Click any tag below to further narrow down your results
Links
Threat actors are using a recently patched vulnerability in Microsoft WSUS, known as CVE-2025-59287, to distribute ShadowPad malware. This backdoor, linked to Chinese hacking groups, allows attackers to execute commands and install additional malicious tools on compromised systems.
The Chinese-linked threat group Ink Dragon exploits vulnerabilities in IIS servers to create a stealthy global espionage network. Initially focused on Southeast Asia and South America, their attacks have now spread to European governments, using compromised servers to relay attack traffic and gather intelligence.
The European Space Agency has confirmed a significant security breach where hackers stole 500 GB of sensitive data, including operational procedures and contractor information. The attackers claim they still have access to ESA's systems, prompting a criminal investigation into the incident. This breach follows another incident just a week prior where 200 GB of ESA data was listed for sale.
This article details methods for retrieving access tokens from Microsoft Teams, focusing on how to extract them from the application's storage. It outlines the steps to locate the tokens, decrypt them, and use them to interact with Microsoft Graph API for actions like sending messages or reading chats.
A ransomware attack took 1,000 computers offline at Romania's water management authority, disrupting various systems but not affecting water supply. The attack used Windows' BitLocker for data encryption, and no group has claimed responsibility yet. Investigations are underway to pinpoint the attack vector and restore operations.
A 16TB unsecured MongoDB database was discovered, containing around 4.3 billion professional records, primarily linked to personal data like emails and job histories. Researchers believe this data could facilitate targeted cyber attacks, including phishing and corporate fraud. The database's ownership is still unclear, but it may belong to a lead-generation company.
This article examines how the Russian threat group Primitive Bear uses a recently discovered WinRAR vulnerability (CVE-2025-6218) to launch malware attacks targeting Ukrainian entities. The analysis highlights the group's methodology, including the use of deceptive file names to trick victims into executing malicious scripts.
The article explores the increased cyber risks surrounding the 2026 Winter Olympics in Milano Cortina, primarily due to Russia's political exclusion from the event. It outlines past Russian cyber operations and suggests potential attacks that could disrupt the Games, emphasizing the need for enhanced cybersecurity measures.
Chinese-speaking hackers used a compromised SonicWall VPN to access VMware ESXi systems, exploiting three zero-day vulnerabilities for potential ransomware attacks. Cybersecurity firm Huntress intervened before the attack could escalate, revealing a sophisticated toolkit that enables virtual machine escapes and backdoor access.
This article offers guidance for executives on enhancing cyber readiness to prevent data disruptions. It emphasizes the need for a proactive culture that learns from incidents and adapts to evolving threats, ultimately fostering resilience and growth.
This article advises C-suite leaders on transforming data disruption into business resilience and growth. It emphasizes the need for a proactive culture that learns from cyber incidents and strengthens defenses against evolving threats. Key strategies include improving data defense and navigating regulatory complexities.
Hackers exploited a zero-day vulnerability in Triofox, a file-sharing platform, to bypass authentication and deploy malicious payloads. They manipulated HTTP host headers to gain access and configured the system's anti-virus feature to run their own scripts, allowing further exploitation.
The article details a sophisticated malware operation by North Korean threat actors using npm packages to deliver malicious code. It explains how they utilize GitHub and Vercel to manage and deploy payloads, highlighting various tactics for data theft, including clipboard access, keylogging, and file exfiltration.
Apple and Google have issued alerts about state-sponsored hacking targeting users in over 150 countries. These notifications likely affect high-risk individuals, such as journalists and activists, although specific details about the attacks remain unclear.
A 2017 informant told the FBI that Jeffrey Epstein had a personal hacker from Calabria who specialized in exploiting vulnerabilities in various technologies. The hacker reportedly sold cyber tools to multiple countries and even received payment from Hezbollah in cash. The information comes from a recently released DOJ document but lacks verification from the FBI.
Playbook-NG is a web-based application designed for cyber incident response, allowing users to match findings with countermeasures using MITRE ATT&CK™ TTP IDs. It offers features like export options, customizable incident templates, and a stateless interface that clears user data after each session. The tool is ideal for both live incident planning and tabletop exercises, promoting agile and structured responses to cyber threats.
Meta has successfully disrupted covert operations orchestrated by state actors from Iran, China, and Romania that aimed to manipulate public opinion on social media. These efforts included misinformation campaigns and fake accounts, which Meta identified and removed to protect users from deceptive practices. The company's actions reflect its ongoing commitment to enhancing platform security and integrity.
