Smishers looking for new infrastructure are getting creative. Scammers have been abusing unsecured cellular routers used in industrial settings to blast SMS-based phishing mes
Published: 2025-10-01T22:16:07
The chipmakers say physical attacks aren't in the threat model. Many users didn't get the memo. In the age of cloud computing, protections baked into chips from Intel, AMD, an
Published: 2025-09-30T20:25:08
Search shows 2 million vulnerable Cisco SNMP interfaces exposed to the Internet. As many as 2 million Cisco devices are susceptible to an actively exploited zero-day that can
Published: 2025-09-25T12:43:42
Baseboard management controller vulnerabilities make remote attacks possible. Servers running on motherboards sold by Supermicro contain high-severity vulnerabilities that can
Published: 2025-09-24T11:15:06
Turla is getting a helping hand from Gamaredon. Both are units of Russia's FSB. Two of the Kremlin’s most active hacking units recently were spotted collaborating in malware a
Published: 2025-09-19T19:35:38
Ransomware group is one of the world's most prolific. Federal prosecutors charged a UK teenager with conspiracy to commit computer fraud and other crimes in connection with th
Published: 2025-09-19T00:00:37
A deep-dive into Active Directory and how "Kerberoasting" breaks it wide open. Last week, a prominent US senator called on the Federal Trade Commission to investigate Microsof
Published: 2025-09-18T14:31:22
Stopping the spread isn't the same as stopping attacks, period Google on Tuesday rolled out a new AI tool in Drive for desktop that it says will pause syncing to limit ransomware damage, but it won't stop attacks outright.
Published: 2025-09-30T20:10:29
"sfw" stands for Socket Firewall, but perhaps also "safe for work." Software security biz Socket has released a free command line tool to defend developers against supply chain attacks.
Published: 2025-09-30T19:46:14
Impact? Nope, don't worry, be happy, says Linux veteran Opinion There has been considerable worry about the impact of the European Union's Cyber Resilience Act on open source programmers. Linux stable kernel maintainer Greg Kroah-Hartman says, howev
Published: 2025-09-30T07:45:13
Microsoft is launching a Security Store that will be full of security software-as-a-service (SaaS) solutions and AI agents. It's part of a broader effort to sell Microsoft's Sentinel security platform to businesses, complete with Microsoft Security Copilot AI agents that can be built by security teams to help tackle the latest threats. The Microsoft Security […] 
Microsoft is launching a Security Store that will be full of security software-as-a-service (SaaS) solutions and AI agents. It’s part of a broader effort to sell Microsoft’s Sentinel security platform to businesses, complete with Microsoft Security...
Published: 2025-09-30T09:00:00
Security researchers are shining the spotlight on a serious security vulnerability that could enable stalkers to track victims using their own Tile tags, as well as other unwanted violations of security and privacy. Research outlined by Wired shows that Tile's anti-theft mode, which makes its trackers invisible on the Tile network, counteracts measures to prevent […] 
Security researchers are shining the spotlight on a serious security vulnerability that could enable stalkers to track victims using their own Tile tags, as well as other unwanted violations of security and privacy. Research outlined by Wired shows...
Published: 2025-09-29T18:03:30
President Donald Trump has signed an executive order recognizing the framework of a deal between ByteDance and the US that would satisfy the TikTok divest-or-ban law. The deal values TikTok's US operations at $14 billion and puts it under the control of companies based in the US. I spoke with President Xi [Jinping], we had […] 
President Donald Trump has signed an executive order recognizing the framework of a deal between ByteDance and the US that would satisfy the TikTok divest-or-ban law. The deal values TikTok’s US operations at $14 billion and puts it under the contr...
Published: 2025-09-25T17:13:28
A new report from Senate Democrats claims that members of Elon Musk's DOGE team have access to the Social Security numbers of all Americans in a cloud server that's lacking verified security measures, despite an internal assessment of potential catastrophic risk. The report, released by Sen. Gary Peters (D-MI), cites numerous disclosures from whistleblowers, including […] 
A new report from Senate Democrats claims that members of Elon Musk’s DOGE team have access to the Social Security numbers of all Americans in a cloud server that’s lacking verified security measures, despite an internal assessment of potential “ca...
Published: 2025-09-25T11:04:18
The UK's National Crime Agency arrested a man in West Sussex in connection with a ransomware attack that caused significant flight delays last week and forced many airlines to check passengers and luggage manually. The cyberattack impacted several airports across Europe, including London's Heathrow and Berlin's Brandenburg. The agency shared little about the arrest in […] 
The UK’s National Crime Agency arrested a man in West Sussex in connection with a ransomware attack that caused significant flight delays last week and forced many airlines to check passengers and luggage manually. The cyberattack impacted several ...
Published: 2025-09-24T12:41:48
The US Secret Service says it has disrupted a network of devices used to carry out assassination threats against US officials and for anonymous communications between threat actors, according to a report from NBC News. In the Tuesday announcement, the agency revealed that it uncovered the network within a 35-mile radius of the United Nations […] 
The US Secret Service says it has disrupted a network of devices used to carry out assassination threats against US officials and for anonymous communications between threat actors, according to a report from NBC News. In the Tuesday announcement, ...
Published: 2025-09-23T11:33:00
Steam has taken down a game containing malware that drained the cryptocurrency wallets belonging to hundreds of players, as reported earlier by Bleeping Computer. The free-to-play 2D platformer, titled BlockBlasters, took more than $150,000 from victims, including $32,000 from a streamer raising funds for their cancer treatment. In a post on X, malware tracker vx-underground […] 
Steam has taken down a game containing malware that drained the cryptocurrency wallets belonging to hundreds of players, as reported earlier by Bleeping Computer. The free-to-play 2D platformer, titled BlockBlasters, took more than $150,000 from vi...
