July, 2025
July 30, 2025 – Hacker
Hafnium Tied to Advanced Chinese Surveillance Tools Full Text
Abstract
Recent investigations have revealed that the Chinese state-sponsored threat group Hafnium (also known as Silk Typhoon) is linked to a network of front companies developing advanced surveillance and cyber-espionage tools.Infosecurity Magazine
July 30, 2025 – Malware
Hidden Backdoor Found in ATM Network via Raspberry Pi Full Text
Abstract
An attack on ATM infrastructure was uncovered involving a Raspberry Pi device physically connected to a network switch shared with an ATM. UNC2891 used this device to bypass perimeter firewalls and gain remote access to the bank’s internal network.Infosecurity Magazine
July 30, 2025 – Outage
Cyberattack shuts down hundreds of Russian pharmacies, disrupts healthcare services Full Text
Abstract
A wave of cyberattacks severely disrupted healthcare and critical infrastructure services across Russia. Stolichki and Neofarm were forced to suspend operations, affecting access to medications and healthcare services for thousands of citizens.The Record
July 30, 2025 – Attack
Targeted attacks leverage accounts on popular online platforms as C2 servers Full Text
Abstract
A sophisticated cyberattack campaign active from late 2024 to April 2025 targeted Russian IT firms and international entities using Cobalt Strike Beacon. The attackers employed spear phishing, DLL hijacking, and social media-based payload delivery.Secure List
July 30, 2025 – Breach
US Tops Hit List as 396 SharePoint Systems Compromised Globally Full Text
Abstract
A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770/53771 and exploited via the ToolShell exploit, has led to the compromise of 396 systems across 41 countries.Infosecurity Magazine
July 30, 2025 – Business
Palo Alto Networks in talks to acquire CyberArk for over $20bn Full Text
Abstract
Palo Alto Networks is reportedly negotiating to acquire CyberArk Software, an Israeli publicly traded IT company, in a deal potentially exceeding $20bn. This potential acquisition of CyberArk would mark Palo Alto Networks’ largest deal to date.Yahoo
July 30, 2025 – Breach
Cybercriminals Attack Seychelles – Offshore Banking as a Target Full Text
Abstract
A cyberattack targeting Seychelles Commercial Bank (SCB) has resulted in the exfiltration of 2.2GB of sensitive customer and government data. The attacker, operating under the alias "ByteToBreach," exploited a vulnerability in Oracle WebLogic Server.ReSecurity
July 30, 2025 – Malware
Auto-Color Backdoor Malware Exploits SAP Vulnerability Full Text
Abstract
A new malware campaign has been identified targeting Linux systems via a critical SAP NetWeaver vulnerability (CVE-2025-31324). The malware, dubbed Auto-Color, was deployed in a targeted intrusion against a US-based chemicals company in April 2025.Infosecurity Magazine
July 30, 2025 – Attack
New Choicejacking Attack Steals Data from Phones via Public Chargers Full Text
Abstract
A newly identified USB-based attack technique, dubbed Choicejacking, enables cybercriminals to steal data from smartphones via public charging stations. This method bypasses traditional security prompts.Hack Read
July 30, 2025 – Government
Scattered Spider is targeting victims’ Snowflake data storage for quick exfiltration Full Text
Abstract
An updated joint advisory from U.S., U.K., Canadian, and Australian cybersecurity agencies warns of ongoing campaigns by Scattered Spider. This group is targeting Snowflake data storage environments to exfiltrate large volumes of sensitive data.The Record
July 29, 2025 – Breach
Cybercriminals give Indiana megachurch 7 days to pay $600K ransom after data breach Full Text
Abstract
Rhysida ransomware group has claimed responsibility for a cyberattack on the First Baptist Church of Hammond, Indiana. The attackers demanded a ransom of 5 BTC (~$594,000) and threatened to sell stolen data if unpaid.CompariTech
July 29, 2025 – Vulnerabilities
Critical Authentication Flaw Identified in Base44 Vibe Coding Platform Full Text
Abstract
A critical authentication vulnerability was discovered in Base44’s AI-driven "vibe coding" platform. The flaw allowed unauthorized users to bypass authentication mechanisms, including Single Sign-On (SSO), and gain access to private applications.Infosecurity Magazine
July 29, 2025 – Attack
GOLD BLADE Remote DLL Sideloading Attack Deploys RedLoader Full Text
Abstract
A new campaign by the GOLD BLADE threat group leverages remote DLL sideloading technique to deploy RedLoader malware. This attack chain combines malicious LNK files and WebDAV-based delivery mechanisms to evade detection and establish persistence.Sophos
July 29, 2025 – Criminals
FBI seizes $2.4M in Bitcoin from new Chaos ransomware operation Full Text
Abstract
The FBI has seized approximately 20.29 Bitcoins (valued at over $2.4 million) from a cryptocurrency address linked to a member of the new Chaos ransomware operation. This operation is believed to be a rebrand of the BlackSuit ransomware group.Bleeping Computer
July 29, 2025 – Solution
Cyware expands Intelligence Suite to streamline CTI program deployment and operations Full Text
Abstract
Cyware has announced a significant expansion of its Cyware Intelligence Suite, a modular and automated threat intelligence platform designed to streamline the deployment and operation of Cyber Threat Intelligence (CTI) programs.Help Net Security
July 29, 2025 – Vulnerabilities
Exploit available for critical Cisco ISE bug exploited in attacks Full Text
Abstract
A critical unauthenticated RCE vulnerability in Cisco ISE has been actively exploited in the wild. The issue was later split into two CVEs: CVE-2025-20281 (command injection) and CVE-2025-20337 (unsafe deserialization).Bleeping Computer
July 29, 2025 – Breach
Endgame Gear mouse config tool infected users with malware Full Text
Abstract
Between June 26 and July 9, 2025, the official configuration tool for the Endgame Gear OP1w 4k v2 wireless mouse—Endgame_Gear_OP1w_4k_v2_Configuration_Tool_v1_00.exe—was compromised with malware and distributed via Endgame Gear’s official website.Bleeping Computer
July 29, 2025 – Vulnerabilities
Flaw in Gemini CLI AI coding assistant allowed stealthy code execution Full Text
Abstract
A critical vulnerability in Google's Gemini CLI was discovered just two days later by researchers. The flaw allowed attackers to stealthily execute malicious commands and exfiltrate sensitive data from developers' systems using allowlisted programs.Bleeping Computer
July 29, 2025 – Breach
GLOBAL GROUP Ransomware Claims Breach of Media Giant Albavisión Full Text
Abstract
The GLOBAL GROUP ransomware gang, active since early June 2025, has claimed responsibility for a cyberattack on Albavisión. The group alleges the theft of 400 GB of data and has issued a 15-day ultimatum for negotiations before public data release.Hack Read
July 29, 2025 – Vulnerabilities
Lovense sex toy app flaw leaks private user email addresses Full Text
Abstract
A critical zero-day vulnerability in the Lovense sex toy app exposes users' private email addresses by leveraging publicly available usernames. The flaw enables attackers to automate email harvesting, posing significant privacy and security risks.Bleeping Computer
July 28, 2025 – Outage
Aeroflot blames IT issues for flight cancellations Full Text
Abstract
Russia’s largest airline, Aeroflot, experienced a major IT disruption on July 28, 2025, resulting in the cancellation of 49 flights (42 initially, with 7 more added later) and delays ranging from 25 minutes to nearly three hours.The Register