ThreatLocker Cyber Hero MDR enhances the ThreatLocker Detect EDR solution by providing 24/7/365 monitoring and response to potential cyber threats. The Cyber Hero Team quickly assesses alerts to determine their validity, manages incidents according to customer protocols, and offers detailed insights into threats, thereby improving overall security and reducing alert fatigue for organizations.
The U.S. Treasury Department has imposed sanctions on individuals and entities involved in a North Korean scheme that exploits foreign workers to generate revenue for the regime. This action is part of ongoing efforts to curb North Korea's ability to fund its nuclear and missile programs through illegal activities.
Primary Source Collection (PSC) enhances threat intelligence by providing actionable insights that static feeds cannot deliver. The article explores PSC's definition, real-world applications in various sectors, and offers a framework for evaluating vendors' collection capabilities.
Sensata, a US sensor manufacturer, has reported that a ransomware attack on April 6 has disrupted its operations, affecting shipping, manufacturing, and support functions. The company is working to restore its systems and has initiated an investigation with cybersecurity professionals, though the full impact and details of the attack remain unclear. Sensata's disclosure highlights the growing threat of ransomware in industries that are critical to supply chains.
China has launched a voluntary Internet identity system aimed at safeguarding citizens' online identities, but it raises significant concerns regarding privacy and increased government surveillance. Critics argue that the system could centralize control over digital identities and potentially enable authorities to access personal data without adequate notification.
Hackers who exposed North Korean government activities explained their motivations, emphasizing the importance of transparency and accountability. They shared their experiences and the challenges faced while revealing the oppressive regime's cyber operations, highlighting the global implications of their actions.
The AI Cyber Challenge prompted teams to create an autonomous Cyber Reasoning System (CRS) that can identify, exploit, and fix security vulnerabilities in code. The article discusses strategies for building effective LLM agents to enhance CRS performance, including task decomposition, toolset curation, and structuring complex outputs to improve reliability and efficiency. By utilizing LLMs in a more agentic workflow, teams can achieve better results than traditional methods alone.
Google’s Threat Intelligence Group is tracking a financially motivated threat cluster, UNC6040, which employs voice phishing to compromise Salesforce environments and exfiltrate data. Following these intrusions, they engage in extortion tactics, often posing as the group ShinyHunters and pressuring victims for payment in bitcoin. The growing sophistication of these tactics highlights the vulnerabilities in organizational defenses, particularly targeting IT personnel for initial access.
The Flashpoint 2025 Global Threat Intelligence Report provides insights into the evolving cyber threat landscape, highlighting key threats such as infostealers and the influence of geopolitical tensions. It offers detailed analysis of adversary tactics, including ransomware-as-a-service, and presents actionable intelligence to enhance security resilience and risk mitigation.
A new strain of malware named "Gayfemboy," based on the Mirai botnet, has been identified targeting vulnerabilities in devices from various vendors including DrayTek and TP-Link. The malware has shown evolved techniques for obfuscation, self-protection, and remote control, enabling attackers to gain control over infected systems and conduct DDoS attacks across multiple sectors worldwide.
Genea IVF has confirmed that sensitive patient health information, including personal and medical details, has been posted on the dark web following a cyber attack five months ago. Patients are now calling for stricter laws to hold companies accountable for data breaches, as the Australian Federal Police continue to investigate the incident.
CRADLE is an open-source web application designed for Cyber Threat Intelligence analysts, facilitating collaborative threat analysis through features like note-taking, relationship mapping, and report generation. The platform is built with a modular architecture, incorporating a Django backend and an Electron/React frontend, and is accessible via Docker. Contributions are encouraged from the security community to enhance the project.
The Czech Republic's National Cyber and Information Security Agency (NÚKIB) has issued a warning about the potential threats posed by Chinese espionage to the country's critical infrastructure. The agency emphasized the need for businesses and organizations to enhance their cybersecurity measures to protect against these risks.
The article discusses the rising threats of LLM honeypots and cryptojacking, highlighting how malicious actors exploit vulnerabilities in large language models and cloud services. It emphasizes the importance of understanding these tactics to better defend against potential cyber attacks targeting both individuals and organizations.
Scattered Spider hackers have been targeting VMware ESXi hypervisors in U.S. companies across various sectors through sophisticated social engineering techniques, rather than exploiting software vulnerabilities. Their attack methodology enables them to gain significant control over virtualized environments, leading to data exfiltration and ransomware deployment. Google Threat Intelligence Group has outlined protective measures organizations can take to defend against these attacks.
