Port 22

Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation
October 25, 2025

The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targeting a broad range of services across the world, according to new findings from Palo Alto Networks Unit 42. “Although these domains are registered through a Hong Kong-based registrar and use Chinese nameservers, the attack infrastructure is

DHS Wants a Fleet of AI-Powered Surveillance Trucks
October 24, 2025

US border patrol is asking companies to submit plans to turn standard 4x4 trucks into AI-powered watchtowerscombining radar, cameras, and autonomous tracking to extend surveillance on demand.

Microsoft Issues Emergency Patch for Actively Exploited Critical WSUS Vulnerability
October 24, 2025

Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant

APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign
October 24, 2025

A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT. The activity, observed in August and September 2025 by Sekoia, has been attributed to Transparent Tribe (aka APT36), a state-sponsored hacking group known to be active since at least 2013. It also builds upon a prior

The Cybersecurity Perception Gap: Why Executives and Practitioners See Risk Differently
October 24, 2025

Does your organization suffer from a cybersecurity perception gap? Findings from the Bitdefender 2025 Cybersecurity Assessment suggest the answer is probably yes and many leaders may not even realize it. This disconnect matters. Small differences in perception today can evolve into major blind spots tomorrow. After all, perception influences what organizations prioritize, where they

3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation
October 24, 2025

A malicious network of YouTube accounts has been observed publishing and promoting videos that lead to malware downloads, essentially abusing the popularity and trust associated with the video hosting platform for propagating malicious payloads. Active since 2021, the network has published more than 3,000 malicious videos to date, with the volume of such videos tripling since the start of the

Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack
October 24, 2025

Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks. The sophisticated threat, codenamed GlassWorm by Koi Security, is the second such supply chain attack to hit the DevOps space within a span

North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets
October 23, 2025

Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as Operation Dream Job. “Some of these [companies’ are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be linked to North Korea’s current efforts to scale up its

Secure AI at Scale and Speed Learn the Framework in this Free Webinar
October 23, 2025

AI is everywhereand your company wants in. Faster products, smarter systems, fewer bottlenecks. But if you’re in security, that excitement often comes with a sinking feeling. Because while everyone else is racing ahead, you’re left trying to manage a growing web of AI agents you didnt create, cant fully see, and werent designed to control. Join our upcoming webinar and learn how to make AI

ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More
October 23, 2025

Criminals don’t need to be clever all the time; they just follow the easiest path in: trick users, exploit stale components, or abuse trusted systems like OAuth and package registries. If your stack or habits make any of those easy, you’re already a target. This week’s ThreatsDay highlights show exactly how those weak points are being exploited — from overlooked

Why Organizations Are Abandoning Static Secrets for Managed Identities
October 23, 2025

As machine identities explode across cloud environments, enterprises report dramatic productivity gains from eliminating static credentials. And only legacy systems remain the weak link. For decades, organizations have relied on static secrets, such as API keys, passwords, and tokens, as unique identifiers for workloads. While this approach provides clear traceability, it creates what security

Jingle Thief Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards
October 23, 2025

Cybersecurity researchers have shed light on a cybercriminal group called Jingle Thief that has been observed targeting cloud environments associated with organizations in the retail and consumer services sectors for gift card fraud. “Jingle Thief attackers use phishing and smishing to steal credentials, to compromise organizations that issue gift cards,” Palo Alto Networks Unit 42 researchers

Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw
October 23, 2025

E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source platforms, with more than 250 attack attempts recorded against multiple stores over the past 24 hours. The vulnerability in question is CVE-2025-54236 (CVSS score: 9.1), a critical improper input validation flaw that could be

Critical Lanscope Endpoint Manager Bug Exploited in Ongoing Cyberattacks, CISA Confirms
October 23, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild. The vulnerability, CVE-2025-61932 (CVSS v4 score: 9.3), impacts on-premises versions of Lanscope Endpoint Manager, specifically Client

This Privacy Browser Has Dangerous Hidden Features
October 23, 2025

The Universe Browser is believed to have been downloaded millions of times. But researchers say it behaves like malware and has links to Asias booming cybercrime and illegal gambling networks.

Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign
October 22, 2025

The Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to distribute a backdoor called Phoenix to various organizations across the Middle East and North Africa (MENA) region, including over 100 government entities. The end goal of the campaign is to infiltrate high-value targets and facilitate intelligence gathering

Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files
October 22, 2025

Cybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting organizations associated with Ukraine’s war relief efforts to deliver a remote access trojan that uses a WebSocket for command-and-control (C2). The activity, which took place on October 8, 2025, targeted individual members of the International Red Cross, Norwegian Refugee

No, ICE (Probably) Didnt Buy Guided Missile Warheads
October 22, 2025

A federal contracting database lists an ICE payment for $61,218 with the payment code for guided missile warheads and explosive components. But it appears ICE simply entered the wrong code.

Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch
October 22, 2025

Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and patched in July 2025. Also targeted were government departments in an African country, as well as government agencies in South America, a university in the U.S., as well as likely a state technology

Bridging the Remediation Gap: Introducing Pentera Resolve
October 22, 2025

From Detection to Resolution: Why the Gap Persists A critical vulnerability is identified in an exposed cloud asset. Within hours, five different tools alert you about it: your vulnerability scanner, XDR, CSPM, SIEM, and CMDB each surface the issue in their own way, with different severity levels, metadata, and context. Whats missing is a system of action. How do you transition from the

Canada Fines Cybercrime Friendly Cryptomus $176M
October 22, 2025

Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada’s anti money-laundering laws come ten months after KrebsOnSecurity noted that Cryptomus’s Vancouver street address was home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges none of which were physically located there.

Fake Nethereum NuGet Package Used Homoglyph Trick to Steal Crypto Wallet Keys
October 22, 2025

Cybersecurity researchers have uncovered a new supply chain attack targeting the NuGet package manager with malicious typosquats of Nethereum, a popular Ethereum .NET integration platform, to steal victims’ cryptocurrency wallet keys. The package, Netherum.All, has been found to harbor functionality to decode a command-and-control (C2) endpoint and exfiltrate mnemonic phrases, private keys, and

The Long Tail of the AWS Outage
October 22, 2025

Experts say outages like the one that Amazon experienced this week are almost inevitable given the complexity and scale of cloud technologybut the duration serves as a warning.

Why You Should Swap Passwords for Passphrases
October 22, 2025

The advice didn’t change for decades: use complex passwords with uppercase, lowercase, numbers, and symbols. The idea is to make passwords harder for hackers to crack via brute force methods. But more recent guidance shows our focus should be on password length, rather than complexity. Length is the more important security factor, and passphrases are the simplest way to get your users to create

Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware
October 22, 2025

Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky. The cyber espionage activity was first flagged by the Russian cybersecurity vendor in November 2024, when it disclosed a set of attacks aimed at government entities in Latin America and East Asia in June, using

TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution
October 22, 2025

Cybersecurity researchers have disclosed details of a high-severity flaw impacting the popular async-tar Rust library and its forks, including tokio-tar, that could result in remote code execution under certain conditions. The vulnerability, tracked as CVE-2025-62518 (CVSS score: 8.1), has been codenamed TARmageddon by Edera, which discovered the issue in late August 2025. It impacts several

TP-Link Patches Four Omada Gateway Flaws, Two Allow Remote Code Execution
October 22, 2025

TP-Link has released security updates to address four security flaws impacting Omada gateway devices, including two critical bugs that could result in arbitrary code execution. The vulnerabilities in question are listed below -

CVE-2025-6541 (CVSS score: 8.6) - An operating system command injection vulnerability that could be exploited by an attacker who can log in to the web management

Meta Rolls Out New Tools to Protect WhatsApp and Messenger Users from Scams
October 21, 2025

Meta on Tuesday said it’s launching new tools to protect Messenger and WhatsApp users from potential scams. To that end, the company said it’s introducing new warnings on WhatsApp when users attempt to share their screen with an unknown contact during a video call so as to prevent them from giving away sensitive information like bank details or verification codes. On Messenger, users can opt to

PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign
October 21, 2025

Cybersecurity researchers have shed light on the inner workings of a botnet malware called PolarEdge. PolarEdge was first documented by Sekoia in February 2025, attributing it to a campaign targeting routers from Cisco, ASUS, QNAP, and Synology with the goal of corralling them into a network for an as-yet-undetermined purpose. The TLS-based ELF implant, at its core, is designed to monitor

Securing AI to Benefit from AI
October 21, 2025

Artificial intelligence (AI) holds tremendous promise for improving cyber defense and making the lives of security practitioners easier. It can help teams cut through alert fatigue, spot patterns faster, and bring a level of scale that human analysts alone cant match. But realizing that potential depends on securing the systems that make it possible. Every organization experimenting with AI in

Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers
October 21, 2025

A new malware attributed to the Russia-linked hacking group known as COLDRIVER has undergone numerous developmental iterations since May 2025, suggesting an increased “operations tempo” from the threat actor. The findings come from Google Threat Intelligence Group (GTIG), which said the state-sponsored hacking crew has rapidly refined and retooled its malware arsenal merely five days following

Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network
October 21, 2025

A European telecommunications organization is said to have been targeted by a threat actor that aligns with a China-nexus cyber espionage group known as Salt Typhoon. The organization, per Darktrace, was targeted in the first week of July 2025, with the attackers exploiting a Citrix NetScaler Gateway appliance to obtain initial access. Salt Typhoon, also known as Earth Estries, FamousSparrow,

Five New Exploited Bugs Land in CISA's Catalog Oracle and Microsoft Among Targets
October 21, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, officially confirming a recently disclosed vulnerability impacting Oracle E-Business Suite (EBS) has been weaponized in real-world attacks. The security defect in question is CVE-2025-61884 (CVSS score: 7.5), which has been described as a

Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More
October 20, 2025

Its easy to think your defenses are solid until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The best defense now isnt just patching fast, but watching smarter and staying alert for what you dont expect. Heres a quick look at this weeks top threats, new tactics, and security stories shaping

Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches
October 20, 2025

ClickFix, FileFix, fake CAPTCHA whatever you call it, attacks where users interact with malicious scripts in their web browser are a fast-growing source of security breaches.  ClickFix attacks prompt the user to solve some kind of problem or challenge in the browser most commonly a CAPTCHA, but also things like fixing an error on a webpage.  The name is a little misleading, though

131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign
October 20, 2025

Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale. The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to supply chain security company Socket. The browser add-ons collectively have about 20,905 active users. "

MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems
October 20, 2025

China on Sunday accused the U.S. National Security Agency (NSA) of carrying out a “premeditated” cyber attack targeting the National Time Service Center (NTSC), as it described the U.S. as a “hacker empire” and the “greatest source of chaos in cyberspace.” The Ministry of State Security (MSS), in a WeChat post, said it uncovered “irrefutable evidence” of the agency’s involvement in the intrusion

Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide
October 19, 2025

Europol on Friday announced the disruption of a sophisticated cybercrime-as-a-service (CaaS) platform that operated a SIM farm and enabled its customers to carry out a broad spectrum of crimes ranging from phishing to investment fraud. The coordinated law enforcement effort, dubbed Operation SIMCARTEL, saw 26 searches carried out, resulting in the arrest of seven suspects and the seizure of

New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs
October 18, 2025

Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware dubbed CAPI Backdoor. According to Seqrite Labs, the attack chain involves distributing phishing emails containing a ZIP archive as a way to trigger the infection. The cybersecurity company’s analysis is based on the ZIP

Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT
October 18, 2025

The threat actors behind a malware family known as Winos 4.0 (aka ValleyRAT) have expanded their targeting footprint from China and Taiwan to target Japan and Malaysia with another remote access trojan (RAT) tracked as HoldingHands RAT (aka Gh0stBins). “The campaign relied on phishing emails with PDFs that contained embedded malicious links,” Pei Han Liao, researcher with Fortinet’s FortiGuard

Hackers Dox ICE, DHS, DOJ, and FBI Officials
October 18, 2025

Plus: A secret FBI anti-ransomware task force gets exposed, the mystery of the CIAs Kryptos sculpture is finally solved, North Koreans busted hiding malware in the Ethereum blockchain, and more.

North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware
October 17, 2025

The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset. That’s according to new findings from Cisco Talos, which said recent campaigns undertaken by the hacking group have seen the functions of BeaverTail and OtterCookie coming

Identity Security: Your First and Last Line of Defense
October 17, 2025

The danger isnt that AI agents have bad days its that they never do. They execute faithfully, even when what theyre executing is a mistake. A single misstep in logic or access can turn flawless automation into a flawless catastrophe. This isn’t some dystopian fantasyit’s Tuesday at the office now. We’ve entered a new phase where autonomous AI agents act with serious system privileges. They

Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices
October 17, 2025

Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code. The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is described as an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including

Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign
October 17, 2025

Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks. The certificates were “used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware,” the Microsoft Threat Intelligence team said in a post shared on X. The tech

Email Bombs Exploit Lax Authentication in Zendesk
October 17, 2025

Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously.

Page 1 of 278 Older Posts →