Published: 2025-09-22T16:23:12
Months into an administration that has already suffered several basic security slipups, it's not exactly surprising to see President Donald Trump airing complaints in a public Truth Social post that seemed intended for Pam Bondi's DMs. In the post, Trump directly addresses US Attorney General Bondi, criticizing the lack of legal action against his adversaries. […] 
Months into an administration that has already suffered several basic security slipups, it's not exactly surprising to see President Donald Trump airing complaints in a public Truth Social post that seemed intended for Pam Bondi's DMs. In the post,...
Published: 2025-09-22T12:52:51
Two teenagers have been charged in connection with a cyberattack against London’s public transportation network in August 2024. UK investigators believe the network intrusion that impacted Transport for London (TfL) last year was carried out by members of the Scattered Spider online criminal group and caused significant disruption and millions in losses, according to Paul […] 
Two teenagers have been charged in connection with a cyberattack against London’s public transportation network in August 2024. UK investigators believe the “network intrusion” that impacted Transport for London (TfL) last year was carried ou...
Published: 2025-09-18T11:44:16
Bug bounty platform HackerOne announced that it paid out $81 million in rewards to white-hat hackers worldwide over the past 12 months. [...]
Published: 2025-10-02T11:35:44
Two new spyware campaigns that researchers call ProSpy and ToSpy lured Android users with fake upgrades or plugins for the Signal and ToTok messaging apps to steal sensitive data. [...]
Published: 2025-10-02T06:53:18
An extortion group calling itself the Crimson Collective claims to have stolen nearly 570GB of compressed data across 28,000 internal development respositories, with the company confirming it was a breach of one of its GitLab instances. [...]
Published: 2025-10-02T02:15:17
Mandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems [...]
Published: 2025-10-01T23:13:58
A ransomware attack at Motility Software Solutions, a provider of dealer management software (DMS), has exposed the sensitive data of 766,000 customers. [...]
Published: 2025-10-01T16:37:08
A new Android banking and remote access trojan (RAT) dubbed Klopatra disguised as an IPTV and VPN app has infected more than 3,000 devices across Europe. [...]
Published: 2025-10-01T14:33:55
Written by: Omar ElAhdan, Matthew McWhirt, Michael Rudden, Aswad Robinson, Bhavesh Dhake, Laith Al Background Protecting software-as-a-service (SaaS) platforms and applications requires a comprehensive security strategy. Drawing from analysis of UN
Published: 2025-09-30T14:00:00
Written by: Sarah Yoder, John Wolfram, Ashley Pearson, Doug Bienstock, Josh Madeley, Josh Murchie, Brad Slaybaugh, Matt Lin, Geoff Carstairs, Austin Larsen Introduction Google Threat Intelligence Group (GTIG) is tracking BRICKSTORM malware activity
Published: 2025-09-24T14:00:00
by Corey G. Johnson ProPublica is a nonprofit newsroom
Published: 2025-09-25T10:15:00
Names, numbers, and reg plates exposed in latest auto industry cyber-shunt Renault UK customers are being warned their personal data may be in criminal hands after one of its supplier was hacked.
Published: 2025-10-03T08:55:21
Software maker Kodex said its domain registrar fell for a fraudulent legal order A software platform used by law enforcement agencies and major tech companies to manage subpoenas and data requests went dark this week after attackers socially engineered AWS into freezing its domain.
Published: 2025-10-02T17:04:22
Extortion emails name-drop Big Red's E-Business Suite, though Google and Mandiant yet to find proof of any breach Criminals with potential links to the notorious Clop ransomware mob are bombarding Oracle execs with extortion emails, claiming to have stolen sensitive data from Big Red's E-Business Suite, according to researchers.
Published: 2025-10-02T12:45:06
Experts say Commission is fanning the flames of the continent's own Watergate An arsenal of angry European Parliament members (MEPs) is demanding answers from senior commissioners about why EU subsidies are ending up in the pockets of spyware companies.
Published: 2025-10-02T12:02:44
570GB of data claimed to be stolen by the Crimson Collective A hacking crew claims to have broken into Red Hat's private GitHub repositories, exfiltrating some 570GB of compressed data, including sensitive documents belonging to customers.
Published: 2025-10-02T09:25:46
The longer the shutdown, the less likely critical IT overhauls happen, ex federal CISO tells The Register The US government shut down at 1201 ET on October 1, halting non-essential IT modernization and leaving cybersecurity operations to run on skeleton crews.
Published: 2025-10-01T19:48:23
Who wouldn't want root access on cluster master nodes? A 9.9 out of 10 severity bug in Red Hat's OpenShift AI service could allow a remote attacker with minimal authentication to steal data, disrupt services, and fully hijack the platform.
Published: 2025-10-01T19:35:44
Uncle Sam can't quit Redmond Exclusive The US Air Force confirmed it's investigating a "privacy-related issue" amid reports of a Microsoft SharePoint-related breach and subsequent service-wide shutdown, rendering mission files and other critical tools potentially unavailable to service members.
Published: 2025-10-01T17:51:15
Allianz Life and WestJet lead the way, along with a niche software shop A trio of companies disclosed data breaches this week affecting approximately 3.7 million customers and employees across North America.
Published: 2025-10-01T12:24:03
Only 15% considering deployments and just 7% say it'll replace humans in next four years Enterprises aren't keen on letting autonomous agents take the wheel amid fears over trust and security as research once again shows that AI hype is crashing against the rocks of reality.
Published: 2025-10-01T11:25:49
ICO investigation into platform's lack of age assurance continues The UK's data watchdog has described Imgur's move to block UK users as "a commercial decision" after signaling plans to fine parent company MediaLab.
