May, 2025
May 30, 2025 – Attack
Hackers Use Gh0st RAT to Hijack Internet Café Systems for Crypto Mining Full Text
Abstract
A sophisticated malware campaign has been targeting South Korean Internet cafés since mid-2024, exploiting management software to deploy Gh0st RAT and T-Rex CoinMiner for unauthorized cryptocurrency mining.GBHackers
May 30, 2025 – Breach
Threat Actor Claims TikTok Breach, Puts 428 Million Records Up for Sale Full Text
Abstract
A newly emerged threat actor, “Often9,” has claimed to possess a dataset containing 428 million unique TikTok user records. The data is allegedly being sold on a prominent cybercrime forum and includes sensitive, non-public user information.HackRead
May 30, 2025 – Hacker
Earth Lamia Develops Custom Arsenal to Target Multiple Industries Full Text
Abstract
A Chinese threat actor group known as Earth Lamia has been actively exploiting known vulnerabilities in public-facing web applications to compromise organizations across sectors such as finance, government, IT, logistics, retail, and education.Trend Micro
May 30, 2025 – Attack
Hackers give Botetourt County Schools 2 weeks to pay ransom after cyber attack Full Text
Abstract
A ransomware attack attributed to the Qilin group has targeted Botetourt County Public Schools (BCPS) in Virginia. The attackers claim to have exfiltrated 315 GB of sensitive data.CompariTech
May 30, 2025 – Phishing
Nifty.com Used as Phishing Infrastructure: How Raven Detected Abuse of Trusted Infrastructure Full Text
Abstract
A sophisticated phishing campaign has been uncovered leveraging the legitimate infrastructure of Japanese ISP Nifty[.]com. This multi-wave operation bypassed traditional email defenses by exploiting trusted domains and authentication protocols.Raven Mail
May 30, 2025 – Vulnerabilities
Critical Hardcoded Credential Vulnerabilities in Consilium Salwico CS5000 Fire Panels Full Text
Abstract
Critical vulnerabilities in Consilium Salwico CS5000 fire panels expose maritime vessels to severe operational risks. Hardcoded SSH and VNC credentials allow remote access, potentially disabling fire detection systems.Pentest Partners
May 29, 2025 – Malware
New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers Full Text
Abstract
A newly discovered Remote Access Trojan (RAT) targeting Windows systems employs corrupted DOS and PE headers to evade detection and hinder analysis. The malware was found running undetected for several weeks on a compromised host.The Hacker News
May 29, 2025 – Breach
ConnectWise Confirms Hack, “Very Small Number” of Customers Affected Full Text
Abstract
ConnectWise has confirmed a cyberattack on its ScreenConnect remote access platform, attributed to a sophisticated nation-state threat actor. The breach affected a limited number of customersInfosecurity Magazine
May 29, 2025 – Vulnerabilities
Apache InLong JDBC Vulnerability Enables Deserialization of Untrusted Data Full Text
Abstract
A moderate-severity vulnerability, CVE-2025-27522, has been identified in Apache InLong versions 1.13.0 through 2.1.0. It allows deserialization of untrusted data during JDBC verification, enabling attackers to bypass security mechanisms.GBHackers
May 29, 2025 – Criminals
Cybercriminals camouflaging threats as AI tool installers Full Text
Abstract
Cybercriminals are distributing malware disguised as AI tool installers, targeting users seeking AI solutions. Cisco Talos has identified three major threats: CyberLock ransomware, Lucky_Gh0$t ransomware, and a destructive malware named Numero.Talos Intelligence
May 28, 2025 – Vulnerabilities
XenServer Windows VM Tools Flaw Enables Attackers to Run Arbitrary Code Full Text
Abstract
Citrix has disclosed three high-severity vulnerabilities (CVE-2025-27462, CVE-2025-27463, CVE-2025-27464) in XenServer VM Tools for Windows, enabling attackers to escalate privileges within guest Windows VMs.GBHackers
May 28, 2025 – Breach
Data broker giant LexisNexis says breach exposed personal information of over 364,000 people Full Text
Abstract
LexisNexis Risk Solutions has disclosed a significant data breach that compromised the personal information of over 364,000 individuals. The breach involved unauthorized access to a third-party software development platform used by the company.Tech Crunch
May 28, 2025 – Vulnerabilities
Threat Actors Weaponizing DCOM to harvest credentials on Windows systems Full Text
Abstract
A new stealthy attack technique is leveraging Distributed Component Object Model (DCOM) objects on Windows systems to harvest credentials without deploying payloads or triggering traditional security alerts.GBHackers
May 28, 2025 – Phishing
Phishing Campaign Spoofs Coursera to Steal Facebook Credentials via Fake Meta Certificate Offer Full Text
Abstract
A sophisticated phishing campaign has been uncovered that impersonates Coursera and offers a free Meta Social Media Marketing certificate to lure victims into a multi-stage phishing trap.Cofense
May 28, 2025 – Malware
Zanubis Android Banking Trojan Evolves with Silent Installation and Credential Theft Capabilities Full Text
Abstract
Zanubis is a sophisticated Android banking Trojan active since 2022, targeting Peruvian financial institutions. It masquerades as legitimate apps to trick users into granting accessibility permissions, enabling full device control.Secure List
May 28, 2025 – Attack
Chinese spies blamed for attempted hack on Czech government network Full Text
Abstract
The Record
May 28, 2025 – Attack
251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch Full Text
Abstract
Researchers observed a coordinated cloud-based scanning operation involving 251 Amazon-hosted IP addresses geolocated in Japan. They targeted 75 known exposure points across various technologies, exploiting multiple high-severity vulnerabilities.The Hacker News
May 28, 2025 – Phishing
Crooks use a fake antivirus site to spread Venom RAT and a mix of malware Full Text
Abstract
A malicious campaign is distributing Venom RAT via a fake Bitdefender website (bitdefender-download[.]com), tricking users into downloading malware disguised as antivirus software.Security Affairs
May 28, 2025 – Government
CISA Publishes ICS Advisories Highlighting New Vulnerabilities and Exploits Full Text
Abstract
On May 27, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued ICS advisory ICSA-25-146-01, disclosing a high-severity vulnerability (CVE-2025-26383) in the Johnson Controls iSTAR Configuration Utility (ICU) Tool.GBHackers
May 28, 2025 – Vulnerabilities
