Security researchers have disclosed a critical zero-day vulnerability in CrushFTP, a popular file transfer server solution, that allows attackers to execute arbitrary commands on affected systems without authentication. The vulnerability, tracked as CVE-2025-54309, has been assigned a maximum CVSS score of…
Category: EN
CISA and FBI Shared Tactics, Techniques, and Procedures of Scattered Spider Hacker Group
The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have released an updated joint cybersecurity advisory detailing the sophisticated tactics employed by the Scattered Spider cybercriminal group, also known as UNC3944, Oktapus, and Storm-0875. This threat…
Free Decryptor Released for AI-Assisted FunkSec Ransomware
Cybersecurity researchers have successfully developed and released a free decryption tool for the FunkSec ransomware, a malicious strain that leveraged artificial intelligence capabilities to enhance its operations. The ransomware campaign, which targeted 113 victims between December 2024 and March 2025,…
New JSCEAL Attack Targeting Crypto App Users To Steal Credentials and Wallets
A sophisticated new malware campaign targeting cryptocurrency application users has emerged, leveraging compiled JavaScript files and Node.js to steal digital wallets and credentials with unprecedented stealth. The campaign, dubbed JSCEAL, represents a significant evolution in cybercriminal tactics, utilizing advanced evasion…
New AI model offers faster, greener way for vulnerability detection
A team of researchers has developed a new AI model, called White-Basilisk, that detects software vulnerabilities more efficiently than much larger systems. The model’s release comes at a time when developers and security teams face mounting pressure to secure complex…
Palo Alto Networks to acquire CyberArk in $25 billion deal
Palo Alto Networks and CyberArk announced that they have entered into a definitive agreement under which Palo Alto Networks will acquire CyberArk. Under the terms of the agreement, CyberArk shareholders will receive $45.00 in cash and 2.2005 shares of Palo…
AI is changing the vCISO game
Virtual CISO (vCISO) services have moved from niche to mainstream, with vCISO services adoption 2025 data showing a more than threefold increase in just one year. According to Cynomi’s 2025 State of the Virtual CISO report, 67% of MSPs and…
Hackers Allegedly Breach Nokia’s Internal Network
A cybercriminal group has allegedly infiltrated Nokia’s internal network through a vulnerable third-party contractor, potentially exposing sensitive information belonging to more than 94,500 employees in what security experts are calling one of the most extensive corporate data breaches affecting the…
Palo Alto Networks Announces $25 Billion Acquisition of CyberArk
Cybersecurity giant Palo Alto Networks announced a landmark $25 billion acquisition of identity security leader CyberArk on July 30, 2025, marking the company’s formal entry into the rapidly growing Identity Security market. The strategic combination represents a significant premium and…
Hackers Exploit Facebook Ads To Distribute Advanced Malware
A new cyberattack campaign is actively leveraging Facebook advertisements to spread malicious cryptocurrency trading applications, ultimately deploying the… The post Hackers Exploit Facebook Ads To Distribute Advanced Malware appeared first on Hackers Online Club. This article has been indexed from…
Qilin Ransomware Gain Traction Following Legal Assistance Option for Ransomware Affiliates
The cybersecurity landscape witnessed a concerning evolution in June 2025 when the Qilin ransomware gang announced a groundbreaking addition to their criminal enterprise: on-demand legal assistance for their affiliates. This announcement, made on a Russian-speaking darknet forum, represents a sophisticated…
AI Vibe Coding Platform Hacked – Logic Flaw Exposes Private App Access
A severe authentication bypass vulnerability in Base44, a popular AI-powered vibe coding platform recently acquired by Wix, could have allowed attackers unauthorized access to private enterprise applications and sensitive corporate data. The vulnerability, which was patched within 24 hours of…
Secrets are leaking everywhere, and bots are to blame
Secrets like API keys, tokens, and credentials are scattered across messaging apps, spreadsheets, CI/CD logs, and even support tickets. According to Entro Security’s NHI & Secrets Risk Report H1 2025, non-human identities (NHIs), including bots, service accounts, and automation tools,…
Why rural hospitals are losing the cybersecurity battle
Cyber threats are becoming more frequent and sophisticated, and rural hospitals and clinics are feeling the pressure from all sides: tight budgets, small teams, limited training, complex technology, and vendors that do not always offer much help. Often, they are…
0bj3ctivityStealer’s Execution Chain Unveiled With It’s New Capabilities and Exfiltration Techniques
The cybersecurity landscape continues to witness the emergence of sophisticated information-stealing malware, with 0bj3ctivityStealer representing one of the most recent and concerning additions to this threat ecosystem. Initially discovered by HP Wolf Security experts earlier this year, this advanced stealer…
BulletProof Hosting Provider Qwins Ltd Fueling Global Malware Campaigns
A sophisticated bulletproof hosting operation has emerged as a critical enabler of global malware campaigns, with cybersecurity researchers uncovering extensive evidence linking UK-registered company Qwins Ltd to widespread cybercriminal activities. The company, operating under Autonomous System Number (ASN) 213702, has…
Lethal Cambodia-Thailand border clash linked to cyber-scam slave camps
Infosec issues spill into the real world and regional politics Analysis Thai and Cambodian tensions relating to issues including cybersecurity concerns boiled over into a kinetic skirmish at the border last week.… This article has been indexed from The Register…
Budget-Friendly Secrets Management Solutions
Are you seeking a budget-friendly secrets management solution? The proper management of Non-Human Identities (NHIs) and associated secrets is not only critical but can also be cost-effective. Understanding Non-Human Identities and Secrets NHIs are machine identities used in cybersecurity. These…
Improving Cyber Defense with NHIs
Is Your Cyber Defense Strategy Fully Optimized? Consider this: are you leveraging every resource to shore up your cyber defense? The challenge lies not only in the sophistication of cyber threats but also in the oblique corners of our systems,…
ISC Stormcast For Thursday, July 31st, 2025 https://isc.sans.edu/podcastdetail/9550, (Thu, Jul 31st)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, July 31st, 2025…