Mozilla Introduces Easy Disable Feature for Generative AI in Firefox Background on Generative AI in Browsers Generative AI refers to algorithms designed to produce content, such as text, images, and more, based on input data. This technology has rapidly advanced over the past few years, becoming integral to various applications, including web browsers. Major players…

eScan Antivirus Update Compromise: A Multi-Faceted Malware Incident Background and Context The recent compromise of eScan’s update servers highlights a critical vulnerability within the cybersecurity sector, where even established security solutions are not immune to advanced threats. eScan, developed by MicroWorld Technologies, has been a staple in the Indian cybersecurity landscape since its inception in…

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists Background and Context The RedKitten cyber campaign emerged in January 2026, aligning with the escalating unrest in Iran that began in late 2025. This unrest has largely centered around protests against systemic injustices and governmental repression. In this political landscape, the targeting of human rights…

This Month in Security: January 2026 Trends and Insights Understanding the Landscape of Security Threats As we embark on a new year, January has always acted as a barometer for future security trends. January 2026 is no exception, with the emergence of specific threats and priorities that can shape the security landscape throughout the year.…

Emergence of ‘Stanley’: A New Malware Service Promising Malicious Chrome Extensions Background and Context The rise of browser extensions has revolutionized the online experience, enhancing productivity, security, and user engagement. However, this popularity has also attracted cybercriminals seeking to exploit the Chrome Web Store, the predominant platform for extensions used by millions of users. In…

OpenAI Enhances ChatGPT’s Temporary Chat Feature for Personalized User Experience Background and Context The rapid evolution of artificial intelligence has led to innovative advancements, especially in natural language processing through models like OpenAI’s ChatGPT. Introduced in late 2022, ChatGPT quickly gained popularity for its conversational capabilities, transforming how users interact with AI. However, a notable…

Phishing Campaign in Russia Deploys Amnesia RAT and Ransomware Introduction and Overview On January 24, 2026, cybersecurity insights revealed a sophisticated multi-stage phishing campaign specifically targeting users in Russia. This campaign leverages a remote access trojan known as Amnesia RAT, along with ransomware to exploit victims. As the frequency and complexity of phishing attacks escalate…

ShinyHunters Allegedly Behind SSO Account Data Breaches Background on ShinyHunters and Their Methods The ShinyHunters group, notorious for its involvement in data breaches and cyber extortion, has made headlines once again by claiming responsibility for a series of voice phishing attacks targeting single sign-on (SSO) accounts associated with major corporate platforms, including Okta, Microsoft, and…

Osiris Ransomware: A New Threat Utilizing POORTRY Driver in BYOVD Attack Background and Context The emergence of the Osiris ransomware family marks a significant development in the persistent threat landscape of cybercrime. Ransomware attacks have become increasingly common over the last decade, targeting various sectors including healthcare, finance, and, as highlighted in this recent incident,…

Massive Global Spam Wave Exploits Unsecured Zendesk Ticket Systems Background and Context The recent spate of spam emails connected to unsecured Zendesk support systems represents a troubling trend in cybersecurity that has emerged over the past few years. Zendesk, a popular customer support and ticketing system, has long been a favored platform for businesses looking…

OpenAI’s ChatGPT Atlas Browser Introduces “Actions” Feature for Enhanced Video Interaction Background and Context OpenAI’s development of the ChatGPT Atlas browser marks a significant milestone in integrating artificial intelligence with web browsing capabilities. The Atlas browser, built on the Chromium framework, is part of a broader strategy by OpenAI to create more interactive and intelligent…

Google Gemini Vulnerability Exploits Calendar Data through Prompt Injection Background & Context The security landscape surrounding personal data management tools, particularly in cloud-based environments, has become increasingly complex as user reliance on these systems grows. Google Calendar, a tool integral to both personal and professional scheduling, facilitates seamless collaboration but also poses significant risks when…

New Developments in ChatGPT: Insights from Recent OpenAI Leak Background & Context OpenAI, a pioneer in the field of artificial intelligence, has continuously evolved its offerings since the launch of its flagship product, ChatGPT, in November 2022. Initially designed for conversational applications, ChatGPT has gained notoriety for its capability to produce human-like text and assist…

Google Chrome Empowers Users with Option to Disable On-Device AI for Scam Detection Background and Context In recent years, the prevalence of online scams has surged, prompting tech companies to develop innovative solutions to protect users from fraudulent activities. Google Chrome, a leading web browser globally, introduced the “Enhanced Protection” feature to address this issue,…

OpenAI Launches $8 ChatGPT Go Subscription with Ad Support Worldwide Introduction OpenAI has recently launched its $8 ChatGPT Go subscription, now available globally, which offers users an increased messaging limit—a tenfold increase over standard usage. This move marks a significant expansion in OpenAI’s subscription offerings and raises questions about the future monetization of AI-based services.…

Google Introduces Feature to Change @gmail.com Addresses Introduction to the New Feature In a significant update, Google has announced that users can now change their @gmail.com addresses. This feature allows individuals to transition from one Gmail address to another, for instance, changing from xyz@gmail.com to abc@gmail.com. This capability has been rolled out as part of…

OpenAI’s “Agora”: A New Era for Real-Time Cross-Platform Interactions Background and Context As artificial intelligence continues to evolve, companies are increasingly exploring the integration of AI capabilities across diverse platforms. OpenAI, recognized for its advancements in natural language processing, has grown its portfolio significantly since the launch of its flagship product, ChatGPT, in November 2022.…

Charity-Themed Malware Campaign Targets Ukraine’s Defense Forces Background and Context In recent years, cybersecurity threats have become increasingly sophisticated, particularly against government entities involved in ongoing conflicts. Between October and December 2025, officials of Ukraine’s Defense Forces were among those targeted in a malware campaign that disguised itself under the pretense of charitable activity. This…

N8n Supply Chain Attack: Exploiting Community Nodes for OAuth Token Theft Background and Context The recent supply chain attack targeting the n8n automation platform underscores a significant threat within the software development ecosystem, particularly related to the management of open-source packages. N8n is an open-source workflow automation tool that enables users to connect various applications…

Instagram Addresses Security Concerns Over Alleged 17 Million Account Data Leak Background and Context The rise of social media platforms has been accompanied by increasing concerns about user data privacy and security. With billions of active users, platforms like Instagram are attractive targets for cybercriminals seeking to access personal information, which can be used for…

MuddyWater Unveils RustyWater RAT in Targeted Spear-Phishing Campaign Across Middle East Background and Context The emergence of sophisticated cyber threats is an alarming trend in the increasingly volatile landscape of international relations, especially in regions marked by geopolitical tensions. The Iranian hacking group known as MuddyWater has been in the spotlight for a series of…

China-Linked Cyber Actors Exploit VMware ESXi Vulnerabilities for Ransomware Deployments Introduction The cybersecurity landscape continues to evolve, with advanced persistent threats (APTs) employing sophisticated methods to infiltrate systems and networks. Recently, Chinese-speaking hackers have been implicated in exploiting zero-day vulnerabilities in VMware’s ESXi platform, utilizing a compromised SonicWall VPN appliance to gain initial access. This…