July 28, 2025 – Vulnerabilities
Naval Group Denies Hack Claims, Alleges “Reputational Attack” Full Text
Abstract
A high-severity vulnerability, tracked as CVE-2023-2533, has been identified in PaperCut's NG/MF product. This CSRF flaw could allow attackers to alter security settings or execute arbitrary code under specific conditions.Infosecurity Magazine
July 28, 2025 – Government
FBI alerts tie together threats of cybercrime, physical violence from The Com Full Text
Abstract
The FBI has issued a series of public service announcements (PSAs) warning about “The Com,” a rapidly growing and decentralized cybercriminal network composed primarily of minors and young adults aged 11 to 25.Cyber Scoop
July 28, 2025 – Breach
Massachusetts electric utility notifies hundreds of data breach that leaked SSNs and other info Full Text
Abstract
Massachusetts Municipal Wholesale Electric Company (MMWEC) disclosed a ransomware attack affecting at least 514 individuals, compromising SSNs, taxpayer IDs, and financial data. The BlackSuit gang claimed responsibility.CompariTech
July 28, 2025 – Criminals
Muddled Libra: From Social Engineering to Enterprise-Scale Disruption Full Text
Abstract
Muddled Libra, also known as Scattered Spider, has evolved from a small group of cryptocurrency-focused attackers into a highly organized, modular cybercrime syndicate capable of enterprise-scale disruption.Palo Alto Networks
July 28, 2025 – Policy and Law
Arizona Woman Jailed for Helping North Korea in $17M IT Job Scam Full Text
Abstract
The operation involved aiding North Korean IT workers in impersonating US residents to secure remote jobs at over 300 American companies, posing a significant threat to national security and corporate integrity.Hack Read
July 28, 2025 – Breach
Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack Full Text
Abstract
U.S. insurance giant Allianz Life has confirmed a significant data breach that compromised the personal information of the majority of its 1.4 million customers, financial professionals, and select employees.Tech Crunch
July 28, 2025 – Vulnerabilities
Post SMTP plugin flaw exposes 200K WordPress sites to hijacking attacks Full Text
Abstract
A critical vulnerability in the Post SMTP plugin for WordPress (CVE-2025-24000) exposes over 200,000 websites to potential account hijacking. The plugin has over 400,000 active installations, making the impact of this vulnerability significant.Bleeping Computer
July 26, 2025 – Ransomware
Hackers Use Weaponized .HTA Files to Infect Victims with Red Ransomware Full Text
Abstract
Hackers are using weaponized .HTA files to deploy the Epsilon Red ransomware, leveraging ActiveX and Windows Command Shell for stealthy payload delivery. The malware employs social engineering tactics.GBHackers
July 26, 2025 – Ransomware
New Gunra Ransomware Targets Windows Systems, Encrypts Files, and Erases Shadow Copies Full Text
Abstract
Gunra ransomware, active since April 2025, targets Windows systems and uses advanced tactics, including rapid file encryption and shadow copy deletion, to maximize impact. The ransomware shows similarities to Conti ransomware.GBHackers
July 26, 2025 – Policy and Law
Treasury sanctions North Koreans involved in IT-worker schemes Full Text
Abstract
The U.S. Department of the Treasury has sanctioned three North Korean nationals and their front company, Korea Sobaeksu Trading Co., for orchestrating remote IT-worker schemes that generate revenue for North Korea’s Munitions Industry Department.Cybersecurity Dive
July 26, 2025 – Phishing
Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files Full Text
Abstract
Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic intelligence. The campaign employs a five-stage execution chain.The Hacker News
July 25, 2025 – Vulnerabilities
Bloomberg Comdb2 null pointer dereference and denial-of-service vulnerabilities Full Text
Abstract
Researchers identified five critical vulnerabilities in Bloomberg’s Comdb2 version 8.1, an open-source clustered database system. These flaws can be exploited remotely to cause denial-of-service (DoS) conditions via specially crafted TCP packets.Talos Intelligence
July 25, 2025 – Botnet
New VoIP Botnet Targets Routers Using Default Passwords Full Text
Abstract
A newly discovered botnet campaign is exploiting VoIP-enabled routers by leveraging default password attacks over Telnet. Initially detected in a small New Mexico community, the operation has since expanded globally, compromising over 500 devices.GBHackers
July 25, 2025 – Breach
IR35 advisor Qdos confirms a data leak to techie clients Full Text
Abstract
Qdos, a UK-based business insurance and employment status specialist serving tech contractors, has confirmed a data breach involving unauthorized access to one of its web applications, mygoqdos.com.The Register
July 25, 2025 – Vulnerabilities
Tridium Niagara Framework Flaws Expose Sensitive Network Data Full Text
Abstract
Researchers uncovered 13 critical vulnerabilities in the Niagara Framework, developed by Tridium. These flaws, consolidated into 10 CVEs, affect building management, industrial automation, and smart infrastructure systems globally.GBHackers
July 25, 2025 – Outage
Morgan County 911 emergency services confirms ransomware attack via Qilin Full Text
Abstract
Morgan County 911, based in Decatur, Alabama, confirmed a ransomware attack by the Qilin group in May 2025. While administrative systems were disrupted, critical dispatch operations remained unaffected.CompariTech
July 25, 2025 – Breach
Toptal caught serving malware after GitHub compromise Full Text
Abstract
A recent supply chain attack compromised Toptal’s GitHub account, resulting in the distribution of malware through its Picasso developer toolbox. The attack affected over 5,000 downloads and involved 10 npm packages.The Register
July 24, 2025 – Breach
Hacker sneaks infostealer malware into early access Steam game Full Text
Abstract
Aether Forge Studios' early access game "Chemia" on Steam has been compromised by the threat actor EncryptHub (aka Larva-208) to distribute info-stealing malware. Despite the breach, the game remains available on Steam.Bleeping Computer
July 24, 2025 – Attack
Microsoft says Warlock ransomware deployed in SharePoint attacks as governments scramble Full Text
Abstract
A critical vulnerability in Microsoft SharePoint, tracked as CVE-2025-49706, is being actively exploited by the China-based threat actor Storm-2603 to deploy Warlock ransomware. This campaign has impacted over 400 organizations globally.The Record
July 24, 2025 – Malware
CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing Full Text
Abstract
CastleLoader is a newly identified malware loader actively used in campaigns to distribute a range of information stealers and remote access trojans (RATs), including DeerStealer, RedLine, StealC, NetSupport RAT, SectopRAT, and Hijack Loader.The Hacker News
July 24, 2025 – Breach
Cybercrime forum Leak Zone publicly exposed its users’ IP addresses Full Text
Abstract
A significant data exposure incident has been identified involving the cybercrime forum Leak Zone, which inadvertently leaked the IP addresses and login timestamps of its users due to a misconfigured Elasticsearch database.Tech Crunch
July 24, 2025 – Malware
Coyote malware abuses Microsoft UIA to hunt banking creds Full Text
Abstract