Chrome 137 Fixes Critical Use-After-Free and Memory Corruption Vulnerabilities Full Text
Abstract
Google has released Chrome version 137.0.7151.55/56 to the stable channel for Windows, Mac, and Linux, addressing 11 security vulnerabilities. This update includes critical patches for memory corruption issues and API implementation flawsMay 27, 2025 – Vulnerabilities
Unpatched Critical Vulnerability in TI WooCommerce Wishlist Plugin Full Text
Abstract
A critical unauthenticated arbitrary file upload vulnerability, tracked as CVE-2025-47577, has been discovered in the TI WooCommerce Wishlist plugin for WordPress. The flaw affects all versions up to and including 2.9.2.Patch Stack
May 27, 2025 – Malware
AppleProcessHub macOS Malware Steals Sensitive Data Using Advanced Evasion and C2 Techniques Full Text
Abstract
A newly identified macOS malware, AppleProcessHub, is actively targeting Apple systems to steal sensitive data. This sophisticated stealer demonstrates advanced evasion and persistence techniques, signaling a growing threat to macOS environments.Kandji
May 27, 2025 – APT
Velvet Chollima APTHackers Target Government Officials Using Weaponized PDFs Full Text
Abstract
A new cyber-espionage campaign attributed to the North Korean APT group Velvet Chollima has been identified, targeting South Korean government officials and organizations across North America, South America, Europe, and East Asia.GBHackers
May 27, 2025 – Hacker
Russia-Affiliated Threat Actor Void Blizzard Targets NATO and Ukraine with Credential Theft and Cloud Abuse Full Text
Abstract
A newly identified Russia-affiliated threat actor, Void Blizzard (also known as LAUNDRY BEAR), has been conducting widespread cyberespionage operations targeting critical sectors across NATO member states and Ukraine.Microsoft
May 27, 2025 – Attack
DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers Full Text
Abstract
A recent targeted ransomware attack leveraged vulnerabilities in SimpleHelp remote monitoring and management (RMM) software to compromise a Managed Service Provider (MSP) and its clients.Sophos
May 27, 2025 – Malware
GhostSpy Android Malware Grants Full Device Control and Evades Detection Full Text
Abstract
GhostSpy is a newly identified Android malware that poses a severe threat to mobile security by granting attackers full control over infected devices. It employs advanced evasion, persistence, and surveillance techniques.Cyfirma
May 27, 2025 – Vulnerabilities
Arm Mali GPU Vulnerability Enables Bypass of MTE and Arbitrary Kernel Code Execution Full Text
Abstract
A critical vulnerability, CVE-2025-0072, has been identified in the Arm Mali GPU driver, affecting devices using the Command Stream Frontend (CSF) architecture, including Google Pixel 7, 8, and 9 series.GBHackers
May 27, 2025 – Vulnerabilities
Critical GitHub MCP Server Vulnerability Allows Unauthorized Access to Private Repositories Full Text
Abstract
A critical vulnerability in the GitHub MCP integration has been discovered, exposing private repository data through prompt injection attacks. This flaw affects users leveraging coding agents and IDEs integrated with GitHub MCP.GBHackers
May 27, 2025 – Vulnerabilities
Hackers Exploit HTTP/2 Flaw to Launch Arbitrary Cross-Site Scripting Attacks Full Text
Abstract
Researchers have uncovered critical vulnerabilities in HTTP/2 server push and Signed HTTP Exchange (SXG) that allow attackers to bypass the Same-Origin Policy (SOP). These flaws enable off-path attacks.GBHackers
May 27, 2025 – Malware
SilverRAT Remote Access Trojan Source Code Leaked on GitHub Full Text
Abstract
The full source code of SilverRAT was briefly leaked on GitHub under the repository “SilverRAT-FULL-Source-Code” before being swiftly removed. The leak included complete build instructions, Visual Studio solution files, and a READMEHackRead
May 26, 2025 – Phishing
Fake Zenmap. WinMRT sites target IT staff with Bumblebee malware Full Text
Abstract
Fake Zenmap and WinMRT websites are targeting IT staff with malware through SEO poisoning campaigns. These sites distribute trojanized installers for popular tools like Zenmap and WinMTR.Bleeping Computer
May 26, 2025 – Malware
De-obfuscating ALCATRAZ Full Text
Abstract
Elastic Security Labs identified a new malware family called DOUBLELOADER, which uses the ALCATRAZ obfuscator for evasion and pairs with the RHADAMANTHYS infostealer. DOUBLELOADER employs multiple obfuscation techniques such as LEA obfuscation.Elastic
May 26, 2025 – Malware
Case of Larva-25004 Group (Related to Kimsuky) Exploiting Additional Certificate - Malware Signed with Nexaweb Certificate - ASEC Full Text
Abstract
ASEC has discovered malware signed with the certification of Nexaweb Inc. by investigating a file with the same characteristics as the one signed with a Korean company’s certificate.AhnLab
May 26, 2025 – Phishing
Fake Google Meet Page Tricks Users into Running PowerShell Malware Full Text
Abstract
A fake Google Meet page was discovered, designed to trick users into running a malicious PowerShell command under the guise of fixing a "Microphone Permission Denied" error.Sucuri
May 26, 2025 – Vulnerabilities
Oracle TNS Flaw Exposes System Memory to Unauthorized Access Full Text
Abstract
Oracle has patched a medium-severity vulnerability (CVE-2025-30733) in its Transparent Network Substrate (TNS) protocol, which could allow unauthenticated remote attackers to access sensitive system memory.GBHackers
May 26, 2025 – Vulnerabilities
Critical RCE Vulnerability in vBulletin via PHP Reflection API Bypass Full Text
Abstract
A critical vulnerability in vBulletin versions 5.x and 6.x running on PHP 8.1 or later allows unauthenticated attackers to invoke protected methods remotely, leading to remote code execution (RCE).Karmain Security
May 26, 2025 – Vulnerabilities
D-Link Routers Exposed by Hard-Coded Telnet Credentials Full Text
Abstract
A critical vulnerability identified as CVE-2025-46176 affects D-Link DIR-605L and DIR-816L routers, exposing hardcoded Telnet credentials that allow unauthenticated remote command execution.GBHackers
May 24, 2025 – Criminals
Global Takedown Disrupts Danabot Malware-as-a-Service Infrastructure Full Text
Abstract
The FBI, DoD, and international partners dismantled Danabot’s infrastructure and identified key operators. Danabot was used to distribute malware like LockBit, Ursnif, and Zloader.We Live Security
May 24, 2025 – Vulnerabilities
Cloudflare Closes Security Gap That Could Leak Visitor URLs Full Text