FBI Alerts on North Korean Hackers Exploiting QR Codes for Targeted Cyberattacks Background and Context The U.S. Federal Bureau of Investigation (FBI) has recently issued a warning regarding the tactics employed by North Korean state-sponsored cyber actors, particularly a group known as Kimsuky. Recognized for its persistent spear-phishing campaigns, Kimsuky has now begun leveraging embedded…

OpenAI’s Commitment to Privacy in Health Conversations with ChatGPT Health Introduction OpenAI has recently launched ChatGPT Health, a specialized platform designed for engaging users in health-related discussions. This initiative comes amidst growing concerns over the privacy of personal health information, as artificial intelligence continues to evolve in its capabilities and applications. OpenAI has explicitly stated…

OpenAI Introduces GPT-5.2 “Codex-Max” for Select Users Background & Context OpenAI has been at the forefront of artificial intelligence development since its inception in 2015. The organization has consistently innovated in the realm of natural language processing (NLP) and machine learning technologies. Over the years, OpenAI has released several iterations of its language models, from…

Increased Corporate Data Thefts Linked to Cloud File-Sharing Vulnerabilities Background and Context The rise of cloud computing has transformed the way organizations store and share data, offering significant advantages such as scalability, accessibility, and cost efficiency. However, this transition has not come without risks. Notably, cloud file-sharing services, including ShareFile, Nextcloud, and OwnCloud, have increasingly…

Resecurity’s Alleged Breach: An Examination of Cybersecurity Tactics and Controversy Background: The Landscape of Cybersecurity Breaches The claim by the ShinyHunters hacking group that they breached the cybersecurity firm Resecurity underscores the ongoing battle between cybercriminals and cybersecurity professionals. In recent years, the frequency and sophistication of cyberattacks have escalated dramatically, prompting businesses to invest…

New Remote Access Trojan Attacks Target Indian Government and Academia Background and Context The ongoing cyber threat landscape reveals a persistent and evolving danger from threat actors such as Transparent Tribe, which is understood to be a group with ties to Pakistani intelligence. This group has a history of targeting India, particularly its government and…

OpenAI Provides Free Month of ChatGPT Plus to Select Users Introduction to ChatGPT Plus ChatGPT Plus, a subscription service by OpenAI, has been available for users seeking enhanced access and features within the ChatGPT ecosystem. Priced at $20 per month, ChatGPT Plus provides subscribers with benefits such as faster response times, priority access during peak…

Trust Wallet Chrome Extension Hack Results in $8.5 Million Loss Background on Trust Wallet and Supply Chain Attacks Trust Wallet, a popular cryptocurrency wallet and decentralized application platform, facilitates secure storage and management of digital assets for millions of users worldwide. The significance of security in cryptocurrency management cannot be overstated, as breaches can lead…

U.S. Treasury Removes Sanctions on Key Figures Linked to Controversial Spyware Background on Intellexa and the Predator Spyware The recent decision by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) to remove three individuals associated with the Intellexa Consortium from its specially designated nationals list has raised significant questions within the…

Chinese State Hackers Leverage Rootkit to Conceal ToneShell Malware Operations Background and Context The ToneShell backdoor has emerged as a significant tool in the arsenal of Chinese state-sponsored hackers, often employed in cyberespionage campaigns targeting government entities and critical infrastructure. This malware is designed to provide remote access and control, while its rootkit capabilities allow…

MongoBleed Vulnerability Exposes 87,000 MongoDB Servers to Data Breaches Introduction to MongoBleed The recent discovery of a critical vulnerability in MongoDB systems, identified as MongoBleed (CVE-2025-14847), has raised alarm among security professionals and organizations worldwide. This exploit allows attackers to access sensitive data from over 80,000 MongoDB servers that are publicly accessible on the internet.…

Rainbow Six Siege Breach: A Major Security Incident in Online Gaming Background & Context Ubisoft’s Rainbow Six Siege has been a significant title in the tactical shooter genre since its launch in 2015, amassing a dedicated player base and a vibrant eSports scene. The game stands out for its emphasis on teamwork and strategy, with…

Grubhub Users Targeted by Cryptocurrency Scam Promising High Returns Background: The Rise of Cryptocurrency Scams In recent years, the proliferation of cryptocurrency has created a landscape ripe for exploitation. With its rapid rise in public interest and investment, cryptocurrency offers both legitimate opportunities and avenues for fraud. Phishing scams have become prevalent, especially targeting unsuspecting…

Emerging Threats: Navigating the Landscape of Stealth Loaders and AI Vulnerabilities Introduction to the Evolving Cyber Threats Landscape As technology continues to integrate itself into daily life, the nature of cyber threats is changing dramatically. No longer confined to overt breaches, cybercriminals are now employing stealth tactics that camouflaged their malicious intentions within everyday applications…

New MacSync Variant Uses Notarized Apps to Evade macOS Security Introduction to MacSync and Its Evolving Techniques Cybersecurity researchers have identified a new iteration of the MacSync information stealer, a malware variant specifically targeting macOS users. This latest version employs innovative delivery methods, utilizing a digitally signed and notarized Swift application designed to mimic a…

Malicious Chrome Extensions Expose User Credentials Across 170+ Websites Introduction and Discovery In a significant cybersecurity breach, researchers have identified two malicious Google Chrome extensions that have stealthily intercepted user credentials from over 170 websites. These extensions, masquerading as tools for a “multi-location network speed test,” reveal a troubling trend in cyberattacks leveraging seemingly innocuous…

Nissan Reports Customer Data Exposure Following Red Hat Breach Overview of the Incident Nissan Motor Co. Ltd. has confirmed that personal information belonging to thousands of its customers was compromised due to a data breach at Red Hat, a prominent provider of open-source solutions. The breach occurred in September and has raised significant concerns around…

Emerging Trends in Android Malware: The Rise of Multifunctional Threats Background and Context As mobile devices have become ubiquitous in daily life, they have attracted the attention of cybercriminals looking to exploit their capabilities for illicit gains. Android, which holds a significant share of the global mobile operating system market, has been a particular target…

RansomHouse Enhances Ransomware Encryption with Advanced Multi-Layered Technique Background and Context The RansomHouse ransomware-as-a-service (RaaS) model has gained notoriety for providing malicious actors with the tools to launch cyber extortion campaigns without requiring advanced technical skills. Ransomware, a type of malicious software that encrypts a victim’s files, has historically been a significant threat to organizations…

Russia-Linked Phishing Campaign Targets Microsoft 365 with Device Code Authentication Background and Context The use of phishing tactics to gain access to sensitive information has become a pervasive threat in today’s digital landscape. Phishing attacks have evolved significantly, leveraging sophisticated methods to trick users and bypass traditional security measures. The recent campaign attributed to a…

Windows 10 OOB Update Addresses Critical Message Queuing Issues Following Windows 11 Update Background on Message Queuing (MSMQ) Message Queuing (MSMQ) is a crucial component in the Microsoft ecosystem, primarily utilized by enterprises to handle background tasks and facilitate asynchronous communication between distributed applications. This system allows for the reliable transfer of messages, even under…

