TA558 Deploys Venom RAT Using AI-Generated Scripts Against Hotels in Brazil and Spanish-Speaking Markets Overview Russian security vendor Kaspersky has attributed a fresh campaign to the threat actor tracked as TA558 that delivered multiple remote access trojans (RATs), including Venom RAT, to breach hotels in Brazil and other Spanish-speaking markets. Kaspersky observed the activity in…
Microsoft and Cloudflare Disrupt RaccoonO365 Phishing-as-a-Service That Stole Thousands of Microsoft 365 Credentials Incident summary Microsoft and Cloudflare have jointly disrupted a large-scale Phishing-as-a-Service (PhaaS) operation known as RaccoonO365. According to reporting, the service enabled cybercriminals to run tailored Microsoft 365 credential-harvesting campaigns and helped steal thousands of Microsoft 365 credentials. The action targeted the…
BreachForums Admin Conor Fitzpatrick Resentenced to Three Years Following Appeals Court Reversal Summary of the ruling On September 16, 2025, Conor Brian Fitzpatrick, a 22-year-old identified as the administrator of the BreachForums hacking forum, was resentenced to three years in prison after a federal appeals court overturned his prior sentence of time served and 20…
Chaos Mesh GraphQL Flaws Could Enable RCE and Full Kubernetes Cluster Takeover Disclosure summary Cybersecurity researchers have disclosed multiple critical vulnerabilities in Chaos Mesh — an open‑source chaos engineering platform for Kubernetes — that, if exploited, could allow remote code execution (RCE) and full takeover of Kubernetes clusters. The published advisory indicates attackers require only…
OpenAI Rolls Out GPT-5 Codex Across Codex Terminal, IDE Extension, and Web What OpenAI announced OpenAI is rolling out the GPT-5 Codex model to all Codex instances, including Terminal, the IDE extension, and Codex Web (codex.chatgpt.com). The move places OpenAI’s latest code-specialized model directly into the workflows used by developers and teams, and positions it…
Mustang Panda Uses SnakeDisk USB Worm to Deliver Yokai Backdoor to Thailand-Based Targets Summary of the discovery IBM X-Force researchers Golo Mühr and Joshua Chung reported that the China-aligned threat actor known as Mustang Panda has deployed an updated TONESHELL backdoor alongside a previously undocumented USB worm called SnakeDisk. According to the analysis, the worm…
Browser-Based Attacks: What Security Teams Need to Prepare For Now What is a browser-based attack — and why it matters Attacks that target users in their web browsers have seen an unprecedented rise in recent years. A browser-based attack leverages the browser — and the rich, interactive content it renders — as the primary attack…
FBI Alert: UNC6040 and UNC6395 Target Salesforce Orgs for Data Theft and Extortion What the FBI alert says The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations’ Salesforce environments to steal data and extort victims. The FBI has issued a FLASH alert warning that…
FBI: UNC6040 and UNC6395 Target Salesforce Instances to Steal Data and Extort Victims Summary of the FBI FLASH alert The FBI has issued a FLASH warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations’ Salesforce environments to steal data and extort victims. The advisory raises immediate concern for enterprises that rely…
HybridPetya Ransomware Can Circumvent UEFI Secure Boot to Modify EFI System Partition Overview A recently reported ransomware strain known as HybridPetya is capable of bypassing the UEFI Secure Boot mechanism to place a malicious application on the EFI System Partition (ESP). The ability to write to the ESP and persist at or before the operating…