Abstract
Cloudflare has addressed CVE-2025-4366, a request smuggling vulnerability in the Pingora OSS framework, affecting its CDN free tier and users of pingora-proxy and pingora-cache crates.The Cyber Express
May 24, 2025 – Vulnerabilities
Critical NETGEAR Router Flaw Allows Full Admin Access by Attackers Full Text
Abstract
A critical authentication bypass vulnerability (CVE-2025-4978) has been discovered in NETGEAR DGND3700v2 wireless routers. The flaw, rated CVSSv4 9.3, allows unauthenticated attackers to gain full administrative access via a hidden backdoor.GBHackers
May 23, 2025 – Vulnerabilities
Apple XNU Kernel Flaw Enables Attackers to Escalate Privileges Full Text
Abstract
Apple has patched CVE-2025-31219, a critical vulnerability in the XNU kernel affecting macOS, iOS, iPadOS, tvOS, watchOS, and visionOS. The flaw allows local attackers to escalate privileges and execute arbitrary code with kernel-level access.GBHackers
May 23, 2025 – Hacker
Russian hacker group Killnet returns with new identity Full Text
Abstract
Once known for its pro-Kremlin hacktivist campaigns, the group now appears to function as a profit-driven cyber mercenary collective, offering hack-for-hire services and targeting a broader range of victims.The Record
May 23, 2025 – Phishing
Hackers use fake Ledger apps to steal Mac users’ seed phrases Full Text
Abstract
A series of sophisticated phishing campaigns are targeting macOS users by distributing fake Ledger Live applications designed to steal 24-word seed phrases used to access cryptocurrency wallets.Bleeping Computer
May 23, 2025 – Phishing
Cybercriminals Using Trusted Google Domains to Spread Malicious Code Full Text
Abstract
A new malvertising campaign is leveraging trusted Google domains and outdated JSONP API calls to inject malicious scripts into legitimate e-commerce websites. These scripts redirect users to phishing pages that mimic payment portals.GBHackers
May 23, 2025 – Breach
Coca-Cola, Bottling Partner Named in Separate Ransomware and Data Breach Claims Full Text
Abstract
Everest has listed Coca-Cola as a victim on its dark web leak site, releasing samples of internal HR documents affecting 959 employees. These include scans of passports and visas, salary data, and other personally identifiable information (PII).HackRead
May 23, 2025 – Breach
Decentralized crypto platform Cetus hit with $223 million hack Full Text
Abstract
Cetus, a decentralized cryptocurrency exchange operating on the Sui blockchain, suffered a significant cyberattack on Thursday, 22nd May, resulting in the theft of approximately $223 million.The Record
May 23, 2025 – Vulnerabilities
Critical Vulnerabilities in ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Control Systems Full Text
Abstract
ABB has issued a security advisory (AV25-290) on May 22, 2025, addressing critical vulnerabilities in multiple control system products. These flaws affect ASPECT-Enterprise, NEXUS Series, and MATRIX Series devices running version 3.08.03 or earlier.Cyber
May 22, 2025 – Malware
AI-Generated TikTok Videos Used to Distribute Infostealer Malware Full Text
Abstract
A new campaign is exploiting TikTok’s vast user base and viral content model to distribute information-stealing malware, including Vidar and StealC. It uses AI-generated videos to socially engineer users into executing malicious PowerShell commands.Infosecurity Magazine
May 22, 2025 – Phishing
TAG-110 Targets Tajikistan: New Macro Word Documents Phishing Tactics Full Text
Abstract
A Russia-aligned threat actor, TAG-110—linked to APT28 and UAC-0063—has launched a phishing campaign targeting Tajikistan’s government, academic, and research institutions.Recorded Future
May 22, 2025 – Vulnerabilities
UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware Full Text
Abstract
A Chinese threat group, UAT-6382, is actively exploiting CVE-2025-0994—a remote code execution vulnerability in Trimble Cityworks—to deploy malware and maintain persistent access in U.S. local government networks.Talos Intelligence
May 22, 2025 – Vulnerabilities
Grafana security release: High severity security fix for CVE-2025-4123 Full Text
Abstract
A high-severity cross-site scripting (XSS) vulnerability, tracked as CVE-2025-4123 with a CVSS score of 7.6, has been discovered in Grafana. This flaw allows attackers to redirect users to malicious websites and execute arbitrary JavaScript code.Grafana
May 22, 2025 – Vulnerabilities
Versa Concerto 0-Day Flaw Enables Remote Code Execution by Bypassing Authentication Full Text
Abstract
Multiple critical vulnerabilities in Versa Concerto (versions 12.1.2–12.2.0) remain unpatched, enabling attackers to bypass authentication and achieve remote code execution (RCE) and host compromise.GBHackers
May 22, 2025 – Phishing
Fake CAPTCHA Attacks Deploy Infostealers and RATs in a Multistage Payload Chain Full Text
Abstract
A recent wave of phishing campaigns is exploiting fake CAPTCHA pages to trick users into executing malicious commands via the Windows Run dialog. These attacks deliver multistage payloads using obfuscated JavaScript embedded in MP3 or PDF files.Trend Micro
May 22, 2025 – Vulnerabilities
Cisco Identity Services RADIUS Process Vulnerability Let Attackers Trigger DoS Condition Full Text
Abstract
Cisco has disclosed a critical vulnerability in its Identity Services Engine (ISE) version 3.4 that allows unauthenticated remote attackers to trigger a denial-of-service (DoS) condition.Cybersecurity News
May 22, 2025 – Vulnerabilities
Several GitLab Vulnerabilities Enable Attackers to Launch DoS Attacks Full Text
Abstract
GitLab has released critical patches for 11 vulnerabilities in its CE and EE platforms, including three high-severity DoS flaws. These affect all deployment models and could lead to system downtime, data exposure, and authentication bypass.GBHackers
May 22, 2025 – General
Hackers Targets Coinbase Users Targeted in Advanced Social Engineering Hack Full Text
Abstract
A sophisticated social engineering campaign has been actively targeting Coinbase users since early 2025, resulting in over $300 million in annual losses and $45 million in a single week in May.GBHackers
May 22, 2025 – Phishing
Another Fake Cloudflare Verification Targets WordPress Sites Full Text
Abstract
A new malware campaign is targeting WordPress sites by impersonating a Cloudflare verification page. This multistage infection uses social engineering and obfuscated PowerShell commands to deliver a malicious Windows executableSucuri