Critical ASUS Live Update Vulnerability Exposed: A Deep Dive Overview of the Vulnerability On December 17, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially recognized a critical security flaw affecting ASUS Live Update by including it in its Known Exploited Vulnerabilities (KEV) catalog. This action was prompted by recent indications of active exploitation…

Large-Scale AWS Crypto Mining Campaign Unleashed via Compromised IAM Credentials Introduction An alarming trend is emerging in the cybersecurity landscape, as an ongoing campaign has been identified that exploits compromised Identity and Access Management (IAM) credentials specifically within Amazon Web Services (AWS) environments. This activity not only highlights severe vulnerabilities but underscores the growing need…

SoundCloud Confirms Data Breach: User Information Compromised and VPN Service Disrupted Background and Context SoundCloud, a major player in the audio streaming industry, provides a platform for artists to upload, share, and promote their music. With over 76 million monthly active listeners, SoundCloud has become a critical space for indie musicians and content creators. However,…

VolkLocker Ransomware Flaw Exposed: Free Decryption Possible Background and Context The emergence of ransomware-as-a-service (RaaS) offerings has radically transformed the cybercrime landscape, providing even those with limited technical skills access to advanced malware tools. VolkLocker is the latest in a line of RaaS products developed by the pro-Russian hacktivist group CyberVolk, also known as GLORIAMIST.…

CISA Identifies High-Risk Sierra Wireless Router Vulnerability Subject to Active Exploitation Introduction to the Vulnerability On December 13, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially added a critical vulnerability affecting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) database. The designation of CVE-2018-4063, which obtained a Common Vulnerability Scoring…

CISA Identifies Critical GeoServer XXE Vulnerability as Actively Exploited Background and Context The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical vulnerability in OSGeo’s GeoServer, drawing attention to its potential risks and the urgent need for mitigation. The vulnerability, designated as CVE-2025-58360, has been classified with a CVSS score of 8.2, indicating…

Google Ads Misused to Distribute AMOS Infostealer Malware via AI Chatbot Guides Background and Context The increasing reliance on artificial intelligence (AI) tools such as ChatGPT and Grok for various tasks has opened new avenues for cybercriminal activities. The current infestation of AMOS infostealer malware takes advantage of Google search ads, steering users towards false…

SAP Addresses Critical Vulnerabilities in December Security Updates Introduction to SAP’s Security Update On December 9, 2025, SAP released its latest security updates, addressing a total of 14 vulnerabilities present in various products. Among these, three vulnerabilities were assessed with critical severity. This release is particularly timely, as organizations worldwide prepare for year-end audits and…

JS#SMUGGLER Campaign Leverages Compromised Websites to Distribute NetSupport RAT Background and Context Cyber threats continue to evolve, becoming increasingly sophisticated and elusive to traditional cybersecurity measures. The JS#SMUGGLER campaign is a notable example of this trend, utilizing compromised websites to deliver the NetSupport Remote Access Trojan (RAT). Such tactics are not new; however, they represent…

OpenAI Responds to Allegations of Ads in ChatGPT Paid Plans Background and Context In recent weeks, users of OpenAI’s ChatGPT Plus subscription, which costs $20 per month, began reporting instances of what appeared to be advertisements within their chat interfaces. These assertions have ignited a debate among subscribers about the potential monetization strategies of AI…

Critical React2Shell Vulnerability Compromises Over 30 Organizations Overview of the React2Shell Flaw The recently identified React2Shell remote code execution vulnerability (CVE-2025-55182) poses a significant threat to cybersecurity, impacting more than 77,000 Internet-exposed IP addresses. Researchers have confirmed that cyber adversaries have leveraged this flaw to breach over 30 organizations across diverse sectors, indicating a widespread…

New Zero-Click Browser Attack Threatens Google Drive Integrity Background & Context The emergence of the zero-click agentic browser attack represents a significant escalation in cybersecurity threats, particularly targeting users of the Perplexity Comet browser. As reliance on cloud storage and integrated web services has grown, the need for robust security measures cannot be overstated. In…

Command Injection Vulnerability Discovered in Array AG Gateways: Urgent Action Required Overview of the Vulnerability JPCERT/CC recently issued a warning regarding the exploitation of a command injection vulnerability in Array Networks AG Series secure access gateways. This vulnerability has reportedly been active since August 2025, raising significant concerns about the security posture of its affected…

Critical Vulnerabilities in React Server Components Pose Serious Security Risks Introduction to the Vulnerability A maximum-severity security flaw has been disclosed in React Server Components (RSC), which could potentially allow unauthenticated remote code execution. This critical vulnerability, tracked as CVE-2025-55182 and codenamed React2shell, has garnered attention within the developer community due to its severity, carrying…

Korean Police Crack Down on Illicit Trade of Hacked IP Camera Footage Overview of the Incident The recent arrests made by the Korean National Police highlight a disturbing trend in the exploitation of technology. Four suspects are accused of orchestrating a large-scale operation that compromised over 120,000 IP cameras throughout South Korea. The hacked footage,…

India Mandates Pre-Installation of Cybersecurity App to Combat Telecom Fraud Background and Context In a significant move aimed at enhancing cybersecurity within the telecommunications sector, India’s Ministry of Telecommunications has mandated that all mobile device manufacturers preload the Sanchar Saathi app on new devices within a 90-day window. This initiative responds to increasing concerns over…

Tomiris Adopts Public-Service Implants to Enhance C2 in Government Target Attacks Background and Context The escalation of cyber warfare tactics has become increasingly evident in recent years, with groups like Tomiris adapting their methodologies to remain effective against evolving defenses. Founded around 2018, Tomiris has gained notoriety for its sophisticated attacks on both national governments…

Asahi Group Holdings Reports Cyberattack Affecting Nearly 1.9 Million Individuals Background and Context Asahi Group Holdings, Japan’s leading beer producer and beverage conglomerate, has experienced a significant cyberattack that has impacted the personal data of approximately 1.9 million individuals. This incident, which was uncovered following an internal investigation of a September 2025 breach, underscores the…

Man Sentenced to Seven Years for In-Flight WiFi Data Theft Background on WiFi Network Threats The rise of mobile technology has transformed the way individuals access information and communicate while traveling. However, it has also led to an increase in cybercrime, particularly in the realm of public WiFi networks. Hackers have developed various methods to…

OpenAI Confirms API Customer Data Breach Linked to Mixpanel Vendor Incident Background on the Breach OpenAI has recently informed a group of ChatGPT API customers that a data breach has occurred due to a vulnerability within its analytics service provider, Mixpanel. This incident highlights the increasing risks associated with third-party vendors, particularly in technology sectors…

ShadowV2 Botnet Exploits AWS Outage: A Deep Dive Background and Context The emergence of ShadowV2, a new Mirai-based botnet malware, marks a troubling development in the realm of cybersecurity, particularly for Internet of Things (IoT) devices. The recent attack exploited known vulnerabilities in widely used IoT hardware from manufacturers such as D-Link and TP-Link. This…

Nationwide Disruption of Emergency Alert Systems Following OnSolve CodeRED Cyberattack Background and Context The recent cyberattack on OnSolve CodeRED has raised significant concerns about the resilience of emergency notification systems across the United States. OnSolve CodeRED, a risk management platform utilized by numerous state and local agencies, plays a critical role in disseminating urgent information…

