Port 22

ShinyHunters Wage Broad Corporate Extortion Spree
October 7, 2025

A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord user data, and for stealing terabytes of sensitive files from thousands of customers of the enterprise software maker Red Hat.

BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers
October 7, 2025

A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously undocumented malware called Vampire Bot. “The attackers pose as recruiters, distributing malicious files disguised as job descriptions and corporate documents,” Aryaka Threat Research Labs

Google's New AI Doesn't Just Find Vulnerabilities It Rewrites Code to Patch Them
October 7, 2025

Google’s DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically detects, patches, and rewrites vulnerable code to prevent future exploits. The efforts add to the company’s ongoing efforts to improve AI-powered vulnerability discovery, such as Big Sleep and OSS-Fuzz. DeepMind said the AI agent is designed to be both reactive and

New Research: AI Is Already the #1 Data Exfiltration Channel in the Enterprise
October 7, 2025

For years, security leaders have treated artificial intelligence as an emerging technology, something to keep an eye on but not yet mission-critical. A new Enterprise AI and SaaS Data Security Report by AI & Browser Security company LayerX proves just how outdated that mindset has become. Far from a future concern, AI is already the single largest uncontrolled channel for corporate data

XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities
October 7, 2025

Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. “XWorm’s modular design is built around a core client and an array of specialized components known as plugins,” Trellix researchers Niranjan Hegde and Sijo Jacob said in an analysis published last week. “These plugins are

13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely
October 7, 2025

Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0. “An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free,

Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware
October 7, 2025

Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, or the Sustain

Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks
October 7, 2025

CrowdStrike on Monday said it’s attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence to a threat actor it tracks as Graceful Spider (aka Cl0p), and that the first known exploitation occurred on August 9, 2025. The exploitation involves the exploitation of CVE-2025-61882 (CVSS score: 9.8), a critical vulnerability that facilitates

New Report Links Research Firms BIETA and CIII to Chinas MSS Cyber Operations
October 6, 2025

A Chinese company named the Beijing Institute of Electronics Technology and Application (BIETA) has been assessed to be likely led by the Ministry of State Security (MSS). The assessment comes from evidence that at least four BIETA personnel have clear or possible links to MSS officers and their relationship with the University of International Relations, which is known to share links with the

5 Critical Questions For Adopting an AI Security Solution
October 6, 2025

In the era of rapidly advancing artificial intelligence (AI) and cloud technologies, organizations are increasingly implementing security measures to protect sensitive data and ensure regulatory compliance. Among these measures, AI-SPM (AI Security Posture Management) solutions have gained traction to secure AI pipelines, sensitive data assets, and the overall AI ecosystem. These solutions help

Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More
October 6, 2025

The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons from the field. This recap cuts through the noise to share what really matterskey trends, warning signs, and stories shaping todays security landscape. Whether youre defending systems or just keeping up, these highlights help you spot whats coming

Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers
October 6, 2025

Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data.  The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand

Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files
October 6, 2025

A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military. Tracked as CVE-2025-27915 (CVSS score: 5.4), the vulnerability is a stored cross-site scripting (XSS) vulnerability in the Classic Web Client that arises as a result of insufficient sanitization of HTML content in ICS calendar files,

Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks
October 6, 2025

Oracle has released an emergency update to address a critical security flaw in its E-Business Suite that it said has been exploited in the recent wave of Cl0p data theft attacks. The vulnerability, tracked as CVE-2025-61882 (CVSS score: 9.8), concerns an unspecified bug that could allow an unauthenticated attacker with network access via HTTP to compromise and take control of the Oracle

CometJacking: One Click Can Turn Perplexitys Comet AI Browser Into a Data Thief
October 4, 2025

Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity’s agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link to siphon sensitive data, including from connected services, like email and calendar. The sneaky prompt injection attack plays out in the form of a malicious link that, when clicked, triggers the

Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day
October 4, 2025

Threat intelligence firm GreyNoise disclosed on Friday that it has observed a spike in scanning activity targeting Palo Alto Networks login portals. The company said it observed a nearly 500% increase in IP addresses scanning Palo Alto Networks login portals on October 3, 2025, the highest level recorded in the last three months. It described the traffic as targeted and structured, and aimed

Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer
October 3, 2025

A threat actor named Detour Dog has been outed as powering campaigns distributing an information stealer known as Strela Stealer. That’s according to findings from Infoblox, which found the threat actor to maintain control of domains hosting the first stage of the stealer, a backdoor called StarFish. The DNS threat intelligence firm said it has been tracking Detour Dog since August 2023, when

Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads
October 3, 2025

The threat actor behind Rhadamanthys has also advertised two other tools called Elysium Proxy Bot and Crypt Service on their website, even as the flagship information stealer has been updated to support the ability to collect device and web browser fingerprints, among others. “Rhadamanthys was initially promoted through posts on cybercrime forums, but soon it became clear that the author had a

Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL
October 3, 2025

Brazilian users have emerged as the target of a new self-propagating malware that spreads via the popular messaging app WhatsApp. The campaign, codenamed SORVEPOTEL by Trend Micro, weaponizes the trust with the platform to extend its reach across Windows systems, adding the attack is “engineered for speed and propagation” rather than data theft or ransomware. “SORVEPOTEL has been observed to

Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security
October 3, 2025

Passwork is positioned as an on-premises unified platform for both password and secrets management, aiming to address the increasing complexity of credential storage and sharing in modern organizations. The platform recently received a major update that reworks all the core mechanics. Passwork 7 introduces significant changes to how credentials are organized, accessed, and managed, reflecting

New "Cavalry Werewolf" Attack Hits Russian Agencies with FoalShell and StallionRAT
October 3, 2025

A threat actor that’s known to share overlaps with a hacking group called YoroTrooper has been observed targeting the Russian public sector with malware families such as FoalShell and StallionRAT. Cybersecurity vendor BI.ZONE is tracking the activity under the moniker Cavalry Werewolf. It’s also assessed to have commonalities with clusters tracked as SturgeonPhisher, Silent Lynx, Comrade Saiga,

CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild
October 3, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-4008 (CVSS score: 8.7), is a case of command injection in the Meteobridge web interface that could result in code execution. "


October 3, 2025

The following is the Hebrew translation of the key findings from the Citizen Lab report titled We Think You Want a Revolution: PRISONBREAK – An AI-enabled Influence Operation Aimed at Overthrowing the Iranian Regime  ממצאי הדו״ח רשת מתואמת של יותר מ 50 פרופילי משתמשים בדויים  ב X מבצעים באמצעות בינה מלאכותית קמפיין השפעה. הקמפיין שמשתמש… Read more »


October 3, 2025

The following is the Persian translation of the key findings from the Citizen Lab report titled We Think You Want a Revolution: PRISONBREAK – An AI-enabled Influence Operation Aimed at Overthrowing the Iranian Regime یافته‌های کلیدی شبکه‌ای هماهنگ متشکل از بیش از ۵۰ پروفایل غیرواقعی در ایکس (X)، که ما از آن به عنوان «پریزِن‌بریک»… Read more »

Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware
October 2, 2025

The threat actor known as Confucius has been attributed to a new phishing campaign that has targeted Pakistan with malware families like WooperStealer and Anondoor. “Over the past decade, Confucius has repeatedly targeted government agencies, military organizations, defense contractors, and critical industries – especially in Pakistan using spear-phishing and malicious documents as initial

Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown
October 2, 2025

Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems. The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down. It was first

Automating Pentest Delivery: 7 Key Workflows for Maximum Impact
October 2, 2025

Penetration testing is critical to uncovering real-world security weaknesses. With the shift into continuous testing and validation, it is time we automate the delivery of these results. The way results are delivered hasnt kept up with todays fast-moving threat landscape. Too often, findings are packaged into static reports, buried in PDFs or spreadsheets, and handed off manually to

ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More
October 2, 2025

From unpatched cars to hijacked clouds, this weeks Threatsday headlines remind us of one thing no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chromes settings to sneak in malicious extensions. On the defense side, AI is stepping up to block ransomware in real

Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware
October 2, 2025

Google Mandiant and Google Threat Intelligence Group (GTIG) have disclosed that they are tracking a new cluster of activity possibly linked to a financially motivated threat actor known as Cl0p. The malicious activity involves sending extortion emails to executives at various organizations and claiming to have stolen sensitive data from their Oracle E-Business Suite. “This activity began on or

How to Close Threat Detection Gaps: Your SOC's Action Plan
October 2, 2025

Running a SOC often feels like drowning in alerts. Every morning, dashboards light up with thousands of signals; some urgent, many irrelevant. The job is to find the real threats fast enough to keep cases from piling up, prevent analyst burnout, and maintain client or leadership confidence. The toughest challenges, however, arent the alerts that can be dismissed quickly, but the ones that hide

Warning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro
October 2, 2025

Cybersecurity researchers have discovered two Android spyware campaigns dubbed ProSpy and ToSpy that impersonate apps like Signal and ToTok to target users in the United Arab Emirates (U.A.E.). Slovak cybersecurity company ESET said the malicious apps are distributed via fake websites and social engineering to trick unsuspecting users into downloading them. Once installed, both the spyware