May 20, 2025 – Outage
Major Russian state services disrupted, reportedly due to cyberattack Full Text
Abstract
A series of large-scale Distributed Denial-of-Service (DDoS) attacks have disrupted access to several major Russian state services, including tax, digital identity, and healthcare systems.The Record
May 20, 2025 – Ransomware
Ransomware strikes UK food distributor in latest retail blow Full Text
Abstract
Peter Green Chilled suffered a ransomware attack on May 14, 2025, severely impacting its operations and disrupting supply chains to major UK supermarkets including Asda, Tesco, Sainsbury’s, Waitrose, and M&S.The Register
May 20, 2025 – Vulnerabilities
300 Milliseconds to Admin: Mastering DLL Hijacking and Hooking to Win the Race (CVE-2025-24076 and CVE-2025-24994) Full Text
Abstract
A critical privilege escalation vulnerability in Windows 11, tracked as CVE-2025-24076, allows attackers to elevate privileges from a standard user to SYSTEM in just 300 milliseconds.Compass Security
May 20, 2025 – Ransomware
New Nitrogen Ransomware Targets Financial Firms in the US, UK and Canada Full Text
Abstract
Nitrogen ransomware, first publicly identified in September 2024, has emerged as a significant threat targeting organizations across the finance, construction, manufacturing, and technology sectors.HackRead
May 20, 2025 – Attack
Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization Full Text
Abstract
A threat actor known as UnsolicitedBooker has been observed targeting a Saudi Arabian organization over a span of three years using a newly identified backdoor named MarsSnake.The Hacker News
May 20, 2025 – Malware
Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts Full Text
Abstract
Researchers identified several malicious packages on PyPI and npm that exploit APIs and implant backdoors. checker-SaGaF (2,605 downloads) steinlurks (1,049 downloads) sinnercore (3,300 downloads) dbgpkg (~350 downloads) requestsdev (76 downloads)The Hacker News
May 20, 2025 – Vulnerabilities
Auth0-PHP Vulnerability Enables Unauthorized Access for Attackers Full Text
Abstract
GBHackers
May 20, 2025 – Breach
Cocospy stalkerware apps go offline after data breach | TechCrunch Full Text
Abstract
Cocospy, Spyic, and Spyzie—three near-identical stalkerware apps—have gone offline following a significant data breach. These apps were previously caught spying on millions of phones earlier in 2025.Tech Crunch
May 20, 2025 – Vulnerabilities
Critical Vulnerabilities in My Volkswagen App Expose Personal Data and Enable Unauthorized Vehicle Access Full Text
Abstract
A security researcher uncovered critical vulnerabilities in the My Volkswagen app that exposed sensitive personal and vehicle data. The flaws allowed unauthorized access to user accounts and vehicle features using only a vehicle’s VIN number.LoopSec
May 20, 2025 – Malware
Malicious Koishi Chatbot Plugin Exfiltrates Messages Trigger… Full Text
Abstract
A malicious npm package, koishi-plugin-pinhaofa, is targeting Koishi chatbot frameworks. Disguised as a spelling autocorrect plugin, it embeds a backdoor that exfiltrates messages containing 8-character hexadecimal strings to a hardcoded QQ account.Socket
May 19, 2025 – Vulnerabilities
Thousands of WordPress Sites at Risk Due to Critical Crawlomatic Plugin Vulnerability Full Text
Abstract
A critical vulnerability (CVE-2025-4389) in the Crawlomatic Multisite Scraper Post Generator WordPress plugin allows unauthenticated attackers to upload arbitrary files, leading to remote code execution.The Cyber Express
May 19, 2025 – Breach
How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes Full Text
Abstract
A critical breach of the TeleMessage Signal clone (TM SGNL) exposed sensitive data due to severe misconfigurations. Exploited in under 20 minutes, the breach compromised credentials, unencrypted chat logs, and encryption keys of users.Wired
May 19, 2025 – Vulnerabilities
Beware! A threat actor could steal the titles of your private (and draft) WordPress posts! Full Text
Abstract
A newly discovered vulnerability in WordPress allows attackers to exfiltrate titles of private and draft posts via the XMLRPC pingback feature. This flaw affects all WordPress installations with XMLRPC enabled.Imperva
May 19, 2025 – Vulnerabilities
New ‘Defendnot’ tool tricks Windows into disabling Microsoft Defender Full Text
Abstract
A new tool named Defendnot demonstrates a critical method to disable Microsoft Defender on Windows systems by exploiting an undocumented Windows Security Center (WSC) API.Bleeping Computer
May 19, 2025 – Vulnerabilities
CVE-2025-30072 Tiiwee X1 Alarm System - Authentication Bypass by Capture-replay Full Text
Abstract
A critical authentication bypass vulnerability (CVE-2025-30072) has been identified in the Tiiwee X1 Alarm System (version TWX1HAKV2). The system's use of unencrypted 433 MHz radio communication allows attackers to perform capture-replay attacks.Seclists
May 19, 2025 – Phishing
Dark Web Profile: Silent Ransom Group (LeakedData) - SOCRadar® Cyber Intelligence Inc. Full Text
Abstract
SRG employs highly tailored phishing campaigns, including callback phishing and impersonation of well-known brands like Duolingo and Masterclass. Victims are lured into calling fake support numbers and are socially engineered.Socradar
May 19, 2025 – Vulnerabilities
SEC Consult SA-20250506-0 :: Honeywell MB Secure Authenticated Command Injection Full Text
Abstract
A critical authenticated command injection vulnerability (CVE-2025-2605) has been identified in Honeywell MB-Secure and MB-Secure PRO systems. Exploiting this flaw allows authenticated attackers to execute arbitrary OS commands with root privileges.Seclists
May 19, 2025 – Vulnerabilities
Session Invalidation in Economizzer Allows Unauthorized Access After Logout Full Text
Abstract
A session management vulnerability has been identified in Economizzer v.0.9-beta1, which allows unauthorized access due to improper session invalidation. Even after a user logs out, the session remains active.Seclists
May 17, 2025 – Vulnerabilities
Multiple Critical Vulnerabilities Addressed in Latest Metasploit Framework Update Including RCE and Privilege Escalation Full Text
Abstract
The latest Metasploit Framework update introduces five new modules targeting critical vulnerabilities across multiple platforms, including POWERCOM UPSMON PRO, Car Rental System 1.0, WordPress plugins, and LINQPad.Rapid 7
May 17, 2025 – Outage
Russian hospital faces multi-day shutdown as pro-Ukraine group claims cyberattack Full Text
