The notorious Russian cyberespionage group Fancy Bear, also known as APT28, has intensified its operations against governments and military entities worldwide using an arsenal of sophisticated new tools and techniques. Active since 2007, this state-sponsored threat actor has established itself…
Tag: Cyber Security News
Microsoft Defender for Office 365 Launches New Dashboard for Enhanced Threat Vector Insights
Microsoft today announced the rollout of a revamped customer dashboard in Microsoft Defender for Office 365, designed to deliver unprecedented insights across a broad spectrum of attack vectors. The new interface gives security teams real-time visibility into threats blocked before…
Threat Actors Weaponizing GitHub Accounts To Host Payloads, Tools and Amadey Malware Plug-Ins
A sophisticated Malware-as-a-Service operation has emerged that exploits the trusted GitHub platform to distribute malicious payloads, representing a significant evolution in cybercriminal tactics. The operation leverages fake GitHub accounts to host an arsenal of malware tools, plugins, and payloads, capitalizing…
Ubiquiti UniFi Devices Vulnerability Allows Attackers to Inject Malicious Commands
A critical security vulnerability affecting multiple Ubiquiti UniFi Access devices could allow attackers to execute malicious commands remotely. The vulnerability, tracked as CVE-2025-27212, stems from improper input validation and has been assigned a maximum CVSS v3.0 base score of 9.8,…
Sophos Intercept X for Windows Vulnerabilities Enable Arbitrary Code Execution
Three critical vulnerabilities in the Sophos Intercept X for Windows product family could allow local attackers to achieve arbitrary code execution with system-level privileges. Identified as CVE-2024-13972, CVE-2025-7433, and CVE-2025-7472, the flaws span registry permission misconfigurations, a weakness in the…
Threat Actors Exploiting Ivanti Connect Secure Vulnerabilities to Deploy Cobalt Strike Beacon
A sophisticated malware campaign targeting Ivanti Connect Secure VPN devices has been actively exploiting critical vulnerabilities CVE-2025-0282 and CVE-2025-22457 since December 2024. The ongoing attacks demonstrate advanced persistent threat techniques, deploying multiple malware families including MDifyLoader, Cobalt Strike Beacon, vshell,…
Hackers are Using ClickFix Techniques to Deliver NetSupport RAT, Latrodectus and Lumma Stealer Malware
Emerging in late 2024 and surging throughout the first half of 2025, ClickFix has become a pervasive social-engineering vector in which threat actors trick users into executing malicious commands under the guise of “quick fixes” for common computer issues. Rather…
New WAFFLED Attack Exploits AWS, Azure, Cloud Armor, Cloudflare, and ModSecurity WAFs
WAFFLED is a recently disclosed technique that evades leading Web Application Firewalls (WAFs) by targeting subtle parsing inconsistencies rather than tampering with the malicious payload itself. By mutating innocuous elements such as boundary delimiters in multipart/form-data, character sets in application/json,…
Signal App Clone TeleMessage Vulnerability May Leak Passwords; Hackers Exploiting It
A critical security vulnerability in TeleMessageTM SGNL, an enterprise messaging system modeled after Signal, has been actively exploited by cybercriminals seeking to extract sensitive user credentials and personal data. The flaw, designated CVE-2025-48927, affects government agencies and enterprises using this…
CISA Releases 3 ICS Advisories Covering Vulnerabilities and Exploits
CISA issued three significant Industrial Control Systems (ICS) advisories on July 17, 2025, addressing critical vulnerabilities affecting energy monitoring, healthcare imaging, and access control systems. These advisories highlight severe security flaws with CVSS v4 scores ranging from 8.5 to 8.7,…
Microsoft Details Scattered Spider TTPs Observed in Recent Attack Chains
In mid-2025, a new surge of targeted intrusions, attributed to the threat group known variously as Scattered Spider, Octo Tempest, UNC3944, Muddled Libra, and 0ktapus, began impacting multiple industries. Initially identified by unusual SMS-based phishing campaigns leveraging adversary-in-the-middle (AiTM) domains,…
Microsoft Entra ID Vulnerability Let Attackers Escalate Privileges to Global Admin Role
A critical vulnerability in Microsoft Entra ID allows attackers to escalate privileges to the Global Administrator role through the exploitation of first-party applications. The vulnerability, reported to Microsoft Security Response Center (MSRC) in January 2025, affects organizations using hybrid Active…
Chinese State-Sponsored Hackers Attacking Semiconductor Industry with Weaponized Cobalt Strike
A sophisticated Chinese state-sponsored cyber espionage campaign has emerged targeting Taiwan’s critical semiconductor industry, employing weaponized Cobalt Strike beacons and advanced social engineering tactics. Between March and June 2025, multiple threat actors launched coordinated attacks against semiconductor manufacturing, design, and…
Ukraine Hackers Claimed Cyberattack on Major Russian Drone Supplier
Last week, Ukraine’s Main Intelligence Directorate (GUR) orchestrated a sophisticated cyberattack against Gaskar Integration, a leading Russian drone manufacturer. The operation began with reconnaissance of the company’s public-facing infrastructure, where threat actors identified vulnerable remote desktop services and outdated VPN…
Researchers Uncover on How Hacktivist Groups Gaining Attention and Selecting Targets
The global hacktivist landscape has undergone a dramatic transformation since 2022, evolving from primarily ideologically motivated actors into a complex ecosystem where attention-seeking behavior and monetization strategies drive operational decisions. This shift has fundamentally altered how these groups select targets…
4M+ Internet-Exposed Systems at Risk From Tunneling Protocol Vulnerabilities
Researchers have uncovered critical security vulnerabilities affecting millions of computer servers and routers worldwide, stemming from the insecure implementation of fundamental internet tunneling protocols. The flaws could allow attackers to bypass security controls, spoof their identity, access private networks, and…
Hackers Exploiting DNS Blind Spots to Hide and Deliver Malware
A sophisticated new attack vector where malicious actors are hiding malware inside DNS records, exploiting a critical blind spot in most organizations’ security infrastructure. This technique transforms the Internet’s Domain Name System into an unconventional file storage system, allowing attackers…
H2Miner Attacking Linux, Windows, and Containers to Mine Monero
The H2Miner botnet, first observed in late 2019, has resurfaced with an expanded arsenal that blurs the line between cryptojacking and ransomware. The latest campaign leverages inexpensive virtual private servers (VPS) and a grab-bag of commodity malware to compromise Linux…
Iranian Threat Actors Leveraging AI-Crafted Emails to Target Cybersecurity Researchers and Academics
Iranian state-sponsored threat actors have significantly escalated their cyber operations, employing sophisticated artificial intelligence-enhanced phishing campaigns to target cybersecurity researchers and academic institutions across Western nations. The campaign, primarily attributed to APT35 (also known as Charming Kitten and Magic Hound),…
UK Retailer Co-op Confirms 6.5 Million Members’ Data Stolen in Massive Cyberattacks
Co-op has confirmed that all 6.5 million members of the UK retail cooperative had their personal data compromised during a sophisticated cyberattack in April. The breach, which affected names, addresses, and contact information, represents one of the largest data exfiltrations…