StealC Infostealing Malware Distributed via Malicious Blender Files Introduction to the Threat Recent reports have identified a troubling campaign linked to Russian cybercriminals, utilizing targeted malicious Blender model files to distribute the StealC V2 information-stealing malware. As digital marketplaces for 3D models become increasingly popular among creative professionals, the infiltration of these platforms highlights significant…

Google Facilitates Seamless File Sharing Between Pixel Devices and iPhones Introduction to the New Feature In a significant move aimed at enhancing cross-platform usability, Google has introduced interoperability between its Quick Share feature on Pixel devices and Apple’s AirDrop. This update allows users on either platform to easily share files with one another, marking an…

Security Flaw in WhatsApp API Exposes 3.5 Billion Accounts Background and Context The recent discovery that researchers were able to compile a staggering list of 3.5 billion mobile phone numbers and associated personal information from WhatsApp has highlighted severe vulnerabilities in one of the world’s most popular messaging platforms. The flaw stems from a contact-discovery…

CISA Alerts on Active Exploitation of Oracle Identity Manager RCE Vulnerability Overview of the Vulnerability The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued a significant warning regarding an identified vulnerability in Oracle Identity Manager, designated as CVE-2025-61757. This flaw is classified as a remote code execution (RCE) vulnerability and is reportedly being actively…

Understanding Open-Source Intelligence: Safeguarding Your Digital Presence Introduction to Open-Source Intelligence In an era where digital interactions dominate personal and professional landscapes, understanding open-source intelligence (OSINT) has become crucial for individuals and organizations alike. OSINT refers to the process of gathering information from publicly accessible sources, enabling users to identify vulnerabilities in their digital presence…

Global Campaign Unleashes TamperedChef Malware via Deceptive Software Installers Background and Context The ongoing global malware campaign known as TamperedChef underscores the growing sophistication and reach of cybercriminal activities. This campaign capitalizes on the trust users place in popular software, employing bogus installers to introduce malicious payloads onto victim machines. As digital threats evolve, such…

Thunderbird 145 Introduces Native Microsoft Exchange Support Introduction of Native Support for Microsoft Exchange On November 18, 2025, Thunderbird 145 was released, marking a significant advancement in the email client’s capabilities with the inclusion of full native support for Microsoft Exchange accounts via the Exchange Web Services (EWS) protocol. This development enables users to integrate…

Google Addresses Critical Chrome V8 Zero-Day Vulnerability with Urgent Security Update Introduction to the Vulnerability On November 18, 2025, Google announced essential security updates for its Chrome browser, targeting two vulnerabilities, including a critical zero-day flaw known as CVE-2025-13223. This particular vulnerability has a CVSS score of 8.8, indicating a significant security threat that attackers…

Google’s New Initiative to Identify Battery-Draining Android Apps Introduction In a significant move to enhance user experience and device efficiency, Google has announced that it will begin flagging Android applications in the Google Play Store that are associated with excessive background activity and battery drain. This initiative, set to commence in the coming months, aims…

Critical Vulnerability in Post SMTP Plugin Poses Risk to WordPress Sites Background and Context The Post SMTP plugin has been widely adopted by WordPress users, offering reliable and easy-to-configure SMTP mail sending options. Installed on over 400,000 WordPress sites, its integration streamlines email communications for businesses and individual users alike. However, this popularity also makes…

Immediate Response Strategies Following a Cyberattack Background: The Growing Threat of Cyberattacks The evolution of technology has, paradoxically, given rise to increasingly sophisticated cyberattacks. According to a report by Cybersecurity Ventures, cybercrime is projected to inflict damages exceeding $10.5 trillion annually by 2025. This alarming statistic highlights the urgency for individuals and organizations to recognize…

Data Breach at University of Pennsylvania Exposes 1.2 Million Donor Records Background and Context On November 2, 2025, a hacker publicly claimed responsibility for a significant data breach at the University of Pennsylvania, revealing that 1.2 million donor records were compromised. This incident highlights ongoing vulnerabilities within educational institutions, particularly regarding how they manage and…

Google’s AI Search Integration: The Future of Advertising in a New Era Introduction to AI in Search Engines The integration of artificial intelligence (AI) in search engines marks a significant evolution in how information is retrieved online. As digital landscapes become increasingly competitive, companies like Google are continually adapting to user expectations and technological advancements.…

OpenAI Launches Aardvark: A Revolutionary GPT-5 Agent for Automated Code Flaw Detection and Mitigation Background and Context OpenAI, a leader in artificial intelligence research and development, has announced the launch of Aardvark, an innovative autonomous agent based on the GPT-5 architecture. This AI-driven tool is designed to perform the complex tasks of scanning, comprehending, and…

Enhancing macOS Security: Addressing Admin Errors to Mitigate Cyber Threats Background & Context In recent years, operating systems have faced increasing scrutiny regarding their security measures. As cyber threats become more sophisticated, user error remains a significant vulnerability in the overall security landscape. This is particularly relevant for macOS, where a mix of robust design…

Malicious NPM Packages Compromise Sensitive Data Across Multiple Platforms Background and Context The discovery of ten malicious packages in the Node Package Manager (npm) registry highlights ongoing security vulnerabilities within software development environments. NPM, a vital component for JavaScript developers, facilitates the sharing and utilization of code libraries. However, its popularity also makes it a…

Critical Security Vulnerabilities Target Dassault Systèmes and XWiki Introduction to Recent Exploits Active exploitation of security flaws in Dassault Systèmes DELMIA Apriso and XWiki has come into focus following alerts from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and cybersecurity firm VulnCheck. These vulnerabilities pose significant risks to organizations using these platforms, highlighting a…

BiDi Swap: How Bidirectional Unicode Is Being Used to Make Fake URLs Appear Legitimate What the BiDi Swap trick is and why it matters Security researchers at Varonis have documented a renewed phishing technique they call “BiDi Swap,” in which attackers abuse Unicode bidirectional (BiDi) control characters to make malicious URLs display as if they…

Qilin Ransomware Deploys Linux Payloads and BYOVD Tactics in Hybrid Attacks Overview and key facts Security researchers have observed the Qilin ransomware operation — also tracked under the names Agenda, Gold Feather and Water Galura — using a hybrid attack approach that pairs a Linux-capable payload with a BYOVD (Bring Your Own Vulnerable Driver) exploitation…

CoPhish: Copilot Studio Agents Used to Steal OAuth Tokens via Trusted Microsoft Domains Overview Security researchers have identified a new phishing technique named “CoPhish” that leverages Microsoft Copilot Studio agents to deliver fraudulent OAuth consent prompts via legitimate Microsoft domains. The campaign uses the trust provided by Microsoft-owned infrastructure to present users with what appear…

194,000+ Domains Tied to Global Smishing Campaign, Unit 42 Warns Summary of the Finding Palo Alto Networks Unit 42 has attributed more than 194,000 malicious domains to a large-scale, ongoing smishing campaign that has been active since January 1, 2024. The campaign, as reported by the security vendor, targets a wide range of services and…