A new variant of the Coyote banking trojan has emerged as the first known malware to exploit Microsoft's UI Automation framework for credential theft. This enables the malware to extract banking credentials from users.The Register
July 24, 2025 – Vulnerabilities
Sonicwall fixes critical flaw in SMA appliances, urges customers to check for compromise (CVE-2025-40599) Full Text
Abstract
SonicWall has released a critical security update addressing CVE-2025-40599, a high-severity vulnerability in its SMA 100 series appliances. The flaw allows remote attackers with administrative privileges to upload arbitrary files, leading to RCE.Help Net Security
July 24, 2025 – Attack
Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems Full Text
Abstract
Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targeted systems. The attack chains entail the exploitation of CVE-2025-49706 and CVE-2025-49704.The Hacker News
July 24, 2025 – Government
U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog Full Text
Abstract
The CISA has added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These include critical flaws in CrushFTP, Google Chromium, and SysAid On-Prem software.Security Affairs
July 24, 2025 – General
Fake Receipt Generators Fuel Rise in Online Fraud Full Text
Abstract
A growing fraud-as-a-service ecosystem is leveraging fake receipt generators to facilitate online scams, particularly on resale platforms. MaisonReceipts and Receiptified.com, enable users to create highly realistic counterfeit receipts.Infosecurity Magazine
July 24, 2025 – Criminals
Suspected XSS Forum Admin Arrested in Ukraine Full Text
Abstract
A suspected administrator of the notorious Russian-language cybercrime forum XSS was arrested in Ukraine on July 22, 2025. The operation was a joint effort between Ukrainian authorities, French police, and Europol.Infosecurity Magazine
July 23, 2025 – Breach
France: New Data Breach Could Affect 340,000 Jobseekers Full Text
Abstract
France Travail, the French employment agency, experienced a data breach affecting approximately 340,000 jobseekers. The initial access vector was an infostealer malware that compromised a user account associated with a training organization.Infosecurity Magazine
July 23, 2025 – General
Ports are getting smarter and more hackable Full Text
Abstract
Maritime ports, which handle approximately 80% of global trade, are increasingly becoming targets of sophisticated cyberattacks. The most commonly affected systems include access control systems and vessel traffic management systems.Help Net Security
July 23, 2025 – Ransomware
Ransomware Groups Weaponize RMM Tools to Infiltrate Networks and Exfiltrate Data Full Text
Abstract
Ransomware groups are increasingly weaponizing Remote Monitoring and Management (RMM) tools—originally intended for legitimate IT operations—to conduct sophisticated cyber intrusions.GBHackers
July 23, 2025 – Phishing
Phishing campaign targets U.S. Department of Education’s G5 portal Full Text
Abstract
A sophisticated phishing campaign is targeting users of the U.S. Department of Education’s G5 portal, a critical platform used by educational institutions and vendors to manage federal education grants and funding.Help Net Security
July 23, 2025 – Breach
Global Fashion Label SABO’s 3.5M Customer Records Exposed Online Full Text
Abstract
A significant data breach has impacted global fashion brand SABO, exposing over 3.5 million customer records due to a misconfigured and unsecured database. The breach poses serious risks of phishing, social engineering, and financial fraud.Hack Read
July 23, 2025 – Vulnerabilities
ABB security advisory (AV25-441) Full Text
Abstract
ABB has issued a security advisory addressing a high-severity vulnerability (CVE-2025-7705) in its Switch Actuator 4 DU and Switch actuator, door/light 4 DU products. The bug, categorized as "Active Debug Code," affects all versions of these devices.Government of Canada
July 23, 2025 – Breach
Ransomware gang says it hacked PC maker iBUYPOWER Full Text
Abstract
A ransomware group known as Lynx has claimed responsibility for a cyberattack on gaming PC manufacturer iBUYPOWER and its sister brand HYTE. The attack disrupted several internal systems and has been listed on Lynx’s data leak site.CompariTech
July 23, 2025 – Vulnerabilities
Sophos security advisory (AV25-443) Full Text
Abstract
Sophos has released a security advisory (AV25-443) addressing multiple critical vulnerabilities in its firewall products. Sophos Firewall – version v21.0 GA (21.0.0) and prior Sophos Firewall – version v21.5 GA (21.5.0) and priorGovernment of Canada
July 23, 2025 – Attack
Microsoft SharePoint zero-day attacks pinned on China-linked ‘Typhoon’ threat groups Full Text
Abstract
Two critical zero-day vulnerabilities in Microsoft SharePoint—CVE-2025-53770 and CVE-2025-53771—are being actively exploited by China-linked threat actors Linen Typhoon, Violet Typhoon, and Storm-2603.Cyber Scoop
July 23, 2025 – Malware
Uncovering a Stealthy WordPress Backdoor in mu-plugins Full Text
Abstract
A stealthy backdoor has been discovered in WordPress installations, specifically targeting the mu-plugins directory. This malware leverages the must-use plugin mechanism to ensure automatic activation and persistence.Sucuri
July 22, 2025 – Policy and Law
Silicon Valley engineer admits theft of missile secrets Full Text
Abstract
A Silicon Valley-based engineer, Chenguang Gong, has pleaded guilty to stealing over 3,600 sensitive trade secret files from two US electronics manufacturers, including a military contractor.The Register
July 22, 2025 – Criminals
Startup takes personal data stolen by malware and sells it on to other companies Full Text
Abstract
Farnsworth Intelligence is offering access to data stolen by infostealer malware, claiming legality by sourcing it via a third-party vendor. The $50 entry-level version operates on a credit-based model.Malware Bytes
July 22, 2025 – Vulnerabilities
Microsoft: Windows Server KB5062557 causes cluster, VM issues Full Text
Abstract
Microsoft has confirmed that the Windows Server 2019 security update KB5062557 is causing significant issues with Cluster Services and VMs. Affected systems may experience repeated service restarts, node failures, and errors.Bleeping Computer
July 22, 2025 – Vulnerabilities
ExpressVPN bug leaked user IPs in Remote Desktop sessions Full Text
Abstract
A vulnerability in ExpressVPN's Windows client caused RDP traffic to bypass the VPN tunnel, exposing users' real IP addresses. The issue was active from version 12.97 to 12.101.0.2-beta and has since been patched in version 12.101.0.45.Bleeping Computer
July 22, 2025 – Breach
Hackers hit Dell product demo platform, but impact is limited Full Text
Abstract
Dell Technologies has confirmed a security breach involving its Solution Center, a platform used for product demonstrations and proof-of-concept testing. The WorldLeaks ransomware group has claimed responsibility.The Record
July 22, 2025 – Vulnerabilities
ISC BIND security advisory (AV25-440) Full Text
Abstract
On July 16, 2025, the Internet Systems Consortium (ISC) published security advisories addressing two vulnerabilities in ISC BIND 9. These issues affect multiple versions of BIND 9, and users are strongly encouraged to apply the necessary updates.Government of Canada
July 22, 2025 – APT
MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict Full Text
Abstract
Iran-linked APT group MuddyWater (also known as SeedWorm, TEMP.Zagros, and Static Kitten) has deployed new variants of the DCHSpy Android spyware amid the ongoing Iran-Israel conflict.Security Affairs
July 22, 2025 – Breach