Abstract
Lecardo Clinic, a private hospital in Chuvashia, Russia, experienced a multi-day operational shutdown due to a cyberattack attributed to the pro-Ukraine hacker group 4B1D.The Record
May 16, 2025 – Criminals
Ransomware gang INC claims recent attack on South African Airways - Comparitech Full Text
Abstract
South African Airways (SAA) has confirmed a cyberattack on May 3, 2025, which temporarily disrupted its website, mobile app, and internal systems. The ransomware group INC has claimed responsibility, labeling the initial data leak as “Part 1."CompariTech
May 16, 2025 – Breach
Telecom SaaS firm Communications Data Group notifies 42K people of data breach on behalf of Duo Broadband Full Text
Abstract
Communications Data Group (CDG), a SaaS billing vendor for Duo Broadband, has notified 42,518 individuals of a data breach that occurred in February 2025. The breach, attributed to the ransomware group Qilin, exposed sensitive personal data.CompariTech
May 16, 2025 – Breach
Broadcom data stolen in payroll provider ransomware raid Full Text
Abstract
A ransomware attack on Business Systems House (BSH) in September 2024 resulted in the theft of Broadcom employee data. At the time, Broadcom was transitioning to a new payroll provider, which may have contributed to the exposure.The Register
May 16, 2025 – Malware
Printer company provided infected software downloads for half a year Full Text
Abstract
This investigation revealed that the vendor's official software downloads were infected with multiple strains of malware, including the XRed backdoor and a new clipbanker virus called SnipVex.GData Software
May 16, 2025 – Government
FBI: US officials targeted in voice deepfake attacks since April Full Text
Abstract
The FBI has issued a public service announcement warning of a surge in AI-generated voice deepfake attacks targeting U.S. government officials since April 2025. These leverage advanced voice cloning technologies to impersonate senior officials.Bleeping Computer
May 15, 2025 – Vulnerabilities
Node.js Vulnerability Enables Attackers to Crash Processes and Disrupt Services Full Text
Abstract
Node.js has released critical security updates addressing three vulnerabilities—CVE-2025-23166, CVE-2025-23167, and CVE-2025-23165—that could allow attackers to crash server processes and disrupt services.GBHackers
May 15, 2025 – APT
Fancy Bear campaign sought emails of high-level Ukrainians and their military suppliers Full Text
Abstract
A cyber-espionage campaign by Fancy Bear (APT28), linked to Russia’s GRU, has targeted Ukrainian government and military entities, as well as international defense contractors.Cyber Scoop
May 15, 2025 – Malware
Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper Full Text
Abstract
A newly discovered malicious npm package, os-info-checker-es6, masquerades as a utility for retrieving OS information but is designed to stealthily deliver a next-stage payload.The Hacker News
May 15, 2025 – Malware
TransferLoader Malware Loader Deploys Morpheus Ransomware Using Obfuscated Backdoor and IPFS-Based C2 Full Text
Abstract
TransferLoader is a newly identified malware loader active since at least February 2025. It comprises three main components—a downloader, a backdoor loader, and a backdoor—each employing advanced anti-analysis and obfuscation techniques.ZScaler
May 15, 2025 – Criminals
Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines Full Text
Abstract
A new wave of ransomware and extortion attacks is targeting the US retail sector, with threat intelligence suggesting the involvement of the advanced threat actor group Scattered Spider (UNC3944).May 15, 2025 – Phishing
CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users Full Text
Abstract
A sophisticated phishing campaign dubbed Meta Mirage has been uncovered, targeting users of Meta's Business Suite. This campaign specifically focuses on hijacking high-value accounts.The Hacker News
May 15, 2025 – Breach
Nova Scotia Power says customer banking details may have been stolen by hackers Full Text
Abstract
On April 25, 2025, Nova Scotia Power discovered a cyberattack that compromised sensitive customer data. The breach, which occurred over a month earlier, has prompted the utility to isolate affected systems.The Record
May 15, 2025 – Breach
Idaho hospital notifies 34K people of data breach that compromised SSNs, health info Full Text
Abstract
Weiser Memorial Hospital in Idaho has notified 34,249 individuals of a data breach that occurred in September 2024. The breach, attributed to the Embargo ransomware group, compromised sensitive personal and medical information.Comparitech
May 15, 2025 – Malware
Researchers Uncover Malicious .desktop File Campaign Targeting Linux Systems Full Text
Abstract
Researchers have identified a surge in malicious `.desktop` files targeting Linux systems. These files exploit standard desktop behaviors to execute hidden commands and download malware.Google Cloud Community
May 15, 2025 – Criminals
The Internet’s Biggest-Ever Black Market Just Shut Down Amid a Telegram Purge Full Text
Abstract
In a major disruption to global cybercrime infrastructure, the notorious Haowang Guarantee (formerly Huione Guarantee) black market has been shut down following Telegram’s enforcement action.Wired
May 14, 2025 – Malware
Katz Stealer Malware Hits 78+ Chromium and Gecko-Based Browsers Full Text
Abstract
Katz Stealer is a newly identified infostealer malware targeting over 78 Chromium and Gecko-based browser variants. It is capable of extracting sensitive data including credentials, cookies, CVV2 codes, OAuth tokens, and cryptocurrency wallets.GBHackers
May 14, 2025 – Malware
DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt Full Text
Abstract
DarkCloud Stealer is a sophisticated infostealer malware active since 2022 and advertised on hacking forums as early as January 2023. It has been used in targeted attacks against government organizations.Palo Alto Networks
May 14, 2025 – Botnet
High Risk Warning for Windows Ecosystem: New Botnet Family HTTPBot is Expanding Full Text
Abstract
HTTPBot is a newly identified Trojan botnet written in Go, first detected in August 2024 and named by NSFOCUS Fuying Lab for its use of HTTP-based DDoS techniques. It has rapidly expanded, issuing over 200 attack commands by April 2025.NSFocus Global
May 14, 2025 – APT
Swan Vector APT: Targeting Taiwan & Japan with DLL Implants Full Text
Abstract