Kaspersky uncovered a cyber espionage campaign dubbed Operation ForumTroll, where sophisticated phishing emails led to infections via a zero-day exploit in Google Chrome. The malware identified, known as "Dante," was traced back to the Italian company Memento Labs and utilized advanced techniques to bypass browser security measures, highlighting ongoing vulnerabilities in web applications.
A China-linked threat group named Houken has reportedly targeted French organizations by exploiting zero-day vulnerabilities. The attacks demonstrate advanced cyber capabilities and raise concerns about the security of critical infrastructure in France.
Over 300 entities have been affected by a new variant of the Atomic MacOS Stealer malware in a recent campaign. This malicious software targets MacOS systems to extract sensitive information, raising concerns about the security of Apple devices. Cybersecurity experts are advising users to remain vigilant and implement protective measures.
AT&T is enhancing its wireless account security by implementing a new feature that locks accounts to prevent SIM swapping attacks. This move aims to protect customers from unauthorized access to their accounts and personal information, a growing concern as cyber threats become more prevalent. The feature will require additional verification for changes to account settings, helping to safeguard users from potential fraud.
RTÉ is investigating a potential cyber security threat after being alerted by the National Cyber Security Centre (NCSC), which indicated that RTÉ may be among several state bodies targeted. While the specific nature of the threat is unclear, there are indications of a possible ransomware element, and a deadline for the threat has been set for August 4th. The NCSC has noted an increase in cyber attack risks in Ireland following previous incidents.
Hackers are increasingly targeting Industrial Control Systems (ICS) and SCADA systems, posing significant risks to critical infrastructure. The article discusses the vulnerabilities within these systems and the potential consequences of successful cyberattacks, emphasizing the need for enhanced security measures.
Jin-su, a North Korean defector, revealed how he and others were sent abroad as secret IT workers to fund the regime, using fake identities to secure remote jobs with Western companies. Despite earning substantial wages, he sent most of his earnings back to North Korea while operating in a shadowy scheme that has raised significant amounts for the regime, particularly during the pandemic. His account highlights the risks and realities faced by North Korean workers abroad, as well as the challenges of defecting.
The FBI has announced that the Salt Typhoon cyber threat, primarily affecting telecom networks, is largely contained. This cyber campaign, attributed to a state-sponsored group, has raised concerns regarding its potential impact on critical infrastructure and the continued need for vigilance in cybersecurity measures.
A Chinese advanced persistent threat (APT) group, identified as "Salt Typhoon," has successfully breached the U.S. Army National Guard's network, posing a significant security risk. The attack highlights vulnerabilities within military cyber defenses and raises concerns about the potential for espionage and data theft.
Cyberattacks surged during the summer of 2025, with ransomware groups targeting healthcare and retail sectors, while nation-state actors engaged in geopolitical cyber activities. Major incidents included the rise of the Interlock and Qilin ransomware groups, significant data breaches in retail, and the exploitation of Microsoft SharePoint vulnerabilities in a widespread campaign. Organizations are urged to improve their defenses by patching vulnerabilities, training personnel, and monitoring for lateral movement post-intrusion.
Charon ransomware is targeting the Middle East using advanced persistent threat (APT) attack methodologies. This new variant of ransomware is designed to evade detection and is part of a broader trend of increasing cyber threats in the region. Organizations are urged to enhance their security measures to combat these sophisticated attacks.
Interlock ransomware is making waves in the UK as it targets various organizations, exploiting vulnerabilities to encrypt files and demand ransom. This new strain is linked to the Nodesnake RAT, which enhances the attack's effectiveness by providing additional remote access capabilities to attackers. Cybersecurity experts are urging organizations to bolster their defenses against these evolving threats.
A recent report by Gcore reveals a significant 41% increase in DDoS attack volumes, highlighting a growing trend in cyber threats. The report details the evolving tactics used by attackers and emphasizes the importance of enhanced security measures for organizations.
Over 250 million identity records have been leaked online, affecting citizens from seven countries including Turkey, Egypt, and Canada. The exposed data, which includes sensitive personal information such as ID numbers and addresses, was found on misconfigured servers, posing significant risks for identity theft and fraud. Researchers suspect a single entity may be behind the databases, though attribution remains unclear.
The UK Cyber Security Breaches Survey 2025 highlights the ongoing threats faced by organizations in the digital landscape, emphasizing the need for enhanced cyber resilience. Despite improvements in security measures, many businesses continue to experience breaches, underscoring the importance of proactive strategies and awareness.