After website hack, Arizona election officials unload on Trump’s CISA Full Text
Abstract
Arizona election officials reported a cyberattack on the state’s online candidate portal, where attacker(s) replaced candidate photos with images of the late Iranian Ayatollah Ruhollah Khomeini.Cyber Scoop
July 21, 2025 – Hacker
Russia Linked to New Malware Targeting Email Accounts for Espionage Full Text
Abstract
Russian military intelligence (GRU)-linked threat actors have been using previously unknown malicious software to enable espionage against victim email accounts, the UK’s National Cyber Security Centre (NCSC) has reported.Infosecurity
July 21, 2025 – Attack
A surveillance vendor was caught exploiting a new SS7 attack to track people’s phone locations Full Text
Abstract
Researchers at Enea said that they have observed an unnamed surveillance vendor exploiting the new bypass attack as far back as late 2024 to obtain the locations of people’s phones without their knowledge.Tech Crunch
July 19, 2025 – Ransomware
New Phobos and 8base ransomware decryptor recover files for free Full Text
Abstract
Japanese police released a free decryptor for Phobos and 8Base ransomware victims, enabling file recovery without paying a ransom. The decryptor was likely developed using intelligence obtained during a 2024 international law enforcement operation.Bleeping Computer
July 19, 2025 – Breach
Boston clinic notifies 185,000+ people of data breach that compromised patients’ personal and medical info Full Text
Abstract
The breach exposed sensitive patient data, including names, medical record numbers, diagnoses, medications, treatment details, claims information, dates of birth, and addresses.CompariTech
July 19, 2025 – Cryptocurrency
New Surge of Crypto-Jacking Hits Over 3,500 Websites Full Text
Abstract
A new wave of crypto-jacking has infected over 3,500 websites using stealthy JavaScript miners. This campaign marks a resurgence of browser-based mining reminiscent of Coinhive but with advanced evasion techniques.GBHackers
July 19, 2025 – Attack
A surveillance vendor was caught exploiting a new SS7 attack to track people’s phone locations Full Text
Abstract
Researchers discovered a surveillance vendor exploiting a new SS7 attack to covertly track individuals' phone locations. The attack bypasses telecom security measures to access cell tower data, enabling geolocation without user consent.Tech Crunch
July 19, 2025 – Government
UK sanctions Russian cyber spies accused of facilitating murders Full Text
Abstract
The United Kingdom has imposed sanctions on 18 officers of Russia’s military intelligence agency, the GRU, for conducting cyber operations that facilitated targeted missile strikes and attempted assassinations.The Record
July 18, 2025 – Malware
LameHug malware uses AI LLM to craft Windows data-theft commands in real-time Full Text
Abstract
A newly discovered malware family named LameHug is leveraging artificial intelligence to dynamically generate Windows data-theft commands in real-time. LameHug is the first malware to integrate LLM for operational command generation.Bleeping Computer
July 18, 2025 – Malware
Microsoft Teams voice calls abused to push Matanbuchus malware Full Text
Abstract
Matanbuchus is a malware-as-a-service (MaaS) operation first advertised on the dark web in early 2021 for $2,500. It is designed to execute malicious payloads directly in memory, enabling it to evade traditional detection mechanisms.Bleeping Computer
July 18, 2025 – Vulnerabilities
VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin Full Text
Abstract
VMware has patched four zero-day vulnerabilities in ESXi, Workstation, Fusion, and Tools. Three of these flaws (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238) are critical, allowing guest-to-host code execution.Bleeping Computer
July 18, 2025 – Criminals
Threat hunting case study: Lumma infostealer Full Text
Abstract
Between April and June 2024, Lumma's marketplace listed over 21,000 stolen data logs. In May 2025, a coordinated law enforcement operation led by Microsoft, DOJ, Europol, and J3C disrupted Lumma’s infrastructure.Intel 471
July 17, 2025 – Breach
Hacker steals $27 million in BigONE exchange crypto breach Full Text
Abstract
A significant security breach at the BigONE cryptocurrency exchange has resulted in the theft of approximately $27 million in digital assets. The attack was identified as a supply-chain compromise targeting the platform’s hot wallet infrastructure.Bleeping Computer
July 16, 2025 – Criminals
Italian police dismantle Romanian ransomware gang targeting nonprofits, film companies Full Text
Abstract
Italian authorities, in collaboration with French and Romanian law enforcement, have dismantled a Romanian ransomware group known as “Diskstation.” The group targeted victims in northern Italy, particularly in the Lombardy region.The Record
July 16, 2025 – Attack
Threat actor targets end-of-life SonicWall SMA 100 appliances in ongoing campaign Full Text
Abstract
A sophisticated threat campaign by UNC6148 is actively targeting fully patched but end-of-life SonicWall Secure Mobile Access (SMA) 100 appliances. The targeted appliances are fully patched but have reached end-of-life status.Cybersecurity Dive
July 16, 2025 – Breach
Adoption Agency Data Exposure Revealed Information About Children and Parents Full Text
Abstract
A significant data exposure incident involving the Gladney Center for Adoption has revealed over 1.1 million sensitive records related to children, birth parents, adoptive families, and caregivers.Wired
July 16, 2025 – Breach
Compumedics data breach leaks patient info from a dozen hospitals and clinics Full Text
Abstract
Compumedics and its subsidiary NeuroMedical Supplies suffered a ransomware attack in March 2025, compromising sensitive data of at least 320,404 individuals. The Van Helsing ransomware group claimed responsibility for the attack.Comparitech
July 16, 2025 – Breach
UK retail giant Co-op confirms hackers stole all 6.5 million customer records Full Text
Abstract
UK retail giant Co-op has confirmed a significant data breach that compromised the personal information of all 6.5 million of its customers. The breach is attributed to the cybercriminal group Scattered Spider.Tech Crunch
July 16, 2025 – Criminals
Police disrupt “Diskstation” ransomware gang attacking NAS devices Full Text
Abstract
An international law enforcement operation, codenamed 'Operation Elicius', dismantled the Romanian ransomware gang known as 'Diskstation'. The group encrypted the systems of several companies in the Lombardy region of Italy.Bleeping Computer
July 16, 2025 – Vulnerabilities
Meta fixes bug that could leak users’ AI prompts and generated content Full Text
Abstract
The vulnerability posed a significant privacy risk, potentially exposing sensitive user-generated content. Although Meta found no evidence of abuse, the flaw could have allowed unauthorized access to private AI interactions.Tech Crunch
July 16, 2025 – Denial Of Service
Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors Full Text
Abstract
A new wave of hyper-volumetric Distributed Denial-of-Service (DDoS) attacks has reached unprecedented levels, with a record-breaking peak of 7.3 terabits per second (Tbps) and 4.8 billion packets per second (Bpps).The Hacker News
July 15, 2025 – Phishing
UK Pet Owners Targeted by Fake Microchip Renewal Scams Full Text
Abstract
