EvilAI Campaign: Malware Delivered Through Trojanized AI and Productivity Tools Summary of the discovery Security researchers at Trend Micro have identified a campaign in which threat actors distribute malware by posing as legitimate artificial intelligence (AI) tools and productivity software. The operators deliver trojanized installers and seemingly benign utilities that, once executed, establish footholds for…
Akira Ransomware Bypassing OTP-Protected SonicWall SSL VPN Accounts — What Practitioners Need to Know Overview of the incident Security researchers tracking ongoing attacks by the Akira ransomware group report the actors have been successfully authenticating to SonicWall SSL VPN accounts even when one-time passcode (OTP) multi-factor authentication (MFA) is enabled. Initial analysis suggests the likely…
EU Opens Antitrust Probe into SAP’s Aftermarket Support for On-Premise ERP What the Commission is investigating On 28 September 2025 the European Commission announced a probe into whether SAP has engaged in anti-competitive practices in the aftermarket services it provides for its on‑premise enterprise resource planning (ERP) software. The investigation focuses on the market for…
Malvertising and SEO Poisoning Deliver Fake Microsoft Teams Installers that Install Oyster Backdoor Summary of the campaign Security researchers have observed attackers using search engine optimization (SEO) poisoning and paid search advertisements to surface malicious pages that present fake Microsoft Teams installers to Windows users. When downloaded and executed, these installers deploy the Oyster backdoor,…
China-linked PlugX Variant and Bookworm Campaign Target Asian Telecoms and ASEAN Networks Summary of the campaign Security reporting highlights an ongoing campaign that is distributing a new variant of the PlugX backdoor (also known as Korplug or SOGU) while targeting telecommunications and manufacturing organizations across Central and South Asia, with impacts reported in ASEAN networks.…
Microsoft Tests AI Auto-Categorization for Photos on Windows 11 Overview Microsoft has begun testing a new AI-powered capability in the Microsoft Photos app that automatically organizes photos on Windows 11 devices. The feature, currently in testing, is intended to categorize images to make search and browsing faster and more intuitive. Microsoft’s announcement signals another major…
Trump Signs Order Approving US Investors to Restructure TikTok Operations over National Security Concerns Overview of the executive order U.S. President Donald Trump has signed an executive order approving a plan to restructure TikTok operations in the country to address national security concerns. The measure authorizes a change in the ownership and operational control of…
Critical Cisco ASA/FTD VPN Zero-Day Exploited in the Wild; CISA Issues Emergency Mitigation Summary of the incident Cisco has alerted customers to two security flaws affecting the VPN web server component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software, noting active exploitation in the wild. One…
Salesforce Patches Critical “ForcedLeak” Flaw in Agentforce That Could Expose CRM Data via Indirect Prompt Injection What happened Cybersecurity researchers at Noma Security disclosed a critical vulnerability in Salesforce Agentforce — the vendor’s platform for building AI-driven agents — that could allow attackers to exfiltrate sensitive information from a connected Salesforce CRM instance by leveraging…
Recorded Future Names Chinese State-Sponsored Cluster “RedNovember” Using Pantegana and Cobalt Strike Background and context Security firm Recorded Future, which had been tracking an activity cluster under the tracking name TAG-100, has reclassified the cluster as a Chinese state-sponsored threat actor and given it the name RedNovember. The activity has been observed targeting government and…