Published: 2025-10-01T10:07:36
Politico avoids the topic at Labour conference speech, homes in on AI instead UK prime minister Keir Starmer avoided mentioning the mandatory digital ID scheme in his keynote speech to the Labour Party conference amid calls for him to put meat on the bones of the plans or risk it failing fast.
Published: 2025-10-01T09:13:51
Coursework 'gone forever' as 10% report critical damage Schools and colleges hit by cyberattacks are taking longer to restore their networks and the consequences are severe, with students' coursework being permanently lost in some cases.
Published: 2025-10-01T08:50:17
Phantom Taurus created custom malware to hunt secrets across Asia, Africa, and the Middle East Threat-hunters at Palo Alto Networks Unit 42 have decided a gang they spotted two years ago is backed by China, after seeing it sling a new variety of malware.
Published: 2025-10-01T02:59:07
It's not just big tech anymore The North Korean IT worker threat extends well beyond tech companies, with fraudsters interviewing at a "surprising" number of healthcare orgs, according to Okta Threat Intelligence.
Published: 2025-09-30T22:20:52
Plaintext transmissions, fixed MAC addresses, rotating 'unique' IDs, and more, make abuse easy Tile Bluetooth trackers leak identifying data in plain text, giving stalkers an easy way to track victims despite Life360's security promises, a group of Georgia Tech researchers warns.
Published: 2025-09-30T21:32:25
Stopping the spread isn't the same as stopping attacks, period Google on Tuesday rolled out a new AI tool in Drive for desktop that it says will pause syncing to limit ransomware damage, but it won't stop attacks outright.
Published: 2025-09-30T20:10:29
50,000 firewall devices still exposed Nearly 50,000 Cisco ASA/FTD instances vulnerable to two bugs that are actively being exploited by "advanced" attackers remain exposed to the internet, according to Shadowserver data.
Published: 2025-09-30T16:09:35
Sharing links take seconds to create, but can last for years Partner Content Seamless collaboration through cloud platforms like Microsoft 365 has radically reshaped the modern workplace. In the span of an hour, you could go from uploading budget proposals to a project channel to live editing a joint presentation with a business partner, all while making lunch plans over Teams. From remote work to video calls, it's never been easier to connect people, ideas, and information.
Published: 2025-09-30T15:00:10
Met's Croydon cameras hailed as a triumph, guidance to be published later this year The government is to encourage police forces across England and Wales to adopt live facial recognition (LFR) technology, with a minister praising its use by the London's Metropolitan Police in a suburb in the south of the city.
Published: 2025-09-30T10:01:07
Zhimin Qian recruited takeaway worker to launder funds through property overseas London's Metropolitan Police has secured a "landmark conviction" following a record-busting Bitcoin seizure and seven-year investigation.
Published: 2025-09-30T09:31:14
Impact? Nope, don't worry, be happy, says Linux veteran Opinion There has been considerable worry about the impact of the European Union's Cyber Resilience Act on open source programmers. Linux stable kernel maintainer Greg Kroah-Hartman says, however, that there won't be much of an impact at all.
Published: 2025-09-30T07:45:13
The federal government's not the only thing shutting down on Oct. 1 The US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday will cut its ties to - and funding for - the Center for Internet Security, a nonprofit that provides free and low-cost cybersecurity services to state and local governments.
Published: 2025-09-30T00:16:07
MCP plus open source plus typosquatting equals trouble A fake npm package posing as Postmark's MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding a single line of code that secretly copied outgoing messages to an attacker-controlled address.
Published: 2025-09-29T20:44:35
No personal info gulped as yet, but don't call for help Japan's largest brewery biz, Asahi, has shut down distribution systems following an online attack, and local drinkers will just have to make do with stocks as they stand.
Published: 2025-09-29T20:42:50
Baroness Manningham-Buller cites Kremlin sabotage, cyberattacks, and assassinations as signs of an undeclared conflict The former head of MI5 says hostile cyberattacks and intelligence operations directed by The Kremlin indicate the UK might already be at war with Russia.
Published: 2025-09-29T14:45:11
Ed Miliband takes aim at social media overlord for promoting violence and disinformation The UK government should consider the possibility of leaving social media platform X, a high-profile minister has suggested.
Published: 2025-09-29T11:00:08
Attackers make contact but negotiations fall on deaf ears Luxury London-based retailer Harrods is facing its second cybersecurity scandal in 2025, confirming criminals not only stole 430,000 customers' data in a fresh attack but have even made contact.
Published: 2025-09-29T10:39:50
Hundreds of thousands of workers in financial despair supported with landmark loan The UK government is stepping in with financial support for Jaguar Land Rover, providing it with a hefty loan as it continues to battle the fallout from a cyberattack.
Published: 2025-09-29T09:46:14
Socio political backdrop is not what it once was.... Opinion UK Prime Minister Keir Starmer directly addressed his new policy of mandatory digital ID in the country for 23 seconds in its effective launch speech.
Published: 2025-09-29T09:16:34
Guess how much of our direct transatlantic data capacity runs through two cables in Bude? Feature The first transatlantic cable, laid in 1858, delivered a little over 700 messages before promptly dying a few weeks later. 167 years on, the undersea cables connecting the UK to the outside world process 220 billion in daily financial transactions. Now, the UK Parliament's Joint Committee on National Security Strategy (JCNSS) has told the government that it has to do a better job of protecting them.
Published: 2025-09-29T08:01:06
We re blind to malicious AI until it hits. We can still open our eyes to stopping it Opinion Last year, The Register reported on AI sleeper agents. A major academic study explored how to train an LLM to hide destructive behavior from its users, and how to find it before it triggered. The answers were unambiguously asymmetric the first is easy, the second very difficult. Not what anyone wanted to hear.