A sophisticated phishing campaign is targeting UK pet owners with fake microchip renewal emails. These emails appear highly credible, often including accurate pet details such as name, breed, and microchip number.HackRead
July 15, 2025 – Malware
AsyncRAT evolves as ESET tracks its most popular malware forks Full Text
Abstract
ESET identified several prominent AsyncRAT forks actively used in cyberattacks, including DcRat, VenomRAT, and SilverRAT. DcRat offers an expanded feature set, while VenomRAT includes even more advanced capabilities.Help Net Security
July 15, 2025 – Malware
Android malware Konfety uses malformed APKs to evade detection Full Text
Abstract
Konfety masquerades as legitimate applications but delivers none of the promised functionality. It is designed to fetch hidden ads, exfiltrate device data, and potentially load additional malicious modules dynamically.Bleeping Computer
July 15, 2025 – Breach
DragonForce hackers claim responsibility for Belk data breach Full Text
Abstract
DragonForce, a ransomware group operating under a Ransomware-as-a-Service (RaaS) model, has claimed responsibility for a data breach targeting Belk, a North Carolina-based department store chain.Cybersecurity Dive
July 15, 2025 – Breach
Chicago-area school district notifies 11.5K people of data breach compromising student records, SSNs, finances, and medical info Full Text
Abstract
Indian Springs School District 109, located in Justice, Illinois, disclosed a ransomware attack that compromised the personal data of 11,542 individuals. The breach is attributed to the RansomHub ransomware group.CompariTech
July 15, 2025 – Breach
Ransomware gang to release data from Lorain County Auditor’s Office today Full Text
Abstract
The Lorain County Auditor’s Office in Ohio was targeted by the Global ransomware group in a cyberattack that occurred on May 27. Global RaaS)group, has claimed responsibility and alleges possession of private data, including bank account information.CompariTech
July 15, 2025 – Phishing
Abacus Market Shutters After Exit Scam, Say Experts Full Text
Abstract
Abacus Market, the Western world’s highest-grossing dark web marketplace, went offline in early July 2025, following user reports of withdrawal issues that began in late June. Experts believe this marks a classic exit scam.Infosecurity Magazine
July 15, 2025 – Vulnerabilities
Researchers Jailbreak Grok-4 AI Within 48 Hours of Launch Full Text
Abstract
Researchers successfully jailbroke Elon Musk’s Grok-4 AI within 48 hours of its launch. By combining two advanced techniques—Echo Chamber and Crescendo—they bypassed the AI’s security filters and extracted instructions for creating dangerous items.HackRead
July 15, 2025 – Vulnerabilities
Why skipping security prompting on Grok’s newest model is a huge mistake Full Text
Abstract
Researchers identified critical vulnerabilities in Grok 4, particularly when deployed without system-level security prompting. The model was found to be highly susceptible to prompt injection attacks and capable of generating harmful content.Cyber Scoop
July 14, 2025 – Malware
Malicious VSCode extension in Cursor IDE led to $500K crypto theft Full Text
Abstract
A malicious VSCode-compatible extension named Solidity Language distributed via the Cursor AI IDE's Open VSX registry led to the theft of $500,000 in cryptocurrency. The extension impersonated a legitimate Ethereum smart contract syntax highlighter.Bleeping Computer
July 12, 2025 – Vulnerabilities
Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257) Full Text
Abstract
Fortinet released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on susceptible instances. Tracked as CVE-2025-25257, the bug carries a CVSS score of 9.6.The Hacker News
July 12, 2025 – Vulnerabilities
CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch Full Text
Abstract
The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes.Bleeping Computer
July 12, 2025 – Vulnerabilities
NVIDIA shares guidance to defend GDDR6 GPUs against Rowhammer attacks Full Text
Abstract
NVIDIA is warning users to activate System Level Error-Correcting Code mitigation to protect against Rowhammer attacks on graphical processors with GDDR6 memory. New research demonstrates a Rowhammer attack against an NVIDIA A6000 GPU.Bleeping Computer
July 12, 2025 – Vulnerabilities
The zero-day that could’ve compromised every Cursor and Windsurf user Full Text
Abstract
A security researcher stumbled upon a critical zero-day buried deep in the infrastructure powering today’s AI coding tools. Had it been exploited, a non-sophisticated attacker could’ve hijacked over 10 million machines with a single stroke.Bleeping Computer
July 11, 2025 – Breach
Louis Vuitton says UK customer data stolen in cyber-attack Full Text
Abstract
Louis Vuitton, the flagship brand of French luxury conglomerate LVMH, has confirmed a cyber-attack targeting its UK operations, resulting in the unauthorized access and theft of customer data.The Guardian
July 11, 2025 – Vulnerabilities
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild Full Text
Abstract
A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild. The vulnerability, CVE-2025-47812, is a case of improper handling of null ('\0') bytes in the server's web interface.The Hacker News
July 11, 2025 – Cryptocurrency
Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord Full Text
Abstract
Cryptocurrency users are the target of an ongoing social engineering campaign that employs fake startup companies to trick users into downloading malware that can drain digital assets from both Windows and macOS systems.The Hacker News
July 11, 2025 – Malware
Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques Full Text
Abstract
The SLOW#TEMPEST campaign employs sophisticated obfuscation techniques such as dynamic jumps and obfuscated function calls to evade detection. CFG obfuscation disrupts the predictable execution flow, complicating both static and dynamic analysis.Palo Alto Networks
July 11, 2025 – Ransomware
Anatomy of a Scattered Spider attack: A growing ransomware threat evolves Full Text
Abstract
Scattered Spider is increasingly making headlines of late, evolving its techniques and broadening the scope of its criminal activities against a wider array of enterprises.CSO Online
July 11, 2025 – Government
MPs Warn of “Significant” Iranian Cyber-Threat to UK Full Text
Abstract
A recent report by the UK Parliament’s ISC has raised alarms over the potential for significant disruption to the UK’s petrochemical, utilities, and finance sectors, especially amid escalating geopolitical tensions.Infosecurity Magazine
July 10, 2025 – Malware
macOS.ZuRu Resurfaces | Modified Khepri C2 Hides Inside Doctored Termius App Full Text
Abstract
A new variant of the macOS.ZuRu malware has resurfaced, targeting macOS users through a trojanized version of the Termius SSH client. This version incorporates a modified Khepri C2 beacon and introduces new techniques for persistence.Sentinel One
July 10, 2025 – Vulnerabilities
Critical Bluetooth Protocol Vulnerabilities Expose Devices to RCE Attacks Full Text
Abstract
Security researchers have uncovered a critical set of Bluetooth vulnerabilities, dubbed PerfektBlue, in OpenSynergy’s BlueSDK framework. These flaws affect millions of devices, including in-vehicle infotainment systems.GBHackers
July 10, 2025 – Vulnerabilities
Asus and Adobe vulnerabilities Full Text
Abstract
Researchers have discovered four critical vulnerabilities—two in Asus Armoury Crate and two in Adobe Acrobat Reader. These vulnerabilities have been patched by their respective vendors.Talos Intelligence