A significant data breach at the UK's Legal Aid Agency has exposed millions of personal records from legal aid applicants dating back to 2010, including addresses and financial information. The Ministry of Justice confirmed the attack was detected in late April but the extent of the breach was only understood mid-May, prompting advice for affected individuals to be vigilant against potential scams. The agency is currently working to enhance security and has taken its online services offline to protect users.
Louis Vuitton has suffered a data breach affecting its UK operations, with hackers accessing customer names, contact details, and purchase histories. This incident marks the third cyberattack on LVMH's systems in recent months, raising concerns about the security of personal information, particularly for high-net-worth individuals associated with the luxury brand. The company has informed authorities and urged customers to be vigilant against potential phishing attempts.
The Kimsuky group from North Korea has been utilizing AI-generated military IDs to enhance their cyber operations and espionage efforts. This development indicates a significant advancement in their capabilities and poses potential threats to cybersecurity on a global scale.
The FBI is seeking public assistance to identify the Chinese Salt Typhoon hackers, responsible for extensive breaches of telecommunications providers in the U.S. and globally. These breaches allowed access to sensitive data, including private communications of some U.S. government officials, prompting the FBI to issue a public service announcement and a reward for information linked to the group.
OpenAI reports on its ongoing efforts to disrupt the malicious use of AI, highlighting the prevention of over 40 policy violations since February 2024. The update includes case studies demonstrating how threat actors exploit AI for traditional malicious activities, while OpenAI emphasizes its commitment to protecting users through policy enforcement and collaboration.
The article discusses the ongoing cyber threats posed by the Democratic People's Republic of Korea (DPRK), highlighting their tactics, targets, and the implications for global cybersecurity. It emphasizes the need for heightened awareness and proactive measures to combat these threats effectively.
Pakistanis are being urged to change all their passwords immediately following a significant global data breach that has compromised numerous accounts. Authorities recommend enhancing security measures to protect personal information from potential exploitation.
Threat actors have been distributing a trojanized version of the KeePass password manager, known as KeeLoader, for at least eight months, which installs Cobalt Strike beacons and steals credentials. This campaign has been linked to ransomware attacks on VMware ESXi servers and utilizes malicious advertisements to promote fake software sites. Users are warned to download software only from legitimate sources to avoid such threats.
Entropy triage is a novel method developed by MOXFIVE to repair files corrupted by failed ransomware encryption using Shannon entropy to select usable data blocks. By automating the reconstruction process, this technique has achieved over 90% success in restoring virtual disks that standard decryptors cannot fix. However, it requires specialized skills and has limitations regarding the type of data it can recover.
A Cyber Security Analyst is responsible for monitoring and securing an organization's IT infrastructure by analyzing threats and implementing protective measures against cyber attacks. Key skills required for this role include cybersecurity, vulnerability management, and incident management. The article also highlights recommended courses and related job roles in the field of cybersecurity.
The article discusses the Cyber Deception Maturity Model, which provides a framework for organizations to assess and enhance their cyber deception strategies. It highlights the importance of cyber deception in improving security posture and outlines various maturity levels that organizations can aspire to achieve.
Attackers are exploiting link wrapping services from companies like Proofpoint and Intermedia to mask malicious URLs that lead to Microsoft 365 phishing pages. By compromising protected email accounts, the threat actor is able to disguise harmful links in phishing campaigns, thus increasing the likelihood of credential theft from victims.
Ingram Micro is facing a ransomware threat from the SafePay group, which has announced a deadline of August 1 to leak 3.5 TB of the company's data after a cyber attack nearly a month prior. Despite claims of restored operations, some of Ingram Micro's websites are still being brought back online, indicating ongoing challenges from the incident.
A newly discovered botnet, larger than some countries, has contributed to a staggering 110% increase in DDoS attacks in early 2025 compared to the previous year. The rise is fueled by outdated and vulnerable devices in developing regions, leading to a perfect environment for large-scale cyberattacks.
Hacking groups, including those affiliated with the North Korean government, are utilizing a new method called EtherHiding to distribute malware via public cryptocurrency blockchains. This technique embeds malware within smart contracts, providing a decentralized and nearly untouchable platform for cybercriminals to operate, thus enhancing the resilience against law enforcement actions.