A newly identified APT campaign, dubbed “Swan Vector,” has been targeting educational and mechanical engineering sectors in East Asia, particularly Taiwan and Japan. The campaign employs spearphishing emails with malicious ZIP attachmentsSeqRite
May 14, 2025 – Phishing
GovDelivery, an email alert system used by governments, abused to send scam messages Full Text
Abstract
A phishing campaign exploited the U.S. government’s GovDelivery email system to send scam messages impersonating official toll collection notices. The emails were sent from an official Indiana government email address.Tech Crunch
May 14, 2025 – Vulnerabilities
Critical Heap Overflow Vulnerabilities in Windows RDP and RD Gateway Allow Remote Code Execution Full Text
Abstract
Microsoft has disclosed two critical vulnerabilities in its Windows Remote Desktop services that could allow attackers to execute arbitrary code on vulnerable systems over a network.GBHackers
May 14, 2025 – Breach
PowerSchool data breach leads to school extortion attempts Full Text
Abstract
A major data breach at PowerSchool, a platform serving over 60 million students and 18,000 educational institutions, has led to extortion attempts targeting public schools. Threat actors are leveraging data stolen in the December 28, 2024 breach.K12 Dive
May 14, 2025 – Phishing
Telegram Bots Used for Real-Time Credential Exfiltration in Cross-Platform Phishing Campaign Full Text
Abstract
Based on our technical analysis of the campaign, researchers believe it is sold as part of a phishing-as-a-service kit that enables different threat actors to leverage the same infrastructure.KnowBe4
May 14, 2025 – Vulnerabilities
Critical Authentication Bypass in Ivanti Neurons for ITSM and Privilege Escalation in CSA Full Text
Abstract
Tracked as CVE-2025-22462, the security flaw can let unauthenticated attackers gain administrative access to unpatched systems in low-complexity attacks, depending on system configuration.Bleeping Computer
May 14, 2025 – Breach
PrepHero-Linked Database Exposed Data of 3M Students and Coaches Full Text
Abstract
A massive data exposure incident involving PrepHero, a college recruiting platform operated by EXACT Sports, has compromised the personal information of over 3 million student-athletes, their parents, and coaches.HackRead
May 13, 2025 – Government
Alabama says ‘cybersecurity event’ could disrupt state government services Full Text
Abstract
On May 13, 2025, Alabama Governor Kay Ivey announced that the state is responding to a “cybersecurity event” that may disrupt access to government websites and communications. Residents are advised to remain patient as mitigation efforts continue.The Record
May 13, 2025 – Malware
Unpacking PyInstaller Malware on macOS Full Text
Abstract
A newly discovered macOS infostealer leverages PyInstaller, an open-source Python bundler, to deploy malicious Mach-O binaries. The malware bypasses traditional detection mechanisms and supports both x86_64 and arm64 architectures.JAMF
May 13, 2025 – Malware
Chihuahua Stealer: A new Breed of Infostealer Full Text
Abstract
Chihuahua Stealer is a newly identified .NET-based infostealer that employs a multi-stage infection chain, advanced obfuscation, and stealth techniques to exfiltrate sensitive browser and cryptocurrency wallet data.GData Software
May 13, 2025 – Attack
DragonForce Goes Retail: Inside the Cyber Siege of M&S, Co-op, and Harrods Full Text
Abstract
DragonForce, a former hacktivist group turned Ransomware-as-a-Service (RaaS) operation, has launched a coordinated cyber offensive against major UK retailers—Marks & Spencer (M&S), Co-op, and Harrods.Irembezci
May 13, 2025 – Privacy
Marbled Dust leverages zero-day in Output Messenger for regional espionage Full Text
Abstract
A Turkish-aligned cyber-espionage group known as Marbled Dust has exploited a zero-day vulnerability in Output Messenger to conduct surveillance on Kurdish military operations in Iraq.Microsoft
May 13, 2025 – APT
Analysis of APT37 Attack Case Disguised as a Think Tank for National Security Strategy in South Korea (Operation. ToyBox Story) Full Text
Abstract
APT37 (ScarCruft), a North Korean state-sponsored threat actor, has launched a sophisticated spear-phishing campaign dubbed “Operation: ToyBox Story,” targeting activists focused on North Korean issues.Genians
May 13, 2025 – APT
Hackers now testing ClickFix attacks against Linux targets Full Text
Abstract
A new ClickFix campaign by APT36 (Transparent Tribe), a Pakistan-linked threat actor, has expanded its targeting to include Linux systems alongside Windows and macOS. It impersonates India's Ministry of Defence to lure victims.Bleeping Computer
May 13, 2025 – Phishing
Horabot Unleashed: A Stealthy Phishing Threat Full Text
Abstract
A new phishing campaign leveraging the Horabot malware has been observed targeting Spanish-speaking users in Latin America. Delivered via malicious HTML attachments in phishing emails, Horabot enables lateral propagation through Outlook.Fortinet
May 12, 2025 – Malware
“PupkinStealer” – .NET Malware Steals Browser Data and Exfiltrates via Telegram Full Text
Abstract
A newly identified .NET-based infostealer named PupkinStealer has emerged as a significant threat targeting Windows systems. First observed in April 2025, this malware is designed to harvest sensitive data.GBHackers
May 12, 2025 – Cryptocurrency
New Attack Exploits X/Twitter Ad URL Feature to Deceive Users Full Text
Abstract
A newly uncovered scam campaign exploits X/Twitter’s ad URL preview feature to deceive users into visiting fraudulent cryptocurrency sites. By manipulating how metadata is fetched for preview cards, attackers display trusted domains.GBHackers
May 10, 2025 – Vulnerabilities
Legacy Login in Microsoft Entra ID Exploited to Breach Cloud Accounts Full Text
Abstract
A targeted campaign exploited Microsoft Entra ID’s legacy authentication protocol BAV2ROPC, allowing attackers to bypass MFA and gain unauthorized access to admin accounts across finance, healthcare, and tech sectors.Hack Read
May 10, 2025 – Phishing
Hackers Weaponizing PDF Invoices to Attack Windows, Linux & macOS Systems Full Text
Abstract
A sophisticated email campaign has been uncovered targeting users in Spain, Italy, and Portugal, distributing the cross-platform RATty RAT. The campaign uses the legitimate Spanish email service provider serviciodecorreo.es to send phishing emails.Cybersecurity News
May 10, 2025 – Cryptocurrency
FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network Full Text
Abstract