Published: 2025-09-29T07:15:06
Alleges bias and security problems US President Donald Trump has demanded Microsoft fire its recently appointed head of global affairs Lisa Monaco.
Published: 2025-09-29T03:24:10
PLUS: Interpol recoups $439M from crims; CISA criticizes Feds security; FIFA World Cup nets dodgy domain deluge Infosec In Brief Police in the Netherlands arrested two 17-year-olds last week over claims that Russian intelligence recruited them to spy on the headquarters of European law enforcement agencies.
Published: 2025-09-29T01:09:53
PLUS: US court grounds China's DJI; India requires 2FA for most payments; Great Firewall busters launch VPN; and more! Asia In Brief Over 600 e-government services operated by South Korea's government are offline after a datacenter fire disrupted operations.
Published: 2025-09-28T22:59:56
Not to be confused with all the other reports of Chinese intruders on US networks that came to light this week RedNovember, a Chinese state-sponsored cyberspy group, targeted government and critical private-sector networks around the globe between June 2024 and July 2025, exploiting buggy internet-facing appliances to deploy a Go-based backdoor called Pantegana and other offensive security tools, including Cobalt Strike and SparkRAT.
Published: 2025-09-27T11:06:08
Chinese giant maps out datacenters across Europe and beyond, yet US chip curbs cast a long shadow Analysis Alibaba this week opened an AI war chest containing tens of billions of dollars, a revamped LLM lineup, and plans for AI datacenters in Europe. But it also prompted a flurry of questions over how it will achieve all this in an increasingly fragmented IT landscape, when critical resources are in short supply.
Published: 2025-09-27T08:38:06
Act passed in 2015 is due to lapse unless a continuing resolution passes - and that's unlikely Barring a last-minute deal, the US federal government would shut down on Wednesday, October 1, and the 2015 Cybersecurity Information Sharing Act would lapse at the same time, threatening what many consider a critical plank of US cybersecurity policy.
Published: 2025-09-26T21:00:33
Upgraded nasty slips into Xcode builds, steals crypto, and disables macOS defenses The long-running XCSSET malware strain has evolved again, with Microsoft warning of a new macOS variant that expands its bag of tricks while continuing to target developers.
Published: 2025-09-26T15:23:57
CRM giant denies security shortcomings as claims allege stolen data used for ID theft Updated Salesforce is facing a wave of lawsuits in the wake of a cyberattack that exposed customer data.
Published: 2025-09-26T15:15:13
Researchers say tens of thousands of instances remain publicly reachable Security researchers have confirmed that threat actors have exploited the maximum-severity vulnerability affecting Fortra's GoAnywhere managed file transfer (MFT), and chastised the vendor for a lack of transparency.
Published: 2025-09-26T14:32:13
Operation Cronos didn't kill LockBit it just came back meaner Trend Micro has sounded the alarm over the new LockBit 5.0 ransomware strain, which it warns is "significantly more dangerous" than past versions due to its newfound ability to simultaneously target Windows, Linux, and VMware ESXi environments.
Published: 2025-09-26T14:28:08
More fun with AI agents and their security holes A now-fixed flaw in Salesforce's Agentforce could have allowed external attackers to steal sensitive customer data via prompt injection, according to security researchers who published a proof-of-concept attack on Thursday. They were aided by an expired trusted domain that they were able to buy for a measly five bucks.
Published: 2025-09-26T12:53:10
The downstream consequences of Milj data's ransomware attack continue to affect major organizations Volvo North America is the latest large organization to announce attackers accessed employee data after a ransomware attack struck its HR system provider.
Published: 2025-09-26T12:13:12
CISA gives feds 24 hours to patch, NCSC urges rapid action as flaws linked to ArcaneDoor spies Cybersecurity agencies on both sides of the Atlantic are sounding the alarm over Cisco firewall vulnerabilities that are being exploited by an "advanced threat actor."
Published: 2025-09-26T10:22:35
Prime Minister Starmer revives controversial scheme despite past denials, sparking civil liberties backlash The UK government plans to issue all legal residents a digital identity by the end of the current Parliament, which could run until August 2029, with its use required to get a job.
Published: 2025-09-26T09:50:35
It's amazing the number of calls Jo, Helen, and Ian get through The UK's data protection watchdog fined two Brit businesses with offshore call centers 550,000 (c $735,000) over illegal automated marketing calls.
Published: 2025-09-26T08:44:32
Keeping Pyongyang's coffers full North Korean-linked crews connected to the pervasive IT worker scams have upped their malware game, using more advanced tools, including a backdoor that has much of the same code as Pyongyang's infamous Lazarus Group deploys.
Published: 2025-09-25T19:59:08
Images of toddlers and home addresses leaked in reprehensible landmark attack A cyber criminal crew has targeted Kido International, a preschool and daycare organization, leaking sensitive details about its pupils and their parents.
Published: 2025-09-25T17:16:00
The latest in a run of serious networking bugs gives attackers root if they have SNMP access Cisco has confirmed a new IOS and IOS XE zero-day, the latest in a string of flaws that attackers have been quick to weaponize.
Published: 2025-09-25T11:40:19
Google has launched a new AI-based protection in Drive for desktop that can shut down an attack before it spreads but its benefits have their limits.
Published: 2025-09-30T13:44:52
Google can create and manage passkeys from your browser, but the process is more involved than it suggests.
Published: 2025-09-30T11:30:00
Your logins will live on after you pass on. Make sure they end up in the right hands.