Toys “R” Us Canada confirms customer records stolen and later leaked — what organizations and customers should do next Summary of the incident Toys “R” Us Canada has notified customers that threat actors leaked customer records they had previously stolen from the retailer’s systems. The company’s breach notification, shared with affected customers, indicates an incident…

Critical Adobe Commerce/Magento Vulnerability Exploited in Over 250 Attack Attempts What happened Security researchers at e-commerce protection firm Sansec reported that threat actors have begun actively exploiting a recently disclosed vulnerability affecting Adobe Commerce and Magento Open Source. The flaw is tracked as CVE-2025-54236 and carries a CVSS score of 9.1. Sansec recorded more than…

TP-Link Fixes Four Omada Gateway Vulnerabilities, Two Allow Arbitrary Code Execution What the update fixes TP-Link has released security updates addressing four vulnerabilities in its Omada gateway devices, including two critical flaws that can lead to arbitrary code execution. One of the flaws has been publicly identified as CVE-2025-6541 (CVSS 8.6), an operating system command…

DNS0.EU Public DNS Service Shuts Down Citing Sustainability Constraints What happened DNS0.EU, a non-profit public DNS resolver that served primarily European users, announced an immediate shutdown, attributing the decision to time and resource constraints. The project’s operators said they were unable to continue running the service under current conditions and ceased operations with immediate effect.…

TikTok “ClickFix” Videos Deliver Info‑Stealers via Fake Activation Guides Summary of the campaign Security researchers are tracking a surge of so‑called “ClickFix” attacks that use short TikTok videos posing as free activation or “fix” guides for popular software — including Windows, Spotify and Netflix — to trick users into downloading information‑stealing malware. The videos present…

OpenAI: GPT-6 Will Not Ship in 2025 — Implications for Developers, Enterprises, and Policymakers What OpenAI confirmed OpenAI has confirmed that GPT-6 will not be shipped in 2025. The company’s statement clarified that while a major labelled release is not planned for this calendar year, this does not preclude the release of other models, updates,…

ConnectWise patches Automate flaw that enabled AiTM-style tampering of updates Summary of the update ConnectWise released a security update for its Automate remote monitoring and management (RMM) product to fix multiple vulnerabilities, including one the company classified as critical. According to reporting, the most serious issue could allow adversaries to intercept and modify sensitive communications…

Windows 11 October Update Breaks Localhost HTTP/2 (127.0.0.1) Connections Summary of the issue Reports surfaced after Microsoft’s October 2025 Windows 11 updates that applications attempting to connect to the loopback address (127.0.0.1) over HTTP/2 are failing to establish or maintain connections. Affected workflows include local development servers, desktop applications that talk to bundled local services,…

YouTube outage triggers global playback errors on web and mobile Incident overview Users around the world are experiencing playback errors on YouTube’s website and mobile applications, indicating a global outage affecting video streaming functionality. Reports describe failures when attempting to play videos across platforms, and users on social media and monitoring sites are flagging widespread…

Using NDR to Detect Dark Web‑Sourced Threats on Your Network Why this matters: background and context Activity originating from dark web marketplaces and criminal forums increasingly fuels enterprise breaches. Threat actors buy and sell stolen credentials, remote access tools, malware, and exploit code on those platforms, lowering the barrier to entry for malicious campaigns. When…

Synced Passkeys: Cloud Convenience That Reintroduces Account Recovery Risk Background: what passkeys are and why synced ones matter Passkeys (FIDO/WebAuthn credentials) are cryptographic credentials bound to a user’s device or authenticator that are designed to replace passwords and resist phishing. They eliminate shared secrets: instead of typing a password, a relying party verifies a public…

WhatsApp Worm to Oracle Zero‑Day: This Week’s Cross‑Platform Attack Chains Overview: quiet starts, loud consequences Every week the cyber world reminds us that silence doesn’t mean safety. Attacks frequently begin with a single unpatched flaw, an overlooked credential, or a backup left unencrypted. By the time alarms go off, adversaries have already chained multiple weaknesses,…

SonicWall SSL VPN Devices Reportedly Compromised at Scale; Valid Credentials Suspected Summary of the incident Cybersecurity firm Huntress on Friday warned of a “widespread compromise” of SonicWall SSL VPN devices that attackers are using to access multiple customer environments. According to the alert, threat actors are authenticating into multiple accounts rapidly across compromised devices. The…

ClayRat Android Spyware Distributes via Fake WhatsApp, TikTok and Other App Lures in Russia Overview of the campaign Security researchers have identified a rapidly evolving Android spyware campaign dubbed “ClayRat” that has targeted users in Russia. According to reporting, operators behind the campaign used a mix of Telegram channels and lookalike phishing websites to entice…

ShinyHunters Escalates Extortion Against Red Hat After Customer Engagement Reports Leak What happened Enterprise software vendor Red Hat is facing an extortion campaign after the ShinyHunters criminal group posted samples of stolen customer engagement reports (CERs) on its data leak site. The leaked artifacts were described as samples from an alleged data theft and were…

Microsoft investigates Copilot failures when multiple Office apps run simultaneously Summary of the incident Microsoft is investigating a bug that causes Copilot issues when multiple Office apps are running simultaneously on the same system. Microsoft is investigating a bug that causes Copilot issues when multiple Office apps are running simultaneously on the same system. Reports…

Zimbra Zero-Day Abused via iCalendar (.ICS) Files — What Administrators Need to Know Summary of the incident Researchers monitoring for unusually large .ICS calendar attachments discovered that a flaw in Zimbra Collaboration Suite (ZCS) was actively exploited as a zero-day earlier this year. The attackers used iCalendar files to trigger the vulnerability, enabling compromise of…

Zimbra Zero‑Day Abused via Malicious iCalendar (.ICS) Attachments Summary of the discovery Researchers monitoring for larger .ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in zero-day attacks at the beginning of the year. That finding indicates attackers leveraged the iCalendar format — commonly used for meeting invites and calendar…

Leaked iPad Pro M5 Benchmark Suggests Near-Desktop Performance What the leak shows A newly leaked benchmark result, attributed to an iPad Pro running what is being described as Apple’s alleged M5 chip, indicates a substantial jump in raw performance — enough that the device approaches the speed of many desktop-class CPUs. The dataset appears limited…

OpenAI updates GPT-5 to close emotional-support gap with GPT-4o At a glance According to reporting from BleepingComputer, OpenAI has rolled out an update intended to improve GPT-5’s ability to provide emotional support. The outlet observed that GPT-5 had previously underperformed relative to GPT-4o on supportive, empathetic interactions, and that the change released today aims to…

Detour Dog Linked to DNS-Enabled Distribution of Strela Stealer via StarFish Backdoor Summary of findings Security researchers at DNS threat intelligence firm Infoblox have attributed a series of information-stealer campaigns to a threat actor tracked as “Detour Dog.” According to Infoblox, Detour Dog maintained operational control over domains that hosted the first-stage component of the…

Signal introduces SPQR to harden messaging against future quantum attacks What Signal announced Signal has unveiled a new cryptographic component called Sparse Post-Quantum Ratchet (SPQR). The company presents SPQR as an addition to its existing end-to-end encryption design intended to provide stronger resilience against the kinds of attacks that could be enabled by large-scale quantum…