A joint investigation has uncovered FreeDrain, a large-scale cryptocurrency phishing operation that exploits SEO manipulation, free-tier web services, and redirection techniques to deceive users of popular cryptocurrency wallets.Sentinel One
May 10, 2025 – Attack
Over 40 Hacktivist Groups Target India in Coordinated Cyber Campaign: High Noise, Low Impact Full Text
Abstract
A coordinated cyber campaign dubbed #OpIndia was launched by over 40 ideologically motivated hacktivist groups following recent geopolitical tensions between India and Pakistan.The Cyber Express
May 10, 2025 – Criminals
Ransomware gang says it hacked the Sheriff of Hamilton County, TN Full Text
Abstract
The Qilin ransomware gang claimed responsibility for a cyberattack on the Hamilton County Sheriff’s Office in Chattanooga, Tennessee, on April 14, 2025. The sheriff’s office stated that the attackers demanded a $300,000 ransom, which was not paid.CompariTech
May 9, 2025 – Malware
Stealthy .NET Malware: Hiding Malicious Payloads as Bitmap Resources Full Text
Abstract
A recent malware campaign leverages steganography to embed malicious payloads within bitmap resources of 32-bit .NET applications. These payloads are delivered via malspam targeting the financial sector in Türkiye and the logistics sector in Asia.Palo Alto Networks
May 9, 2025 – Vulnerabilities
CVSS 10.0 Vulnerability Found in Ubiquity UniFi Protect Cameras Full Text
Abstract
Ubiquity has disclosed two vulnerabilities in its UniFi Protect platform, including a critical RCE flaw (CVE-2025-23123) with a CVSS score of 10.0 and a medium-severity livestream access issue (CVE-2025-23164) with a CVSS score of 4.4.The Cyber Express
May 9, 2025 – Attack
Hackers Exploit Windows Remote Management to Evade Detection in AD Networks Full Text
Abstract
A new wave of cyberattacks is exploiting WinRM to conduct stealthy lateral movement within AD environments. By leveraging this legitimate administrative tool, attackers evade detection and blend into normal network activity.GBHackers
May 9, 2025 – Criminals
Kickidler employee monitoring software abused in ransomware attacks Full Text
Abstract
Ransomware groups Qilin and Hunters International are abusing Kickidler, a legitimate employee monitoring tool used by over 5,000 organizations across 60 countries, to conduct stealthy reconnaissance and credential harvesting.Bleeping Computer
May 9, 2025 – Breach
Supply chain attack hits npm package with 45,000 weekly downloads Full Text
Abstract
A supply chain attack has compromised the npm package rand-user-agent, which averaged 45,000 weekly downloads. Although deprecated, the package remained popular, making it an attractive target for attackers.Bleeping Computer
May 7, 2025 – Phishing
Using Blob URLs to Bypass SEGs and Evade Analysis Full Text
Abstract
Threat actors are increasingly leveraging blob URIs (Uniform Resource Identifiers) to deliver credential phishing pages that bypass Secure Email Gateways (SEGs) and evade automated analysis.Cofense
May 7, 2025 – Vulnerabilities
SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version Full Text
Abstract
Multiple critical vulnerabilities have been discovered in the on-premise version of SysAid IT support software, enabling pre-authenticated remote code execution (RCE) with elevated privileges.The Hacker News
May 7, 2025 – Vulnerabilities
Microsoft: April updates cause Windows Server auth issues Full Text
Abstract
Microsoft has confirmed that the April 2025 security update (KB5055523) is causing authentication issues on domain controllers running Windows Server 2016, 2019, 2022, and 2025.Bleeping Computer
May 7, 2025 – Malware
Lampion Is Back With ClickFix Lures Full Text
Abstract
A newly uncovered campaign by the Lampion banking malware group has targeted Portuguese organizations in the government, finance, and transportation sectors. Lampion is an info stealer known for stealing sensitive banking credentials.Palo Alto Networks
May 7, 2025 – Vulnerabilities
IBM Cognos Analytics Security Vulnerability Allowed Unauthorized File Uploads Full Text
Abstract
IBM has disclosed two high-severity vulnerabilities in its Cognos Analytics platform—CVE-2024-40695 and CVE-2024-51466. These flaws allow unauthorized file uploads and remote code execution.GBHackers
May 7, 2025 – Criminals
Digital welfare fraud: ALTSRUS syndicate exploits the financially vulnerable Full Text
Abstract
A newly uncovered fraud syndicate named ALTSRUS is exploiting vulnerable segments of the digital economy by stealing and reselling accounts tied to Electronic Benefit Transfer (EBT), pharmacy prescriptions, and consumer rewards programs.Help Net Security
May 7, 2025 – Malware
Malicious PyPI Package Targets Discord Developers with Remot… Full Text
Abstract
A malicious Python package named discordpydebug was uploaded to PyPI, posing as a debugging tool for Discord bot developers. Despite lacking a README or documentation, it was downloaded over 11,000 times.Socket
May 7, 2025 – Vulnerabilities
Unexpected behavior in Snowflake’s Cortex AI Full Text
Abstract
Snowflake’s CORTEX Search Service introduces a critical security risk: unintended data exposure. This vulnerability persists even in environments with tightly configured access and masking policies due to the inherent design of the AI service.Cyera
May 7, 2025 – Vulnerabilities
Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet Full Text
Abstract
Threat actors are actively exploiting critical vulnerabilities in end-of-life (EoL) GeoVision IoT devices and Samsung MagicINFO servers to deploy the Mirai botnet. These attacks leverage command injection and path traversal flaws.The Hacker News
May 6, 2025 – Vulnerabilities
Critical RCE Vulnerability in Samsung MagicINFO 9 Server Actively Exploited Full Text
Abstract
The vulnerability stems from inadequate input validation in the file upload functionality of Samsung MagicINFO 9 Server. Specifically, the server fails to sanitize filename inputs and does not enforce file extension or authentication checks.Arctic Wolf
May 6, 2025 – Vulnerabilities
Researcher Exploits Regex Filter Flaw to Gain Remote Code Execution Full Text
Abstract
The vulnerability enables attackers to execute arbitrary commands on the server, potentially leading to full system compromise, data exfiltration, and unauthorized access.GBHackers
May 6, 2025 – Vulnerabilities
Critical Windows Deployment Services UDP Flaw Exposes Enterprise Networks to Remote DoS Attacks Full Text
Abstract