July 10, 2025 – Breach
Pierce County, WA libraries notify 336K people of data breach Full Text
Abstract
The Pierce County Library System (PCLS) has notified 336,826 individuals of a ransomware attack by the Inc group in April 2025, which exposed names and dates of birth. Inc posted images of stolen driver’s licenses, passports, and internal documents.Comparitech
July 10, 2025 – Vulnerabilities<br
AMD warns of new Meltdown, Spectre-like bugs affecting CPUs Full Text
Abstract
AMD has disclosed four new side-channel vulnerabilities, collectively termed Transient Scheduler Attacks (TSA), affecting a broad range of its CPUs. Successful exploitation of the TSA vulnerabilities could lead to information disclosure.The Register
July 10, 2025 – Breach
Bitcoin Depot breach exposes data of nearly 27,000 crypto users Full Text
Abstract
Bitcoin Depot has disclosed a data breach affecting nearly 27,000 customers. The breach exposed sensitive personal information typically collected during Know-Your-Customer (KYC) verification processesBleeping Computer
July 10, 2025 – Breach
Nippon Steel Solutions suffered a data breach following a zero-day attack Full Text
Abstract
Nippon Steel Solutions disclosed a data breach resulting from a zero-day attack on its network equipment. The breach led to unauthorized access and potential leakage of personal data belonging to customers, partners, and employees.Security Affairs
July 10, 2025 – Malware
Browser extensions turn nearly 1 million browsers into website-scraping bots Full Text
Abstract
A recent investigation uncovered that 245 browser extensions—installed on nearly 1 million devices—are covertly turning users' browsers into web scraping bots. These extensions, available on Chrome, Firefox, and Edge, embed the MellowTel-jsx library.Ars Technica
July 10, 2025 – APT
DoNot APT is expanding scope targeting European foreign ministries Full Text
Abstract
DoNot APT, also known as APT-C-35 and Origami Elephant, is a cyberespionage group likely linked to India. In a recent campaign, the group deployed a new malware variant, LoptikMod, to infiltrate European foreign ministries.Security Affairs
July 10, 2025 – Breach
McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried the Password ‘123456’ Full Text
Abstract
A critical security vulnerability in McDonald’s AI-powered hiring platform, McHire.com, exposed the personal data of millions of job seekers. The breach was caused by the use of the weak password “123456” for administrative access.Wired
July 9, 2025 – Breach
Server with Rockerbox Tax Firm Data Exposed 286GB of Records Full Text
Abstract
A significant data exposure incident has been uncovered involving Rockerbox, a Texas-based tax credit consultancy. The exposure involved 245,949 records totaling 286.9 GB of data, including highly sensitive personal and financial information.HackRead
July 9, 2025 – Breach
Canadian media giant Rogers named as victim of Chinese telecom hackers Full Text
Abstract
Rogers Communications has been identified as a victim of the Chinese state-sponsored threat actor Salt Typhoon. The campaign exploited vulnerabilities in Cisco routers to gain access to sensitive communications infrastructure.NextGov
July 9, 2025 – Vulnerabilities
New ServiceNow flaw lets attackers enumerate restricted data Full Text
Abstract
A critical vulnerability in ServiceNow, tracked as CVE-2025-3648 and dubbed Count(er) Strike, allows low-privileged users to enumerate restricted data from protected tables. The flaw stems from overly permissive Access Control List configurations.Bleeping Computer
July 9, 2025 – Attack
New Android TapTrap attack fools users with invisible UI trick Full Text
Abstract
A newly discovered Android attack technique, dubbed TapTrap, enables stealthy tapjacking by exploiting UI animation transitions. Unlike traditional overlay-based methods, TapTrap works even with zero-permission apps.Bleeping Computer
July 9, 2025 – Breach
M&S confirms social engineering led to massive ransomware attack Full Text
Abstract
M&S confirmed today that the retail outlet's network was initially breached in a "sophisticated impersonation attack" that ultimately led to a DragonForce ransomware attack. The breach began on April 17.Bleeping Computer
July 9, 2025 – Vulnerabilities
Microsoft Patch Tuesday for July 2025 — Snort rules and prominent vulnerabilities Full Text
Abstract
Microsoft’s July 2025 Patch Tuesday addresses 132 vulnerabilities, including 14 marked as critical. These span across Windows services, Microsoft Office, SharePoint, Hyper-V, and SQL Server.Talos Intelligence
July 9, 2025 – Ransomware
Iranian ransomware crew promises big bucks for US attacks Full Text
Abstract
An Iranian ransomware group, Pay2Key, has resurfaced as Pay2Key.I2P after a five-year hiatus, operating as a RaaS platform. The group is offering affiliates up to 80% of ransom proceeds for targeting US and Israeli organizations.The Register
July 9, 2025 – Policy and Law
Treasury slaps sanctions on people, companies tied to North Korean IT worker schemes Full Text
Abstract
The U.S. Department of the Treasury has imposed sanctions on individuals and entities involved in a North Korean IT worker scheme designed to covertly fund DPRK weapons of mass destruction and ballistic missile programs.Cyber Scoop
July 8, 2025 – Malware
Malicious Chrome extensions with 1.7M installs found on Web Store Full Text
Abstract
Security researchers have uncovered a widespread browser hijacking campaign involving 18 malicious extensions on the Chrome and Microsoft Edge Web Stores, collectively downloaded over 2.3 million times.Bleeping Computer
July 8, 2025 – Breach
IES Communications notifies 6,000+ employees of data breach that compromised SSNs and payroll info Full Text
Abstract
IES Communications, a U.S.-based IT contractor, has disclosed a ransomware attack that compromised sensitive data of 6,241 employees. The attack has been attributed to the Chaos ransomware group, which claims to have exfiltrated 1 TB of data.Comparitech
July 8, 2025 – Malware
Android malware Anatsa infiltrates Google Play to target US banks Full Text
Abstract
The Anatsa Android banking trojan has once again infiltrated Google Play, this time through an app disguised as a PDF viewer named ‘Document Viewer – File Reader’. The malware targets users of North American banking apps.Bleeping Computer
July 8, 2025 – Criminals
Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant Full Text
Abstract
Italian authorities have arrested Zewei Xu, a Chinese national suspected of cyberespionage activities linked to the China-nexus Advanced Persistent Threat (APT) group Hafnium, also known as Silk Typhoon.Security Affairs
July 8, 2025 – Malware
Atomic macOS infostealer adds backdoor for persistent attacks Full Text
Abstract
A new variant of AMOS has been discovered with an embedded backdoor. AMOS campaigns have impacted users in over 120 countries, with the US, France, Italy, the UK, and Canada among the most affected.Bleeping Computer
July 8, 2025 – Ransomware
Beware of Bert: New ransomware group targets healthcare, tech firms Full Text
Abstract
A new ransomware group named Bert has emerged, targeting healthcare, technology, and event services sectors across Asia, Europe, and the U.S. The ransomware affects both Windows and Linux systems and is under active development.The Record
July 8, 2025 – Breach
Rehab clinics in Jacksonville, FL targeted by new ransomware gang Full Text
Abstract