Confucius Campaign in Pakistan Deploys WooperStealer and Anondoor in Spear‑Phishing Attacks Campaign summary Security researchers have attributed a recent phishing campaign against targets in Pakistan to the threat actor known as Confucius, which used the information‑stealer WooperStealer alongside a secondary payload referred to as Anondoor. According to reporting, the campaign employed spear‑phishing and malicious documents…

DrayTek Issues Advisory: Remote, Unauthenticated RCE Vulnerability in Vigor Routers What DrayTek reported Networking vendor DrayTek has published an advisory warning of a security vulnerability that affects several Vigor router models. According to the advisory, the flaw could allow remote, unauthenticated actors to execute arbitrary code on impacted devices. DrayTek’s notice alerts administrators and operators…

Ransomware at Motility Software Exposes Data of 766,000 Dealership Customers Summary of the incident A ransomware attack targeting Motility Software Solutions, a provider of dealer management software (DMS), has exposed sensitive information belonging to approximately 766,000 customers. The incident underscores the systemic risk created when technology vendors that serve many organizations are compromised — a…

F‑Droid at risk as Google enforces identity verification for all Android developers Summary of the change and immediate concern F‑Droid, the volunteer‑run catalog and installer for free and open‑source Android applications, has warned that Google’s new requirement for all Android developers to verify their identity could threaten the project’s continued operation. The change obligates developer…

“Battering RAM” Hardware Interposer Can Bypass Intel and AMD Cloud Defenses, Researchers Show Summary of the disclosure Researchers from KU Leuven and the University of Birmingham have demonstrated a practical hardware attack they call “Battering RAM,” using a low-cost interposer that sits in the DRAM channel and can bypass recent security protections on Intel and…

Phantom Taurus: China‑Linked Group Deploys Stealth Malware Against Governments and Telecoms Overview Security researchers at Palo Alto Networks Unit 42 have identified a previously undocumented, China‑aligned nation‑state actor they call “Phantom Taurus.” According to Unit 42, Phantom Taurus has operated for roughly two and a half years, targeting government and telecommunications organizations across Africa, the…

EvilAI Campaign: Malware Masquerading as AI Tools to Seed Global Intrusions Summary of the discovery Security researchers have identified a campaign in which threat actors use seemingly legitimate artificial intelligence (AI) and productivity tools as the delivery mechanism for malware. According to Trend Micro, attackers are deploying these AI-enhanced or productivity applications to slip malicious…

EvilAI Campaign: Malware Delivered Through Trojanized AI and Productivity Tools Summary of the discovery Security researchers at Trend Micro have identified a campaign in which threat actors distribute malware by posing as legitimate artificial intelligence (AI) tools and productivity software. The operators deliver trojanized installers and seemingly benign utilities that, once executed, establish footholds for…

Akira Ransomware Bypassing OTP-Protected SonicWall SSL VPN Accounts — What Practitioners Need to Know Overview of the incident Security researchers tracking ongoing attacks by the Akira ransomware group report the actors have been successfully authenticating to SonicWall SSL VPN accounts even when one-time passcode (OTP) multi-factor authentication (MFA) is enabled. Initial analysis suggests the likely…

EU Opens Antitrust Probe into SAP’s Aftermarket Support for On-Premise ERP What the Commission is investigating On 28 September 2025 the European Commission announced a probe into whether SAP has engaged in anti-competitive practices in the aftermarket services it provides for its on‑premise enterprise resource planning (ERP) software. The investigation focuses on the market for…

Malvertising and SEO Poisoning Deliver Fake Microsoft Teams Installers that Install Oyster Backdoor Summary of the campaign Security researchers have observed attackers using search engine optimization (SEO) poisoning and paid search advertisements to surface malicious pages that present fake Microsoft Teams installers to Windows users. When downloaded and executed, these installers deploy the Oyster backdoor,…

China-linked PlugX Variant and Bookworm Campaign Target Asian Telecoms and ASEAN Networks Summary of the campaign Security reporting highlights an ongoing campaign that is distributing a new variant of the PlugX backdoor (also known as Korplug or SOGU) while targeting telecommunications and manufacturing organizations across Central and South Asia, with impacts reported in ASEAN networks.…

Microsoft Tests AI Auto-Categorization for Photos on Windows 11 Overview Microsoft has begun testing a new AI-powered capability in the Microsoft Photos app that automatically organizes photos on Windows 11 devices. The feature, currently in testing, is intended to categorize images to make search and browsing faster and more intuitive. Microsoft’s announcement signals another major…

Trump Signs Order Approving US Investors to Restructure TikTok Operations over National Security Concerns Overview of the executive order U.S. President Donald Trump has signed an executive order approving a plan to restructure TikTok operations in the country to address national security concerns. The measure authorizes a change in the ownership and operational control of…

Critical Cisco ASA/FTD VPN Zero-Day Exploited in the Wild; CISA Issues Emergency Mitigation Summary of the incident Cisco has alerted customers to two security flaws affecting the VPN web server component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software, noting active exploitation in the wild. One…

Salesforce Patches Critical “ForcedLeak” Flaw in Agentforce That Could Expose CRM Data via Indirect Prompt Injection What happened Cybersecurity researchers at Noma Security disclosed a critical vulnerability in Salesforce Agentforce — the vendor’s platform for building AI-driven agents — that could allow attackers to exfiltrate sensitive information from a connected Salesforce CRM instance by leveraging…

Recorded Future Names Chinese State-Sponsored Cluster “RedNovember” Using Pantegana and Cobalt Strike Background and context Security firm Recorded Future, which had been tracking an activity cluster under the tracking name TAG-100, has reclassified the cluster as a Chinese state-sponsored threat actor and given it the name RedNovember. The activity has been observed targeting government and…

Cisco issues urgent patch for actively exploited IOS and IOS XE zero-day Summary of the advisory Cisco has released security updates to address a high-severity zero-day vulnerability in Cisco IOS and IOS XE Software that is being actively exploited in the wild. Cisco has released security updates to address a high-severity zero-day vulnerability in Cisco…

One Weak Password Ended a 158-Year-Old Logistics Firm The incident in brief KNP Logistics Group, a company with roots stretching back 158 years and formerly known as Knights of Old, has ceased operations after an incident tied to a single compromised or weak password. The business had built a substantial transport operation over its lifetime,…

BadIIS SEO-Poisoning Campaign Redirects Traffic and Installs Web Shells in Vietnam and Southeast Asia Summary of the discovery Cybersecurity researchers have identified an SEO poisoning campaign that uses malicious search-result manipulation to infect or redirect visitors and then deploy a malware family dubbed “BadIIS.” The activity, tracked by Palo Alto Networks Unit 42 as CL-UNK-1037…

Microsoft begins Windows 11 beta rollout of AI-powered Gaming Copilot Overview of the rollout Microsoft has started a staged beta rollout of Gaming Copilot to Windows 11 PCs. The company is making the beta available to users aged 18 or older, but the rollout explicitly excludes devices located in mainland China. Microsoft has begun rolling…