SonicWall has alerted customers that two vulnerabilities in its Secure Mobile Access (SMA) appliances are being actively exploited. The vulnerabilities, CVE-2023-44221 and CVE-2024-38475, allow for command injection and unauthorized code execution, respectively, and affect several SMA device models. Users are urged to update to the latest firmware to mitigate risks and review their systems for unauthorized access.
A new form of cyber attack known as "choicejacking" has emerged, allowing hackers to exploit public charging stations to steal data from mobile devices. Users may unknowingly grant access to their personal information when connecting to compromised chargers, highlighting the importance of being cautious about public charging options.
BadUSB is a novel attack technique that exploits vulnerabilities in USB device firmware, allowing attackers to disguise devices as keyboards to inject malicious commands without detection by antivirus software. The article outlines the principles of BadUSB, provides implementation steps using Arduino UNO, and suggests defense strategies such as using USB data blockers and restricting device installations. Understanding BadUSB is crucial for enhancing security against USB-related threats.
The FBI reported that the Play ransomware group has breached approximately 900 organizations as of May 2025, a significant increase from previous counts. The gang employs advanced tactics, including recompiled malware and threats to leak stolen data, while urging affected organizations to enhance their security measures, including implementing multifactor authentication and maintaining updated systems.
A threat actor is reportedly selling a massive database containing 1.2 billion records from Facebook, raising significant privacy and security concerns. The breach includes personal information, such as phone numbers and user IDs, which could be exploited for various malicious activities. Experts are urging users to enhance their online security and remain vigilant against potential scams or breaches.
The article discusses the importance of strong password practices in safeguarding personal information online. It emphasizes the need for unique and complex passwords, the use of password managers, and the adoption of two-factor authentication to enhance security against cyber threats. Additionally, it highlights common pitfalls and misconceptions surrounding password management.
The article explores the ransomware tactics employed by the Akira group, highlighting the importance of understanding their methods to effectively defend against such cyber threats. It emphasizes the need for organizations to stay informed about evolving ransomware strategies and implement robust security measures to mitigate risks.
Russian hackers have successfully bypassed Gmail's multi-factor authentication by employing sophisticated social engineering tactics to obtain app-specific passwords from targeted academics and critics of Russia. The attackers impersonated U.S. Department of State officials, convincing victims to share their passwords under the pretense of accessing a secure communication platform. Security researchers have linked these activities to the state-sponsored group APT29, known for attacking high-profile targets since 2008.
F5 Networks has reported that government hackers gained long-term access to its systems, resulting in the theft of source code and customer data. The breach highlights significant security vulnerabilities within the company, raising concerns about the protection of sensitive information.
North Korean hackers are reportedly combining the Beavertail malware with other cyber-attack techniques to enhance their infiltration capabilities. This new strategy is part of a broader trend of increasing cyber warfare tactics from the regime that targets various sectors globally.
Coinbase has disclosed a data breach that resulted from an extortion attempt, where threat actors gained unauthorized access to customer information. The company is working to investigate the breach and mitigate any potential damage while notifying affected users.
A widespread data theft campaign targeting Salesforce instances via the Salesloft Drift application has been uncovered, with the threat actor UNC6395 compromising OAuth tokens to exfiltrate sensitive data. Organizations using Salesloft Drift are urged to treat their credentials as compromised and take immediate remediation steps, including revoking tokens and investigating potential unauthorized access.
Around 8,000 children's names, pictures, and addresses have been stolen from the Kido nursery chain by a hacking group named Radiant, who are demanding ransom from the company. The breach has raised significant concerns regarding the safety of sensitive data related to children and has prompted responses from cyber-security experts and law enforcement.
TraderTraitor, a DPRK-affiliated threat actor, targets AWS environments and the cryptocurrency sector primarily for financial gain, executing significant cyber heists through tactics such as supply chain compromise and credential theft. Defenses against such attacks include enabling AWS logging, enforcing multi-factor authentication, and monitoring network traffic to mitigate risks associated with their sophisticated social engineering and cloud service abuse methods.
A group has adapted its tactics to exploit the ongoing protests in Nepal by deploying mobile and Windows malware alongside phishing schemes to steal sensitive data. Utilizing the guise of Nepalese Emergency Services and military figures, they trick users into downloading malicious applications that exfiltrate personal information. The article highlights specific malware samples and their indicators of compromise (IOCs).
The article offers a rare insight into the operations of cyber attackers, detailing their techniques and methodologies. It explores the motivations behind these attacks and the implications for cybersecurity professionals and organizations. Understanding these operations is crucial for developing effective defenses against such threats.