The breach affected 34,498 individuals and compromised sensitive data such as names, Social Security numbers, addresses, dates of birth, state-issued ID numbers, medical treatment details, and health insurance information.Comparitech
July 8, 2025 – Malware
Hackers abuse leaked Shellter red team tool to deploy infostealers Full Text
Abstract
Threat actors have exploited a leaked copy of Shellter Elite v11.0, a commercial AV/EDR evasion tool, to deploy infostealers including Rhadamanthys, Lumma, and Arechclient2.Bleeping Computer
July 8, 2025 – Attack
Cyberattack deals blow to Russian firmware used to repurpose civilian drones for Ukraine war Full Text
Abstract
A sophisticated cyberattack has disrupted the infrastructure used to distribute the “1001” firmware—custom software developed by Russian entities to convert civilian DJI drones for military use in the ongoing conflict in Ukraine.The Record
July 7, 2025 – Attack
Hackers Abuse Legitimate Inno Setup Installer to Deliver Malware Full Text
Abstract
The attack begins with a malicious Inno Setup installer that leverages Pascal scripting to execute a series of evasion techniques, including debugger and sandbox detection.GBHackers
July 7, 2025 – Vulnerabilities
Critical Sudo bugs expose major Linux distros to local root exploits Full Text
Abstract
Researchers disclosed two vulnerabilities (CVE-2025-32462 and CVE-2025-32463) in the Sudo command-line utility for Linux and Unix-like operating systems. Local attackers can exploit them to escalate privileges to root on affected systems.Security Affairs
July 7, 2025 – Vulnerabilities
Researchers Warn of Exposed JDWP Interfaces Targeted for Cryptomining Attacks Full Text
Abstract
Since JDWP lacks authentication or access control mechanisms, exposing the service to the internet can open up a new attack vector that attackers can abuse as an entry point, enabling full control over the running Java process.The Hacker News
July 7, 2025 – General
Cybercriminals jump on .es domain for credential phishing trip Full Text
Abstract
Cybersecurity experts at Cofense reported a 19x increase in malicious campaigns being launched from .es domains, making it the third most common, behind only .com and .ru.The Register
July 7, 2025 – Phishing
North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates Full Text
Abstract
Victims are tricked into installing the malware through phishing links sent via Calendly or Telegram. NimDoor is written in Nim, uses encrypted communications, and steals data like browser history and Keychain credentials.Security Affairs
July 7, 2025 – Outage
Ingram Micro confirms ransomware behind multi-day outage Full Text
Abstract
The Safepay ransomware claimed to have accessed sensitive information, including financial statements, intellectual property, accounting records, lawsuits and complaints, personal and customer files, bank details, transactions, etc.The Register
July 7, 2025 – Botnet
New Hpingbot Exploits Pastebin for Payload Delivery and Uses Hping3 for DDoS Attacks Full Text
Abstract
NSFOCUS Fuying Lab’s Global Threat Hunting System has discovered a new botnet family called “hpingbot” that has been quickly expanding since June 2025, marking a significant shift in the cybersecurity scene.GBHackers
July 7, 2025 – General
New technique detects tampering or forgery of a PDF document Full Text
Abstract
With the PDF format being used as a formal means of communication in multiple industries, it has become a good target for criminals who wish to affect contracts or aid in misinformation.Help Net Security
July 7, 2025 – Vulnerabilities
ScriptCase Vulnerabilities Allow Remote Code Execution and Full Server Compromise Full Text
Abstract
Two critical vulnerabilities have been discovered in ScriptCase, a popular low-code PHP web application generator, which puts thousands of servers at risk of remote code execution and complete compromise.GBHackers
July 5, 2025 – Vulnerabilities
Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack Full Text
Abstract
Three critical vulnerabilities in Apache Tomcat (CVE-2025-24813) and Apache Camel (CVE-2025-27636, CVE-2025-29891) enable remote code execution (RCE), allowing attackers to hijack systems.Palo Alto Network
July 5, 2025 – Botnet
RondoDox Unveiled: Breaking Down a New Botnet Threat Full Text
Abstract
RondoDox is a new botnet threat that exploits two critical vulnerabilities: CVE-2024-3721 (TBK DVR models) and CVE-2024-12856 (Four-Faith router models). These vulnerabilities allow remote attackers to execute arbitrary commands.Fortinet
July 5, 2025 – Attack
China-linked attacker hit France’s critical infrastructure via trio of Ivanti zero-days last year Full Text
Abstract
A China-linked threat actor, UNC5174, exploited three Ivanti CSA zero-days (CVE-2024-8190, CVE-2024-8963, CVE-2024-9380) to target French critical infrastructure sectors from September to November 2024.CyberScoop
July 5, 2025 – Phishing
Scammers have a new tactic: impersonating DOGE Full Text
Abstract
The campaign targeted over 1,800 email addresses and more than 350 organizations, including colleges, universities, transit entities, and government bodies. The attackers aim to steal PII.Fedscoop
July 5, 2025 – Vulnerabilities
Critical Vulnerabilities in Grafana Image Renderer and Synthetic Monitoring Agent Full Text
Abstract
On July 3, 2025, Grafana issued a security advisory addressing critical vulnerabilities in two of its products: Grafana Image Renderer (versions prior to 3.12.9) and Synthetic Monitoring Agent (versions prior to 0.38.3).Government of Canada
July 5, 2025 – Attack
NTLM relay attacks are back from the dead Full Text
Abstract
NTLM relay attacks can compromise domain-joined hosts without requiring password cracking. These attacks can reach Tier Zero assets, significantly increasing the risk and potential damage.Help Net Security
July 4, 2025 – Breach
Hacker leaks Telefónica data allegedly stolen in a new breach Full Text
Abstract
A threat actor affiliated with the HellCat ransomware group has claimed responsibility for a significant data breach at Telefónica. The attacker, known as "Rey", alleges the exfiltration of over 106GB of sensitive internal data.Bleeping Computer
July 4, 2025 – Breach
City of Coppell, TX notifies 17K residents of data breach following ransomware attack Full Text
Abstract
The City of Coppell, Texas, has notified 16,835 residents of a data breach following a ransomware attack in October 2024. The breach exposed sensitive personal data, including Social Security numbers.Comparitech
July 4, 2025 – Government
Taiwan Flags Chinese Apps Over Data Security Violations Full Text
Abstract
Taiwan’s National Security Bureau (NSB) has issued a public warning following random inspections of five Chinese-developed mobile applications—TikTok, WeChat, Weibo, Baidu Cloud, and rednote—widely used by Taiwanese citizens.Infosecurity Magazine
July 4, 2025 – Vulnerabilities
Researchers Defeat Content Security Policy Protections via HTML Injection Full Text
Abstract
Security researchers have demonstrated a method to bypass nonce-based Content Security Policy (CSP) protections using HTML injection, CSS-based nonce leakage, and browser cache manipulation.GBHackers
July 3, 2025 – Malware
TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns Full Text
Abstract
Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader.The Hacker News
July 3, 2025 – Vulnerabilities
Wing FTP Server Vulnerability Allows Full Server Takeover by Attackers Full Text
Abstract