Microsoft Begins Beta Rollout of Gaming Copilot for Windows 11 PCs Overview of the rollout Microsoft has started a beta rollout of Gaming Copilot to Windows 11 systems. The initial deployment is limited to users who are 18 years or older and excludes availability in mainland China. Microsoft’s announcement positions the release as an expansion…

UNC1549 Campaign Compromises 34 Devices at 11 European Telecom Firms Using LinkedIn Job Lures and MINIBIKE Malware Summary Security researchers have attributed a recent espionage campaign targeting European telecommunications companies to the cluster known as UNC1549. According to reporting by thehackernews.com and tracking by Swiss cybersecurity firm PRODAFT, the actor (tracked by PRODAFT as “Subtle…

Automating Alert Triage with AI Agents and Confluence SOPs Using Tines Summary of the workflow The workflow highlighted by Tines automates security alert triage by using AI-driven agents to identify the correct Standard Operating Procedures (SOPs) documented in Confluence, and then executing the appropriate response steps through the platform. The underlying Tines library — maintained…

OpenAI adds user control over GPT‑5 “thinking” depth for Plus and Pro subscribers What OpenAI announced OpenAI has begun rolling out a new toggle that lets users select how “hard” the GPT‑5‑thinking model should work on a given prompt. The feature is being made available to ChatGPT Plus and Pro subscribers, enabling users to adjust…

SonicWall Urges Password Resets After Cloud Backup Files Accessed in MySonicWall Breach Incident summary SonicWall has notified customers that it detected suspicious activity targeting its cloud backup service for firewalls and that unknown threat actors accessed firewall configuration backup files stored in the cloud for less than 5% of MySonicWall accounts. The vendor has urged…

CountLoader: New Multi‑Version Loader Fuels Russian Ransomware Operations Overview of the discovery Security researchers have identified a new malware loader, tracked as “CountLoader,” that is being used by Russian-affiliated threat actors to deliver post‑exploitation tools and remote access malware. According to published reporting, CountLoader has been observed distributing Cobalt Strike, AdaptixC2, and a remote access…

TA558 Deploys Venom RAT Using AI-Generated Scripts Against Hotels in Brazil and Spanish-Speaking Markets Overview Russian security vendor Kaspersky has attributed a fresh campaign to the threat actor tracked as TA558 that delivered multiple remote access trojans (RATs), including Venom RAT, to breach hotels in Brazil and other Spanish-speaking markets. Kaspersky observed the activity in…

Microsoft and Cloudflare Disrupt RaccoonO365 Phishing-as-a-Service That Stole Thousands of Microsoft 365 Credentials Incident summary Microsoft and Cloudflare have jointly disrupted a large-scale Phishing-as-a-Service (PhaaS) operation known as RaccoonO365. According to reporting, the service enabled cybercriminals to run tailored Microsoft 365 credential-harvesting campaigns and helped steal thousands of Microsoft 365 credentials. The action targeted the…

BreachForums Admin Conor Fitzpatrick Resentenced to Three Years Following Appeals Court Reversal Summary of the ruling On September 16, 2025, Conor Brian Fitzpatrick, a 22-year-old identified as the administrator of the BreachForums hacking forum, was resentenced to three years in prison after a federal appeals court overturned his prior sentence of time served and 20…

Chaos Mesh GraphQL Flaws Could Enable RCE and Full Kubernetes Cluster Takeover Disclosure summary Cybersecurity researchers have disclosed multiple critical vulnerabilities in Chaos Mesh — an open‑source chaos engineering platform for Kubernetes — that, if exploited, could allow remote code execution (RCE) and full takeover of Kubernetes clusters. The published advisory indicates attackers require only…

OpenAI Rolls Out GPT-5 Codex Across Codex Terminal, IDE Extension, and Web What OpenAI announced OpenAI is rolling out the GPT-5 Codex model to all Codex instances, including Terminal, the IDE extension, and Codex Web (codex.chatgpt.com). The move places OpenAI’s latest code-specialized model directly into the workflows used by developers and teams, and positions it…

Mustang Panda Uses SnakeDisk USB Worm to Deliver Yokai Backdoor to Thailand-Based Targets Summary of the discovery IBM X-Force researchers Golo Mühr and Joshua Chung reported that the China-aligned threat actor known as Mustang Panda has deployed an updated TONESHELL backdoor alongside a previously undocumented USB worm called SnakeDisk. According to the analysis, the worm…

Browser-Based Attacks: What Security Teams Need to Prepare For Now What is a browser-based attack — and why it matters Attacks that target users in their web browsers have seen an unprecedented rise in recent years. A browser-based attack leverages the browser — and the rich, interactive content it renders — as the primary attack…

FBI Alert: UNC6040 and UNC6395 Target Salesforce Orgs for Data Theft and Extortion What the FBI alert says The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations’ Salesforce environments to steal data and extort victims. The FBI has issued a FLASH alert warning that…

FBI: UNC6040 and UNC6395 Target Salesforce Instances to Steal Data and Extort Victims Summary of the FBI FLASH alert The FBI has issued a FLASH warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations’ Salesforce environments to steal data and extort victims. The advisory raises immediate concern for enterprises that rely…

HybridPetya Ransomware Can Circumvent UEFI Secure Boot to Modify EFI System Partition Overview A recently reported ransomware strain known as HybridPetya is capable of bypassing the UEFI Secure Boot mechanism to place a malicious application on the EFI System Partition (ESP). The ability to write to the ESP and persist at or before the operating…

Three Immediate Priorities During a Cyberattack: Clarity, Control, Lifeline Overview When a cyberattack begins, response speed and the sequence of actions determine whether an organization contains damage or faces prolonged disruption. A concise framework highlighted by Acronis TRU — clarity, control, and a lifeline — captures the immediate priorities MSPs and IT teams need to…

Microsoft resolves streaming lag and stutter introduced by August 2025 Windows updates Summary of the incident Microsoft has resolved severe lag and stuttering issues that affected streaming software on Windows 10 and Windows 11 systems following the installation of the August 2025 security updates. Users reported degraded playback and interrupted live streams after the update;…

US Charges Alleged Administrator of LockerGoga, MegaCortex, and Nefilim Ransomware Summary of the DOJ Action The U.S. Department of Justice has charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his alleged role as the administrator of three major ransomware operations: LockerGoga, MegaCortex, and Nefilim. This charging announcement aligns with an ongoing law-enforcement campaign to identify, charge,…

How CISOs Win Budget Approval: Framing Security as Business Risk Management Why the budget fight matters now It’s budget season. Once again, security is being questioned, scrutinized, or deprioritized. For many organizations the security function remains a cost center competing with product development, sales initiatives, and operational efficiency projects. Yet the consequences of underfunding security…

Salesloft GitHub Account Compromise Triggered Drift Supply‑Chain Breach, Mandiant Says Summary of the incident Salesloft has disclosed that the chain of events behind a data breach tied to its Drift application began with the compromise of a Salesloft GitHub account. Google-owned Mandiant, which investigated the incident, reported that the threat actor tracked as UNC6395 accessed…

Drift Breach and a Week of Active Zero‑Days: What Security Teams Must Do Now Overview — this week’s headlines Cybersecurity coverage this week was dominated by two interlocking themes: a high‑visibility breach involving the conversational marketing vendor Drift, and a wave of active zero‑day exploits prompting urgent patch warnings. Reporting and vendor advisories emphasized the…