New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer
October 1, 2025

In yet another piece of research, academics from Georgia Institute of Technology and Purdue University have demonstrated that the security guarantees offered by Intel’s Software Guard eXtensions (SGX) can be bypassed on DDR4 systems to passively decrypt sensitive data. SGX is designed as a hardware feature in Intel server processors that allows applications to be run in a Trusted Execution

OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps
October 1, 2025

A high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution that, if successfully exploited, could expose sensitive OpenID Connect (OIDC) application client secrets under certain circumstances. The vulnerability, tracked as CVE-2025-59363, has been assigned a CVSS score of 7.7 out of 10.0. It has been described as a case of

How Leading Security Teams Blend AI + Human Workflows (Free Webinar)
October 1, 2025

AI is changing automationbut not always for the better. Thats why were hosting a new webinar, “Workflow Clarity: Where AI Fits in Modern Automation,” with Thomas Kinsella, Co-founder & Chief Customer Officer at Tines, to explore how leading teams are cutting through the hype and building workflows that actually deliver.The rise of AI has changed how organizations think about automation.

Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover
October 1, 2025

A severe security flaw has been disclosed in the Red Hat OpenShift AI service that could allow attackers to escalate privileges and take control of the complete infrastructure under certain conditions. OpenShift AI is a platform for managing the lifecycle of predictive and generative artificial intelligence (GenAI) models at scale and across hybrid cloud environments. It also facilitates data

2025 Cybersecurity Reality Check: Breaches Hidden, Attack Surfaces Growing, and AI Misperceptions Rising
October 1, 2025

Bitdefenders 2025 Cybersecurity Assessment Report paints a sobering picture of todays cyber defense landscape: mounting pressure to remain silent after breaches, a gap between leadership and frontline teams, and a growing urgency to shrink the enterprise attack surface. The annual research combines insights from over 1,200 IT and security professionals across six countries, along with an

Hackers Exploit Milesight Routers to Send Phishing SMS to European Users
October 1, 2025

Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February 2022. French cybersecurity company SEKOIA said the attackers are exploiting the cellular router’s API to send malicious SMS messages containing phishing URLs, with the campaigns primarily targeting Sweden, Italy,

New Android Banking Trojan Klopatra Uses Hidden VNC to Control Infected Smartphones
October 1, 2025

A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy. Italian fraud prevention firm Cleafy, which discovered the sophisticated malware and remote access trojan (RAT) in late August 2025, said it leverages Hidden Virtual Network Computing (VNC) for remote control of infected devices and

Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs
October 1, 2025

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new targeted cyber attacks in the country using a backdoor called CABINETRAT. The activity, observed in September 2025, has been attributed to a threat cluster it tracks as UAC-0245. The agency said it spotted the attack following the discovery of software tools taking the form of XLL files, which refer to Microsoft Excel

Forensic journey: hunting evil within AmCache
October 1, 2025

Kaspersky experts share insights into how AmCache may prove useful during incident investigation, and provide a command line tool to extract data from this artifact.

$50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections
October 1, 2025

A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud processors. “We built a simple, $50 interposer that sits quietly in the memory path, behaving transparently during startup and passing all trust checks,” researchers Jesse De Meulemeester, David Oswald, Ingrid

Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware
September 30, 2025

Government and telecommunications organizations across Africa, the Middle East, and Asia have emerged as the target of a previously undocumented China-aligned nation-state actor dubbed Phantom Taurus over the past two-and-a-half years. “Phantom Taurus’ main focus areas include ministries of foreign affairs, embassies, geopolitical events, and military operations,” Palo Alto Networks Unit 42

Researchers Disclose Google Gemini AI Flaws Allowing Prompt Injection and Cloud Exploits
September 30, 2025

Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google’s Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major privacy risks and data theft. “They made Gemini vulnerable to search-injection attacks on its Search Personalization Model; log-to-prompt injection attacks against Gemini Cloud

Microsoft Expands Sentinel Into Agentic Security Platform With Unified Data Lake
September 30, 2025

Microsoft on Tuesday unveiled the expansion of its Sentinel Security Incidents and Event Management solution (SIEM) as a unified agentic platform with the general availability of the Sentinel data lake. In addition, the tech giant said it’s also releasing a public preview of Sentinel Graph and Sentinel Model Context Protocol (MCP) server. “With graph-based context, semantic access, and agentic

Stop Alert Chaos: Context Is the Key to Effective Incident Response
September 30, 2025

The Problem: Legacy SOCs and Endless Alert Noise Every SOC leader knows the feeling: hundreds of alerts pouring in, dashboards lighting up like a slot machine, analysts scrambling to keep pace. The harder they try to scale people or buy new tools, the faster the chaos multiplies. The problem is not just volume; it is the model itself. Traditional SOCs start with rules, wait for alerts to fire,

Page 1 of 276 Older Posts →