A newly discovered pre-authentication denial-of-service (DoS) vulnerability in Microsoft’s Windows Deployment Services (WDS) allows remote attackers to crash systems by sending malicious UDP packets.Windows Forum
May 6, 2025 – Government
CISA Issues Alert on Langflow Vulnerability Actively Exploited in Attacks Full Text
Abstract
The CISA has issued an urgent alert about an actively exploited vulnerability in Langflow, an open-source framework for building language model applications. The flaw allows unauthenticated attackers to execute malicious code remotelyGBHackers
May 6, 2025 – Phishing
CoGUI Phish Kit Targets Japan with Millions of Messages Full Text
Abstract
Proofpoint has observed a notable increase in high-volume Japanese language campaigns targeting organizations in Japan to deliver a phishing kit named CoGUI. Most of the campaigns abuse Amazon, PayPay, Rakuten, and others.Proof Point
May 6, 2025 – Phishing
Smishing on a Massive Scale: “Panda Shop” Chinese Carding Syndicate Full Text
Abstract
A new smishing kit named "Panda Shop" has emerged, linked to Chinese cybercriminals and believed to be a rebranded evolution of the Smishing Triad. This kit enables large-scale phishing campaigns targeting global consumers and financial institutions.Resecurity
May 5, 2025 – Vulnerabilities
Multiple Flaws in Tenda RX2 Pro Let Attackers Gain Admin Access Full Text
Abstract
Security researchers have identified 11 critical vulnerabilities in the Tenda RX2 Pro Dual-Band Gigabit Wi-Fi 6 Router (Firmware V16.03.30.14), enabling remote attackers to gain administrative and root access.GBHackers
May 5, 2025 – Malware
StealC V2: ThreatLabz Unveils the Evolution of a Stealthy Info-Stealer and Malware Loader Full Text
Abstract
StealC V2, introduced in March 2025, utilizes a JSON-based network protocol with RC4 encryption implemented in recent variants. StealC V2 supports loader options that can deliver Microsoft Software Installer (MSI) packages, and PowerShell scripts.Security Online
May 5, 2025 – Vulnerabilities
Critical SQL Injection Vulnerability Found in ADOdb PHP Library – CVE-2025-46337 (CVSS 10.0) Full Text
Abstract
Tracked as CVE-2025-46337, the vulnerability resides in the PostgreSQL driver’s pg_insert_id() method, potentially allowing attackers to execute arbitrary SQL commands in vulnerable applications.Security Online
May 5, 2025 – Phishing
Venom Spider Evolves: Arctic Wolf Exposes More_eggs Campaign Targeting HR Full Text
Abstract
Venom Spider continues to use job seekers as a lure targeting HR departments and corporate recruiters in its phishing. The group spreads its infamous More_eggs backdoor with new levels of stealth and obfuscation.Security Online
May 5, 2025 – Criminals
Rhysida Ransomware gang claims the hack of the Government of Peru Full Text
Abstract
The Rhysida ransomware group has claimed responsibility for breaching the Government of Peru’s official digital platform, Gob.pe. The group published images of multiple documents allegedly stolen from the platform on May 2, 2025.Security Affairs
May 5, 2025 – Attack
Threat Actors Target Critical National Infrastructure with New Malware and Tools Full Text
Abstract
Between April and November 2024, attackers exfiltrated targeted email data and mapped virtualization infrastructure. Following containment efforts in late 2024, they escalated operations by deploying additional web shells, SystemBC and MeshCentral.GBHackers
May 2, 2025 – General
Third of Online Users Hit by Account Hacks Due to Weak Passwords Full Text
Abstract
More than a third (36%) of people have had at least one online account compromised due to weak or stolen passwords in the past year, according to new research by the FIDO Alliance.Infosecurity Magazine
May 2, 2025 – Phishing
200+ Fake Retail Sites Used in New Wave of Subscription Scams Full Text
Abstract
Bitdefender discovered over 200 incredibly realistic websites offering a wide range of products, including shoes, clothing, and electronics. Customers are tricked into providing credit card information and agreeing to monthly subscriptions.HackRead
May 2, 2025 – Attack
Harrods becomes latest retailer to announce attempted cyberattack Full Text
Abstract
Harrods, the luxury department store in London, has become the latest U.K. retailer to announce detecting an attempted cyberattack following similar announcements by Marks & Spencer and the Co-op.The Record
May 2, 2025 – Phishing
Mystery Box Scams Deployed to Steal Credit Card Data Full Text
Abstract
Cybercriminals are deploying highly sophisticated subscription scams, including deceptive “mystery box” offers, to harvest credit card data and commit financial fraud. These scams are spreading across social media platforms, particularly Facebook.Infosecurity Magazine
May 2, 2025 – Vulnerabilities
Netgear EX6200 Flaw Enables Remote Access and Data Theft Full Text
Abstract
Three critical vulnerabilities (CVE-2025-4148, CVE-2025-4149, CVE-2025-4150) have been discovered in the Netgear EX6200 Wi-Fi range extender (firmware version 1.0.3.94), a device widely used in homes and small businesses.GBHackers
May 2, 2025 – Privacy
Apple notifies victims in 100 countries of likely spyware targeting Full Text
Abstract
Apple has issued threat notifications to users in 100 countries, warning of targeted spyware attacks likely involving advanced commercial surveillance tools such as Paragon. These attacks are part of a broader trend of mercenary spyware campaigns.The Record
May 2, 2025 – General
Claude AI Exploited to Operate 100+ Fake Political Personas in Global Influence Campaign Full Text
Abstract
A recent investigation by Anthropic has uncovered a sophisticated misuse of its Claude AI chatbot in a commercial “influence-as-a-service” operation. This campaign involved the creation of over 100 politically-aligned fake personas on Facebook and X.The Hacker News
May 2, 2025 – Outage
Poland’s state registry temporarily blocked by cyber incident Full Text
Abstract
A suspected distributed denial-of-service (DDoS) attack temporarily disrupted Poland’s state registry systems on April 24, 2024, affecting access to critical government services. The attack targeted the PESEL registry.The Record
May 2, 2025 – Outage
Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists Full Text
Abstract
Multiple Dutch organizations have experienced significant service disruptions this week due to a series of coordinated Distributed Denial-of-Service (DDoS) attacks. These attacks are the work of a pro-Russian hacktivist group NoName057(16).GBHackers