campaign ‘DollyWay’ Targeted 20,000 WordPress Sites Full Text
Abstract
According to GoDaddy researcher Denis Sinegubko, DollyWay has been functioning as a large-scale scam redirection system in its latest version (v3). However, in the past, it has distributed more harmful payloads like ransomware and banking trojans.Bleeping Computer
March 20, 2025 – Vulnerabilities
Critical RCE Vulnerability Discovered in Veeam Backup & Replication Full Text
Abstract
While no public proof-of-concept (PoC) exploit has been released at the time of this publication, the large deployment footprint of Veeam Backup & Replication makes it an attractive target for attackers.Security Online
March 20, 2025 – Criminals
Leaked Black Basta Chats Suggest Russian Officials Aided Leader’s Escape from Armenia Full Text
Abstract
The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime gang and Russian authorities.The Hacker News
March 20, 2025 – Vulnerabilities
PoC Exploit Released for Windows Explorer Vulnerability Exposing NTLM Hashes Full Text
Abstract
A proof-of-concept (PoC) for the CVE-2025-24071 vulnerability is available on GitHub, and a Metasploit module for this flaw is also available. The flaw was addressed in the Microsoft Patch Tuesday this month.Security Online
March 20, 2025 – Attack
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners Full Text
Abstract
Bitdefender reported that hackers are exploiting a severe PHP flaw, CVE-2024-4577, on Windows CGI systems, deploying Quasar RAT and XMRig miners, with significant attacks in Taiwan, Hong Kong, and Brazil since late 2024.The Hacker News
March 19, 2025 – Vulnerabilities
Critical Flaws Expose SICK DL100 Devices to Code Execution and Password Hacks Full Text
Abstract
SICK strongly recommends operating the affected systems within a secure infrastructure to minimize risk. The advisory provides workarounds for each CVE, emphasizing the importance of applying general security practices.Security Online
March 19, 2025 – Vulnerabilities
Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems Full Text
Abstract
Organizations are recommended to apply the latest patches, enforce network segmentation by isolating SCADA systems from IT networks, enforce strong authentication, and monitor for suspicious activity.The Hacker News
March 19, 2025 – Government
CISA Warns of Critical Vulnerabilities in Sungrow iSolarCloud App and WiNet Firmware Full Text
Abstract
Sungrow has released updated firmware (WINET-SV200.001.00.P028 or higher) and advises all users to update the iSolarCloud Android App to the latest version immediately via their device’s app store.Security Online
March 19, 2025 – Malware
FIN7’s New Stealth Weapon, Anubis Backdoor, Emerges in the Wild Full Text
Abstract
The Anubis Backdoor is designed to provide attackers with full control over infected machines, employing evasion techniques to bypass traditional security measures. It allows attackers to execute remote shell commands and various system operations.Security Online
March 19, 2025 – Vulnerabilities
Stack Overflow Flaw Threatens Patient Data in PACS Servers, PoC Published Full Text
Abstract
Users of Sante PACS Server are strongly advised to upgrade to version 4.2.0 or later to patch these critical security flaws and protect their systems from potential attacks.Security Online
March 19, 2025 – Hacker
Indonesian Hacking Collective INDOHAXSEC Uncovered Full Text
Abstract
Throughout the last couple of months, the hacktivist group has conducted cyberattacks such as DDoS and has carried out ransomware attacks against numerous entities and governmental bodies in Southeast Asia.Artic Wolf
March 19, 2025 – Vulnerabilities
Node.js Library xml-crypto Hit by Critical Security Flaws Full Text
Abstract
Successful exploitation of these vulnerabilities can allow attackers to bypass authentication or authorization mechanisms in systems that use xml-crypto to verify signed XML documents.Security Online
March 19, 2025 – Attack
Update: GitHub Action Hack Likely Led to Another in Cascading Supply Chain Attack Full Text
Abstract
A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that leaked CI/CD secrets.Bleeping Computer
March 19, 2025 – Vulnerabilities
Synology Patches Critical Code Execution Flaw in Multiple Products Full Text
Abstract
Synology updated its security advisories to disclose a critical security vulnerability affecting several products, including Synology BeeStation Manager (BSM), Synology DiskStation Manager (DSM), and Synology Unified Controller (DSMUC).Security Online
March 19, 2025 – Malware
New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors Full Text
Abstract
Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects AI-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code.The Hacker News
March 18, 2025 – Vulnerabilities
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 Full Text
Abstract
An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017.The Hacker News
March 18, 2025 – Vulnerabilities
Multiple Security Vulnerabilities Plague PHP, Exposing Applications to Risk Full Text
Abstract
Researchers reported multiple security flaws in PHP’s HTTP stream wrapper, exposing web applications to risks like information leaks, denial of service, and request smuggling.Security Online
March 18, 2025 – Attack
Attackers Exploit OpenAI ChatGPT Vulnerability in the Wild Full Text
Abstract
A server-side request forgery (SSRF) vulnerability in ChatGPT, tracked as CVE-2024-27564, has become a significant target for cybercriminals, with over 10,479 attack attempts recorded from a single malicious IP, according to Veriti’s latest research.Security Online
March 18, 2025 – Phishing
Large-Scale Malicious App Campaign Bypasses Android Security to Conduct Ad Fraud Full Text
Abstract
A large-scale ad fraud campaign has resulted in more than 60 million downloads of malicious Android apps from the Google Play Store, according to a new analysis by Bitdefender.Infosecurity Magazine
March 18, 2025 – Phishing
New Steganographic Campaign Found Distributing Multiple Malware Variants Full Text
Abstract
The campaign was found distributing Remcos and AsyncRAT via phishing emails with malicious Excel files. These exploit vulnerabilities, download disguised JPGs with encoded payloads, and use process hollowing to steal data and maintain control.Seqrite
March 18, 2025 – Phishing
Sophisticated Phishing Campaign Exploiting Microsoft 365 Infrastructure Full Text
Abstract
By leveraging legitimate Microsoft domains and tenant misconfigurations, attackers conduct Business Email Compromise (BEC) operations, tricking users to provide information while maintaining a high degree of legitimacy.Quardz
March 18, 2025 – Phishing
OctoV2 Android Banking Trojan Masquerades as Deepseek AI in Phishing Attack Full Text
Abstract
A new report from K7 Labs uncovered a sophisticated Android banking trojan campaign that is disguised as a popular AI chatbot to deceive users. The OctoV2 malware is being spread through deceptive websites that mimic Deepseek AI.Security Online
March 18, 2025 – Government
FBI Issues Warning Over Free Online File Converters That Actually Install Malware Full Text
Abstract
Instead of converting files, the tools actually load malware onto victims’ computers. The FBI warned specifically that the malware infection can also lead to ransomware attacks.Malware Bytes
March 18, 2025 – Malware
Microsoft Warns of New StilachiRAT Malware Used for Crypto Theft, Reconnaissance Full Text
Abstract
While the malware (dubbed StilachiRAT) hasn't yet reached widespread distribution, Microsoft says it decided to publicly share indicators of compromise and mitigation guidance to help network defenders detect this threat and reduce its impact.Bleeping Computer
March 18, 2025 – Business
Varonis Acquires Database Security Firm Cyral Full Text
Abstract
New York City-based Varonis said it has acquired Florida-headquartered Cyral, a next-generation database activity monitoring provider, to enhance its data security platform offerings.CRN