Published: 2025-09-29T11:00:00
A team of researchers found that, by not encrypting the data broadcast by Tile tags, users could be vulnerable to having their location information exposed to malicious actors.
Published: 2025-09-29T09:30:00
Harry Jackson went into Kathmandu as a tourist. He ended up being one of the main international sources of news on Nepal’s Gen Z protests.
Published: 2025-09-28T14:40:00
Plus: A ransomeware gang steals data on 8,000 preschoolers, Microsoft blocks Israel’s military from using its cloud for surveillance, call-recording app Neon hits pause over security holes, and more.
Published: 2025-09-27T14:25:49
Companies are going to great lengths to protect the infrastructure that provides the backbone of the world’s digital services by burying their data deep underground.
Published: 2025-09-27T12:00:00
By inflating numbers and narrowing definitions, Heritage promotes a false link between transgender identity and violence in its push for the FBI to create a new terrorism category.
Published: 2025-09-26T19:43:55
The agency says it found a network of some 300 servers and 100,000 SIM cards enough to knock out cell service in the NYC area. Experts say it mirrors facilities typically used for cybercrime.
Published: 2025-09-23T18:09:18
Newly released data shows Customs and Border Protection funneled the DNA of nearly 2,000 US citizens some as young as 14 into an FBI crime database, raising alarms about oversight and legality.
Published: 2025-09-23T15:06:41
Travel Mode not only hides your most sensitive data it acts as if that data never existed in the first place.
Published: 2025-09-23T11:30:00
The UK-based automaker has been forced to stop vehicle production as a result of the attack costing JLR tens of millions of dollars and forcing its parts suppliers to lay off workers.
Published: 2025-09-22T06:00:00
Plus: An investigation reveals how US tech companies reportedly helped build China’s sweeping surveillance state, and two more alleged members of the Scattered Spider hacking group were arrested.
Published: 2025-09-20T10:30:00
More than a dozen elected officials were arrested in or around 26 Federal Plaza in New York City, where ICE detains people in what courts have ruled are unsanitary conditions.
Published: 2025-09-18T23:18:10
A pair of flaws in Microsoft's Entra ID identity and access management system could have allowed an attacker to gain access to virtually all Azure customer accounts.
Published: 2025-09-18T15:09:17
Scammers are now using “SMS blasters” to send out up to 100,000 texts per hour to phones that are tricked into thinking the devices are cell towers. Your wireless carrier is powerless to stop them.
Published: 2025-09-18T11:00:00
The threat actor known as Confucius has been attributed to a new phishing campaign that has targeted Pakistan with malware families like WooperStealer and Anondoor. "Over the past decade, Confucius has repeatedly targeted government agencies, military organizations, defense contractors, and critical industries -- especially in Pakistan using spear-phishing and malicious documents as initial
Published: 2025-10-02T20:14:00
Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems. The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down. It was first
Published: 2025-10-02T18:37:00
Penetration testing is critical to uncovering real-world security weaknesses. With the shift into continuous testing and validation, it is time we automate the delivery of these results. The way results are delivered hasn’t kept up with today’s fast-moving threat landscape. Too often, findings are packaged into static reports, buried in PDFs or spreadsheets, and handed off manually to
Published: 2025-10-02T17:25:00
From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions. On the defense side, AI is stepping up to block ransomware in real
Published: 2025-10-02T17:00:00
Google Mandiant and Google Threat Intelligence Group (GTIG) have disclosed that they are tracking a new cluster of activity possibly linked to a financially motivated threat actor known as Cl0p. The malicious activity involves sending extortion emails to executives at various organizations and claiming to have stolen sensitive data from their Oracle E-Business Suite. "This activity began on or
Published: 2025-10-02T16:55:00
Running a SOC often feels like drowning in alerts. Every morning, dashboards light up with thousands of signals; some urgent, many irrelevant. The job is to find the real threats fast enough to keep cases from piling up, prevent analyst burnout, and maintain client or leadership confidence. The toughest challenges, however, aren’t the alerts that can be dismissed quickly, but the ones that hide
Published: 2025-10-02T16:30:00
Cybersecurity researchers have discovered two Android spyware campaigns dubbed ProSpy and ToSpy that impersonate apps like Signal and ToTok to target users in the United Arab Emirates (U.A.E.). Slovak cybersecurity company ESET said the malicious apps are distributed via fake websites and social engineering to trick unsuspecting users into downloading them. Once installed, both the spyware
Published: 2025-10-02T14:54:00
In yet another piece of research, academics from Georgia Institute of Technology and Purdue University have demonstrated that the security guarantees offered by Intel's Software Guard eXtensions (SGX) can be bypassed on DDR4 systems to passively decrypt sensitive data. SGX is designed as a hardware feature in Intel server processors that allows applications to be run in a Trusted Execution
Published: 2025-10-01T22:50:00
A high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution that, if successfully exploited, could expose sensitive OpenID Connect (OIDC) application client secrets under certain circumstances. The vulnerability, tracked as CVE-2025-59363, has been assigned a CVSS score of 7.7 out of 10.0. It has been described as a case of
Published: 2025-10-01T18:57:00
AI is changing automation but not always for the better. That’s why we’re hosting a new webinar, "Workflow Clarity: Where AI Fits in Modern Automation," with Thomas Kinsella, Co-founder & Chief Customer Officer at Tines, to explore how leading teams are cutting through the hype and building workflows that actually deliver.The rise of AI has changed how organizations think about automation.