SVG-based phishing campaign impersonates Colombian judiciary to deliver malware The campaign: what VirusTotal uncovered Security researchers at VirusTotal have identified a phishing campaign that hides malicious content inside Scalable Vector Graphics (SVG) files. The SVGs are designed to render convincing portal pages that impersonate Colombia’s judicial system, and they act as delivery mechanisms for malware.…

Microsoft Enforces MFA for Azure Portal Sign‑Ins Across All Tenants What Microsoft changed Microsoft says it has been enforcing multifactor authentication (MFA) for Azure Portal sign‑ins across all tenants since March 2025. Microsoft has been enforcing multifactor authentication for Azure Portal sign‑ins across all tenants since March 2025. The change applies to interactive access to…

Critical SAP S/4HANA Code Injection Vulnerability Actively Exploited Overview: what has been observed Security researchers are reporting active exploitation of a critical code injection vulnerability in SAP S/4HANA, used by attackers to compromise internet-exposed systems. The flaw allows an attacker to inject and execute code on vulnerable S/4HANA instances, giving them a pathway to escalate…

Cloudflare Says It Mitigated a Record 11.5 Tbps Volumetric DDoS Attack What Cloudflare reported Cloudflare announced that its network automatically mitigated a volumetric distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second (Tbps). In the same post the company said its systems had “autonomously blocked hundreds of hyper-volumetric DDoS attacks” over recent weeks,…

Hackers Breach Fintech Environment, Attempted $130M Theft via Brazil’s Pix Network What happened On 2 September 2025, security reporting indicated that attackers gained unauthorized access to the environment of Evertec’s Brazilian subsidiary, Sinqia S.A., and attempted to steal $130 million by exploiting connectivity to Brazil’s central bank real‑time payment system, Pix. “Hackers tried to steal…

Lazarus Group Uses PondRAT, ThemeForestRAT and RemotePE in Social‑Engineering Strike on DeFi Organization Summary of the observed campaign Security researchers at NCC Group’s Fox‑IT observed a social‑engineering campaign in 2024 that has been attributed to the North Korea‑linked actor known as the Lazarus Group. The campaign distributed three distinct pieces of cross‑platform malware — named…

Cloudflare Says It Mitigated Record 11.5 Tbps Volumetric DDoS Attack What Cloudflare reported Internet infrastructure company Cloudflare said it recently blocked the largest recorded volumetric distributed denial-of-service (DDoS) attack, which peaked at 11.5 terabits per second (Tbps). Cloudflare said it recently blocked the largest recorded volumetric distributed denial-of-service (DDoS) attack, which peaked at 11.5 terabits…

Silver Fox Abuses Microsoft-Signed WatchDog Driver amsdk.sys to Deploy ValleyRAT Overview Security researchers attribute a Bring Your Own Vulnerable Driver (BYOVD) campaign to a threat actor known as Silver Fox that leverages a previously unknown vulnerable Windows kernel driver to neutralize endpoint defenses and deploy ValleyRAT. The vulnerable component is a 64-bit, validly signed kernel…

Zscaler Salesforce Breach Exposes Customer Support Data After Salesloft/Drift Vendor Compromise What happened Cybersecurity firm Zscaler has disclosed a data breach after threat actors gained access to its Salesforce instance and extracted customer information, including the contents of support cases. According to Zscaler’s notification and reporting by BleepingComputer, the intrusion followed compromises at third‑party vendors…

Zscaler Customer Data Exposed After Attackers Accessed Salesforce Instance Summary of the incident Cybersecurity vendor Zscaler has disclosed a data breach in which threat actors gained access to its Salesforce instance and exfiltrated customer information, including the contents of support cases. Zscaler warned customers about the incident and said the breach followed the compromise of…

Amazon disrupts Russian APT29 campaign targeting Microsoft 365 accounts Summary of the disruption Amazon has been reported to have disrupted an operation attributed to the Russian state-sponsored threat group known as Midnight Blizzard (also tracked as APT29) that sought access to Microsoft 365 accounts and tenant data. Researchers who investigated the activity described the disruption…

ScarCruft (APT37) Deploys RokRAT in “Operation HanKook Phantom” Targeting South Korean Academics Summary of the discovery Cybersecurity researchers at Seqrite Labs have identified a new phishing campaign attributed to ScarCruft, an actor widely reported as North Korea–linked and also tracked as APT37. Seqrite has codenamed the activity Operation HanKook Phantom. According to the report, the…

WhatsApp Issues Emergency Patch for CVE-2025-55177 Affecting iOS and macOS Linked‑Device Sync What happened WhatsApp issued an emergency update for its iOS and macOS clients to remediate a high‑severity vulnerability the company said may have been used in targeted zero‑day attacks. According to WhatsApp, the bug — tracked as CVE‑2025‑55177 and assigned a CVSS score…

VS Code Marketplace Flaw Lets Attackers Reuse Deleted Extension Names, Researchers Warn Summary of the discovery Security researchers at ReversingLabs identified a loophole in the Visual Studio Code Marketplace that can be abused to republish extensions using the same names as previously removed packages. ReversingLabs reported the finding after it observed a malicious extension called…

VS Code Marketplace Flaw Lets Attackers Republish Names of Deleted Extensions Summary of the finding Security researchers at ReversingLabs reported a weakness in the Visual Studio Code (VS Code) Marketplace that permitted actors to reuse the names of extensions that had previously been removed. The discovery followed the identification of a malicious extension named “ahbanC.shiba”…

MathWorks breach: ransomware gang exfiltrated data on more than 10,000 people Overview of the incident MathWorks, the developer of MATLAB and Simulink, disclosed that a ransomware group breached its network in April and stole data relating to more than 10,000 people. The company reported the incident publicly after detecting the intrusion and the subsequent data…

Why Code-to-Cloud Mapping Is Becoming Essential for AppSec in 2025 The problem at a glance Picture this: developers push a change that looks harmless in a local environment but contains a subtle flaw that turns into a large-scale incident once deployed to cloud infrastructure. The vulnerability goes unnoticed until it is exploited, and the organization…

Storm-0501 Abuses Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Extortion Campaign Summary of the incident Recent reporting identifies a financially motivated threat actor tracked as Storm-0501 refining tactics to target hybrid cloud environments. The actor has been observed abusing Microsoft Entra ID (formerly Azure Active Directory) to gain access to Azure…

Cyberattack on Miljödata Disrupts Services Across More Than 200 Swedish Municipalities What happened An attack targeting Miljödata, an IT-systems supplier used by roughly 80% of Sweden’s municipalities, has caused accessibility problems in more than 200 municipal regions, according to reporting by BleepingComputer. The supplier’s systems support a wide range of municipal IT services; the incident…

Over 28,200 Citrix Instances Exposed to Actively Exploited RCE (CVE-2025-7775) Summary: What we know More than 28,200 Citrix instances are vulnerable to a critical remote code execution vulnerability tracked as CVE-2025-7775, and evidence indicates the flaw is already being exploited in the wild. The scale and active exploitation elevate this from a routine patch cycle…