A critical vulnerability identified as CVE-2025-47812 affects Wing FTP Server versions v7.4.3 and earlier. Wing FTP released a security update on May 14, 2025, to address this issue. Proof-of-concept exploit code is publicly available.GBHackers
July 3, 2025 – Ransomware
Hunters International ransomware shuts down, releases free decryptors Full Text
Abstract
Hunters International, a prolific Ransomware-as-a-Service (RaaS) operation responsible for nearly 300 global attacks, has officially shut down. The group announced the closure on July 3, 2025, offering free decryption tools to victims.Bleeping Computer
July 3, 2025 – Ransomware
Cl0p Ransomware’s Exfiltration Process Exposes RCE Vulnerability Full Text
Abstract
A newly disclosed vulnerability in the Python-based data-exfiltration utility used by the notorious Cl0p ransomware group has exposed the cybercrime operation itself to potential attack. The vulnerability is rated 8.9 (High) on the CVSS 4.0 scale.GBHackers
July 3, 2025 – Vulnerabilities
ModSecurity WAF Vulnerability Enables DoS Using Empty XML Elements Full Text
Abstract
A newly disclosed vulnerability in ModSecurity, a widely used open-source web application firewall (WAF), exposes servers to denial-of-service (DoS) attacks by exploiting a flaw in the way the software parses empty XML elements.GBHackers
July 3, 2025 – Phishing
China-linked hackers spoof big-name brand websites to steal shoppers’ payment info Full Text
Abstract
A sophisticated phishing campaign, likely operated by China-based cybercriminals, is targeting global online shoppers through thousands of fraudulent retail websites impersonating major brands.The Record
July 2, 2025 – Outage
Medical device company Surmodics reports cyberattack, says it’s still recovering Full Text
Abstract
Surmodics, a Minnesota-based medical device manufacturer, reported a cyberattack discovered on June 5, 2025, which forced the company to shut down parts of its IT infrastructure.The Record
July 2, 2025 – Vulnerabilities
Cisco warns that Unified CM has hardcoded root SSH credentials Full Text
Abstract
The flaw involves hardcoded root SSH credentials that could allow unauthenticated remote attackers to gain root access to affected systems. Successful exploitation of this vulnerability allows attackers to log in remotely with root privileges.Bleeping Computer
July 2, 2025 – Cryptocurrency
Dozens of fake wallet add-ons flood Firefox store to drain crypto Full Text
Abstract
A large-scale malicious campaign has been uncovered involving over 40 fake cryptocurrency wallet extensions on the Firefox add-ons store. These extensions impersonate legitimate wallets to steal sensitive user data.Bleeping Computer
July 2, 2025 – General
Windows Shortcut (LNK) Malware Strategies Full Text
Abstract
Hackers are increasingly leveraging LNK files to deliver malware, with malicious LNK samples rising from 21,098 in 2023 to 68,392 in 2024. They exploit the flexibility of LNKs to execute malicious payloads while masquerading as legitimate files.Palo Alto Networks
July 2, 2025 – Breach
Dozens of Corporates Caught in Kelly Benefits Data Breach Full Text
Abstract
Kelly Benefits disclosed a significant data breach that affected over 553,000 individuals. The breach, which occurred in December 2024, has impacted dozens of corporate clients across critical sectors including healthcare and financial services.Infosecurity Magazine
July 2, 2025 – Breach
Qantas reveals data theft impacting six million customers Full Text
Abstract
Australian airline Qantas detected a cyberattack involving a third-party platform used by its contact center. The breach, publicly disclosed on July 2, 2025, potentially exposed personal data of up to six million customers.The Register
July 2, 2025 – Government
U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog Full Text
Abstract
The CISA added two vulnerabilities in TeleMessage TM SGNL to its KEV catalog. These flaws—CVE-2025-48927 and CVE-2025-48928—have been actively exploited in the wild and pose a significant risk to federal and private sector networks.Security Affairs
July 1, 2025 – Criminals
Aeza Group sanctioned for hosting ransomware, infostealer servers Full Text
Abstract
The U.S. Department of the Treasury has sanctioned Russian hosting provider Aeza Group and four of its operators for providing bulletproof hosting services to cybercriminals.Bleeping Computer
July 1, 2025 – Breach
Food Retailer Ahold Delhaize Discloses Data Breach Impacting 2.2m Full Text
Abstract
Ahold Delhaize, a major global food retailer, disclosed a ransomware attack on its US operations that exposed personal data of over 2.2 million individuals. The attack was detected on November 6, and primarily affected internal employment records.Infosecurity Magazine
July 1, 2025 – Policy and Law
Seven months for IT worker who trashed his work network Full Text
Abstract
A British IT worker has been sentenced to over seven months in prison after launching a retaliatory cyberattack against his employer’s network. Within hours of suspension, he began altering login names and passwords, disrupting internal operations.The Register
July 1, 2025 – Criminals
DOJ raids 29 ‘laptop farms’ in operation against North Korean IT worker scheme Full Text
Abstract
The DOJ launched a major crackdown on a North Korean IT worker scheme, conducting raids on 29 "laptop farms" across 16 states. These workers accessed sensitive data, including International Traffic in Arms Regulations (ITAR) information.The Record
July 1, 2025 – Criminals
Identities of More Than 80 Americans Stolen for North Korean IT Worker Scams Full Text
Abstract
A recent DOJ operation has uncovered a large-scale North Korean impersonation scheme involving the theft of over 80 American identities. These identities were used to fraudulently secure remote IT jobs at more than 100 U.S. companies.Wired
July 1, 2025 – General
Crypto Hack Losses in First Half of 2025 Exceed 2024 Total Full Text
Abstract
The first half of 2025 has seen a dramatic surge in cryptocurrency-related cybercrime, with total losses from scams, hacks, and exploits reaching approximately $2.47 billion. This figure already surpasses the total losses recorded in all of 2024.Infosecurity Magazine
July 1, 2025 – Vulnerabilities
Google fixes fourth actively exploited Chrome zero-day of 2025 Full Text
Abstract
Google has released an emergency update to patch CVE-2025-6554, a high-severity zero-day vulnerability in the Chrome V8 JavaScript engine. This marks the fourth actively exploited Chrome zero-day addressed in 2025.Bleeping Computer
July 1, 2025 – Attack
International Criminal Court targeted by new ‘sophisticated’ attack Full Text
Abstract
The International Criminal Court (ICC) has reported a new, sophisticated, and targeted cybersecurity incident, detected and contained through its internal alert and response mechanisms.The Record
July 1, 2025 – Breach
Johnson Controls starts notifying people affected by 2023 breach Full Text
Abstract
The ransomware attack forced Johnson Controls to shut down large portions of its IT infrastructure, severely impacting global operations and customer-facing systems. The initial breach occurred in Johnson Controls’ Asian offices in February 2023.Bleeping Computer
July 1, 2025 – Criminals
Europol helps disrupt $540 million crypto investment fraud ring Full Text
Abstract
Spanish authorities, with support from Europol and international partners, have dismantled a transnational cryptocurrency investment fraud ring responsible for laundering approximately $540 million and defrauding over 5,000 victims globally.Bleeping Computer