Published: 2025-10-01T18:15:00
A severe security flaw has been disclosed in the Red Hat OpenShift AI service that could allow attackers to escalate privileges and take control of the complete infrastructure under certain conditions. OpenShift AI is a platform for managing the lifecycle of predictive and generative artificial intelligence (GenAI) models at scale and across hybrid cloud environments. It also facilitates data
Published: 2025-10-01T18:06:00
Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February 2022. French cybersecurity company SEKOIA said the attackers are exploiting the cellular router's API to send malicious SMS messages containing phishing URLs, with the campaigns primarily targeting Sweden, Italy,
Published: 2025-10-01T16:37:00
Bitdefender’s 2025 Cybersecurity Assessment Report paints a sobering picture of today’s cyber defense landscape: mounting pressure to remain silent after breaches, a gap between leadership and frontline teams, and a growing urgency to shrink the enterprise attack surface. The annual research combines insights from over 1,200 IT and security professionals across six countries, along with an
Published: 2025-10-01T16:37:00
A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy. Italian fraud prevention firm Cleafy, which discovered the sophisticated malware and remote access trojan (RAT) in late August 2025, said it leverages Hidden Virtual Network Computing (VNC) for remote control of infected devices and
Published: 2025-10-01T14:55:00
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new targeted cyber attacks in the country using a backdoor called CABINETRAT. The activity, observed in September 2025, has been attributed to a threat cluster it tracks as UAC-0245. The agency said it spotted the attack following the discovery of software tools taking the form of XLL files, which refer to Microsoft Excel
Published: 2025-10-01T12:41:19
A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud processors. "We built a simple, $50 interposer that sits quietly in the memory path, behaving transparently during startup and passing all trust checks," researchers Jesse De Meulemeester, David Oswald, Ingrid
Published: 2025-10-01T00:12:00
Government and telecommunications organizations across Africa, the Middle East, and Asia have emerged as the target of a previously undocumented China-aligned nation-state actor dubbed Phantom Taurus over the past two-and-a-half years. "Phantom Taurus' main focus areas include ministries of foreign affairs, embassies, geopolitical events, and military operations," Palo Alto Networks Unit 42
Published: 2025-09-30T21:37:00
Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major privacy risks and data theft. "They made Gemini vulnerable to search-injection attacks on its Search Personalization Model; log-to-prompt injection attacks against Gemini Cloud
Published: 2025-09-30T18:48:00
Microsoft on Tuesday unveiled the expansion of its Sentinel Security Incidents and Event Management solution (SIEM) as a unified agentic platform with the general availability of the Sentinel data lake. In addition, the tech giant said it's also releasing a public preview of Sentinel Graph and Sentinel Model Context Protocol (MCP) server to turn telemetry into a security graph and allow AI
Published: 2025-09-30T18:30:00
The Problem: Legacy SOCs and Endless Alert Noise Every SOC leader knows the feeling: hundreds of alerts pouring in, dashboards lighting up like a slot machine, analysts scrambling to keep pace. The harder they try to scale people or buy new tools, the faster the chaos multiplies. The problem is not just volume; it is the model itself. Traditional SOCs start with rules, wait for alerts to fire,
Published: 2025-09-30T17:00:00
A newly patched security flaw impacting Broadcom VMware Tools and VMware Aria Operations has been exploited in the wild as a zero-day since mid-October 2024 by a threat actor called UNC5174, according to NVISO Labs. The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), a local privilege escalation bug affecting the following versions - VMware Cloud Foundation 4.x and 5.x VMware
Published: 2025-09-30T16:27:00
Cybersecurity researchers have flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover (DTO) attacks and perform fraudulent transactions by preying on the elderly. Dutch mobile security company ThreatFabric said it discovered the campaign in August 2025 after users in Australia reported scammers managing Facebook groups promoting "active senior
Published: 2025-09-30T14:50:00
The world of enterprise technology is undergoing a dramatic shift. Gen-AI adoption is accelerating at an unprecedented pace, and SaaS vendors are embedding powerful LLMs directly into their platforms. Organizations are embracing AI-powered applications across every function, from marketing and development to finance and HR. This transformation unlocks innovation and efficiency, but it also
Published: 2025-09-30T14:03:00
A Chinese national has been convicted for her role in a fraudulent cryptocurrency scheme after law enforcement authorities in the U.K. confiscated 5.5 billion (about $7.39 billion) during a raid of her home in London. The cryptocurrency seizure, amounting to 61,000 Bitcoin, is believed to be the single largest such effort in the world, the Metropolitan Police said. Zhimin Qian (aka Yadi Zhang),
Published: 2025-09-30T13:53:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to
Published: 2025-09-30T11:11:00
Threat actors have been observed using seemingly legitimate artificial intelligence (AI) tools and software to sneakily slip malware for future attacks on organizations worldwide. According to Trend Micro, the campaign is using productivity or AI-enhanced tools to deliver malware targeting various regions, including Europe, the Americas, and the Asia, Middle East, and Africa (AMEA) region.
Published: 2025-09-29T22:06:00
Cybersecurity never stops and neither do hackers. While you wrapped up last week, new attacks were already underway. From hidden software bugs to massive DDoS attacks and new ransomware tricks, this week’s roundup gives you the biggest security moves to know. Whether you’re protecting key systems or locking down cloud apps, these are the updates you need before making your next security
Published: 2025-09-29T18:06:00
Security leaders are embracing AI for triage, detection engineering, and threat hunting as alert volumes and burnout hit breaking points. A comprehensive survey of 282 security leaders at companies across industries reveals a stark reality facing modern Security Operations Centers: alert volumes have reached unsustainable levels, forcing teams to leave critical threats uninvestigated. You can
Published: 2025-09-29T17:00:00
Microsoft is calling attention to a new phishing campaign primarily aimed at U.S.-based organizations that has likely utilized code generated using large language models (LLMs) to obfuscate payloads and evade security defenses. "Appearing to be aided by a large language model (LLM), the activity obfuscated its behavior within an SVG file, leveraging business terminology and a synthetic structure
Published: 2025-09-29T14:22:00
Cybersecurity researchers have discovered what has been described as the first-ever instance of a malicious Model Context Protocol (MCP) server spotted in the wild, raising software supply chain risks. According to Koi Security, a legitimate-looking developer managed to slip in rogue code within an npm package called "postmark-mcp" that copied an official Postmark Labs library of the same name.
Published: 2025-09-29T14:06:00
Telecommunications and manufacturing sectors in Central and South Asian countries have emerged as the target of an ongoing campaign distributing a new variant of a known malware called PlugX (aka Korplug or SOGU). "The new variant's features overlap with both the RainyDay and Turian backdoors, including abuse of the same legitimate applications for DLL side-loading, the
Published: 2025-09-27T17:36:00
A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader, which is then used to drop Amatera Stealer and PureMiner. "The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipients into opening harmful attachments," Fortinet FortiGuard Labs researcher Yurren Wan said in a report shared with The
Published: 2025-09-26T22:10:00
The Russian advanced persistent threat (APT) group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed to deliver two new "lightweight" malware families tracked as BAITSWITCH and SIMPLEFIX. Zscaler ThreatLabz, which detected the new multi-stage ClickFix campaign earlier this month, described BAITSWITCH as a downloader that ultimately drops SIMPLEFIX, a
Published: 2025-09-26T18:15:00
Car makers don’t trust blueprints. They smash prototypes into walls. Again and again. In controlled conditions. Because design specs don’t prove survival. Crash tests do. They separate theory from reality. Cybersecurity is no different. Dashboards overflow with “critical” exposure alerts. Compliance reports tick every box. But none of that proves what matters most to a CISO: The
Published: 2025-09-26T16:52:00
Cybersecurity company watchTowr Labs has disclosed that it has "credible evidence" of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer (MFT) software as early as September 10, 2025, a whole week before it was publicly disclosed. "This is not 'just' a CVSS 10.0 flaw in a solution long favored by APT groups and ransomware operators it is a
Published: 2025-09-26T14:52:00
Cybersecurity researchers have discovered an updated version of a known Apple macOS malware called XCSSET that has been observed in limited attacks. "This new variant of XCSSET brings key changes related to browser targeting, clipboard hijacking, and persistence mechanisms," the Microsoft Threat Intelligence team said in a Thursday report. "It employs sophisticated encryption and obfuscation
Published: 2025-09-26T14:39:00
The U.K. National Cyber Security Centre (NCSC) has revealed that threat actors have exploited the recently disclosed security flaws impacting Cisco firewalls as part of zero-day attacks to deliver previously undocumented malware families like RayInitiator and LINE VIPER. "The RayInitiator and LINE VIPER malware represent a significant evolution on that used in the previous campaign, both in
Published: 2025-09-26T11:21:00
Cisco is urging customers to patch two security flaws impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software, which it said have been exploited in the wild. The zero-day vulnerabilities in question are listed below - CVE-2025-20333 (CVSS score: 9.9) - An improper validation of user-supplied input
Published: 2025-09-25T23:47:00
Welcome to this week’s Threatsday Bulletin your Thursday check-in on the latest twists and turns in cybersecurity and hacking. The digital threat landscape never stands still. One week it’s a critical zero-day, the next it’s a wave of phishing lures or a state-backed disinformation push. Each headline is a reminder that the rules keep changing and that defenders whether you’re protecting a
Published: 2025-09-25T22:54:00
The threat actor known as Vane Viper has been outed as a purveyor of malicious ad technology (adtech), while relying on a tangled web of shell companies and opaque ownership structures to deliberately evade responsibility. "Vane Viper has provided core infrastructure in widespread malvertising, ad fraud, and cyberthreat proliferation for at least a decade," Infoblox said in a technical report
Published: 2025-09-25T22:52:00
Cybersecurity researchers have disclosed a critical flaw impacting Salesforce Agentforce, a platform for building artificial intelligence (AI) agents, that could allow attackers to potentially exfiltrate sensitive data from its customer relationship management (CRM) tool by means of an indirect prompt injection. The vulnerability has been codenamed ForcedLeak (CVSS score: 9.4) by Noma Security,
Published: 2025-09-25T20:47:00
The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented backdoor called AkdoorTea, along with tools like TsunamiKit and Tropidoor. Slovak cybersecurity firm ESET, which is tracking the activity under the name DeceptiveDevelopment, said the campaign targets software developers across all operating systems, Windows,
Published: 2025-09-25T18:44:00
Despite a coordinated investment of time, effort, planning, and resources, even the most up-to-date cybersecurity systems continue to fail. Every day. Why? It’s not because security teams can't see enough. Quite the contrary. Every security tool spits out thousands of findings. Patch this. Block that. Investigate this. It's a tsunami of red dots that not even the most crackerjack team on
Published: 2025-09-25T17:19:00
The latest Gcore Radar report analyzing attack data from Q1 Q2 2025, reveals a 41% year-on-year increase in total attack volume. The largest attack peaked at 2.2 Tbps, surpassing the 2 Tbps record in late 2024. Attacks are growing not only in scale but in sophistication, with longer durations, multi-layered strategies, and a shift in target industries. Technology now overtakes gaming as the most
Published: 2025-09-25T17:00:00
Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and Ethereum wallet keys from source code. The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased on May 25, 2025, amassing 8,424 downloads in total, according to software supply chain
Published: 2025-09-25T13:29:00
Cisco has warned of a high-severity security flaw in IOS Software and IOS XE Software that could allow a remote attacker to execute arbitrary code or trigger a denial-of-service (DoS) condition under specific circumstances. The company said the vulnerability, CVE-2025-20352 (CVSS score: 7.7), has been exploited in the wild, adding it became aware of it "after local Administrator credentials were
Published: 2025-09-25T12:00:00
A suspected cyber espionage activity cluster that was previously found targeting global government and private sector organizations spanning Africa, Asia, North America, South America, and Oceania has been assessed to be a Chinese state-sponsored threat actor. Recorded Future, which was tracking the activity under the moniker TAG-100, has now graduated it to a hacking group dubbed RedNovember.
Published: 2025-09-24T22:06:00
Companies in the legal services, software-as-a-service (SaaS) providers, Business Process Outsourcers (BPOs), and technology sectors in the U.S. have been targeted by a suspected China-nexus cyber espionage group to deliver a known backdoor referred to as BRICKSTORM. The activity, attributed to UNC5221 and closely related, suspected China-nexus threat clusters, is designed to facilitate
Published: 2025-09-24T20:03:00
Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the system to artificial intelligence (AI) model tampering and supply chain risks. The critical-rated vulnerabilities in question, discovered by Trend Micro, are listed below - CVE-2025-10643 (CVSS score: 9.1) - An authentication bypass vulnerability that
Published: 2025-09-24T19:25:00
Most businesses don't make it past their fifth birthday - studies show that roughly 50% of small businesses fail within the first five years. So when KNP Logistics Group (formerly Knights of Old) celebrated more than a century and a half of operations, it had mastered the art of survival. For 158 years, KNP adapted and endured, building a transport business that operated 500 trucks
Published: 2025-09-24T17:28:00
Google observed Cl0p ransomware group sending extortion emails to executives, claiming theft of Oracle E-Business Suite data. Google Mandiant and Google Threat Intelligence Group (GTIG) researchers are tracking a suspected Cl0p ransomware group’s activity, where threat actors attempt to extort executives with claims of stealing Oracle E-Business Suite data. “A group of hackers claimed to […]
Published: 2025-10-03T05:21:58
CERT-UA warns UAC-0245 targets Ukraine with CABINETRAT backdoor via malicious Excel XLL add-ins spotted in Sept 2025. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyberattacks by the group UAC-0245 using the CABINETRAT backdoor. The campaign, seen in September 2025, involved malicious Excel XLL add-ins posing as software tools (e.g. “UBD Request.xll”, “recept_ruslana_nekitenko.xll”). […]
Published: 2025-10-02T18:01:26
Allianz Life breach exposed data of 1.5M people, including names, addresses, birth dates, and Social Security numbers stolen from a cloud CRM. In July, Allianz Life disclosed a breach where hackers stole data from a cloud database, affecting most of its customers and staff. In August, the data breach notification site Have I Been Pwned reported 1.1M impacted, […]
Published: 2025-10-02T14:13:43
The cybercrime group calling itself the Crimson Collective claimed to have compromised Red Hat ‘s private GitHub repositories. The Crimson Collective claimed it had stolen 570GB from Red Hat ’s private GitHub repositories, including 28,000 projects and approximately 800 Customer Engagement Reports (CERs) with sensitive network data. CERs often contain sensitive info, including infrastructure details, […]
Published: 2025-10-02T10:37:05
China-linked APT Phantom Taurus targets government and telecom orgs with Net-Star malware for espionage, using unique tactics over two years. China-nexus APT Phantom Taurus has targeted government and telecom organizations for espionage, using Net-Star malware and distinct TTPs. Phantom Taurus is a previously undocumented Chinese APT, it has targeted entities in Africa, the Middle East, […]
Published: 2025-10-02T07:40:57
OpenSSL updates addressed 3 flaws enabling key recovery, code execution, and DoS attacks. Users are urged to update asap. The OpenSSL Project has released security updates to address three vulnerabilities, tracked as CVE-2025-9230, CVE-2025-9231, and CVE-2025-9232, in its open-source SSL/TLS toolkit. OpenSSL is an open-source library that provides encryption, decryption, hashing, and digital certificate management. […]
Published: 2025-10-01T20:15:47
Apple released iOS and macOS updates to fix a flaw in font processing that could trigger a denial-of-service condition or memory corruption. Apple released iOS and macOS updates to address a medium-severity flaw, tracked as CVE-2025-43400, in font processing that could trigger a denial-of-service condition or memory corruption. The CVE-2025-43400 flaw is an out-of-bounds write […]
Published: 2025-10-01T11:00:02
WestJet confirms June cyberattack that disrupted certain internal systems, exposed customer passports and IDs. WestJet airline confirmed the June security breach exposed customer passports and IDs. WestJet is a Canadian airline that operates both domestic and international flights. Founded in 1996, it started as a low-cost carrier and has grown to become Canada’s second-largest airline, […]
Published: 2025-10-01T06:38:18
Broadcom patched six VMware flaws, including CVE-2025-41244, which has been exploited in the wild as a zero-day since mid-October 2024 by UNC5174 Broadcom addressed six VMware vulnerabilities, including four high-severity issues. One of these flaws, tracked as CVE-2025-41244 (CVSS score 7.8), allows local users to escalate to root via VMware Tools and Aria Operations. “VMware […]
Published: 2025-09-30T14:06:54
A Chinese national was convicted in the UK for crypto fraud as police seized 5.5B (61,000 Bitcoin), the world’s largest cryptocurrency seizure. UK authorities raided the London home of Chinese national Zhimin Qian (47), also known as Yadi Zhang, and confiscated 5.5 billion (about $7.39 billion) in cryptocurrency, totaling 61,000 Bitcoin. Police described it as […]
Published: 2025-09-30T13:21:38