In mid-2025, a new surge of targeted intrusions, attributed to the threat group known variously as Scattered Spider, Octo Tempest, UNC3944, Muddled Libra, and 0ktapus, began impacting multiple industries. Initially identified by unusual SMS-based phishing campaigns leveraging adversary-in-the-middle (AiTM) domains,…
Tag: EN
Google Sues Operators of 10-Million-Device Badbox 2.0 Botnet
Google has filed a lawsuit against the Badbox 2.0 botnet operators, after identifying over 10 million infected Android devices. The post Google Sues Operators of 10-Million-Device Badbox 2.0 Botnet appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
CitrixBleed 2: 100 Organizations Hacked, Thousands of Instances Still Vulnerable
The CitrixBleed 2 vulnerability in NetScaler may expose organizations to compromise even if patches have been applied. The post CitrixBleed 2: 100 Organizations Hacked, Thousands of Instances Still Vulnerable appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Fraud: A Growth Industry Powered by Gen-AI
With generative AI enabling fraud-as-a-service at scale, legacy defenses are crumbling. The next wave of cybercrime is faster, smarter, and terrifyingly synthetic. The post Fraud: A Growth Industry Powered by Gen-AI appeared first on SecurityWeek. This article has been indexed…
1.4 Million Affected by Data Breach at Virginia Radiology Practice
Radiology Associates of Richmond has disclosed a data breach impacting protected health and personal information. The post 1.4 Million Affected by Data Breach at Virginia Radiology Practice appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Fortinet FortiWeb Flaw Exploited in the Wild After PoC Publication
Dozens of FortiWeb instances have been hacked after PoC targeting a recent critical vulnerability was shared publicly. The post Fortinet FortiWeb Flaw Exploited in the Wild After PoC Publication appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Critical MCP Vulnerabilities are Slipping Through the Cracks
We must pay attention to what holds everything together – the glue. That’s where the real MCP vulnerabilities are hiding. The post Critical MCP Vulnerabilities are Slipping Through the Cracks appeared first on Security Boulevard. This article has been indexed…
Cambodia Arrests More Than 1,000 in Cyberscam Crackdown
Cambodian police and military arrested more than 1,000 people in a crackdown on cyberscam operations that have proliferated in recent years in Southeast Asia and now are spreading globally, ensnaring hundreds of thousands of people in human trafficking schemes who…
From Backup to Cyber Resilience: Why IT Leaders Must Rethink Backup in the Age of Ransomware
With IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing up data to maintaining operations during an incident. One of the key drivers behind this shift is the growing threat of ransomware, which continues to…
Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services
Cybersecurity researchers have disclosed a critical container escape vulnerability in the NVIDIA Container Toolkit that could pose a severe threat to managed AI cloud services. The vulnerability, tracked as CVE-2025-23266, carries a CVSS score of 9.0 out of 10.0. It…
Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices
Google on Thursday revealed it’s pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX 2.0 botnet and residential proxy infrastructure. “The BADBOX 2.0 botnet compromised over 10 million uncertified…
New “LameHug” Malware Deploys AI-Generated Commands
Ukraine’s CERT-UA has identified a new AI-powered malware, dubbed “LameHug,” which executes commands on compromised Windows systems in cyber-attacks, targeting the nation’s security and defense sector This article has been indexed from www.infosecurity-magazine.com Read the original article: New “LameHug” Malware…
Russian Vodka Maker Beluga Struck by Ransomware Attack
Novabev Group, the parent company of premium vodka brand Beluga, has confirmed it was hit by a sophisticated ransomware attack on July 14, 2025, temporarily disrupting operations and affecting IT infrastructure across the company and its WineLab subsidiary. The Russian…
Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025
VMware patched flaws disclosed during the Pwn2Own Berlin 2025 hacking contest, where researchers earned $340,000 for exploiting them. Broadcom four vulnerabilities in VMware products demonstrated at Pwn2Own Berlin 2025. White hat hackers earned over $340,000 for VMware exploits, including $150,000…
Retail Becomes New Target as Healthcare Ransomware Attacks Slow
Comparitech found that healthcare ransomware attacks rose 4% in H1 2025, a significantly lower rate than the cross-sector average of 50% This article has been indexed from www.infosecurity-magazine.com Read the original article: Retail Becomes New Target as Healthcare Ransomware Attacks…
AI-Generated Lcryx Ransomware Discovered in Cryptomining Botnet
A cryptomining botnet active since 2019 has incorporated likely AI-generated Lcryx ransomware into its operations This article has been indexed from www.infosecurity-magazine.com Read the original article: AI-Generated Lcryx Ransomware Discovered in Cryptomining Botnet
Veeam Phishing via Wav File, (Fri, Jul 18th)
A interesting phishing attempt was reported by a contact. It started with a simple email that looked like a voice mail notification like many VoIP systems deliver when the call is missed. There was a WAV file attached to the…
10 Best XDR (Extended Detection & Response) Solutions 2025
In 2025, the cybersecurity landscape is more fragmented and perilous than ever before. Organizations face an explosion of data sources, an increasing attack surface spanning endpoints, networks, cloud environments, and identities, and a relentless onslaught of sophisticated, multi-stage attacks. Traditional…
CISA Publishes 13 ICS Security Advisories on Critical Flaws
The Cybersecurity and Infrastructure Security Agency (CISA) released thirteen Industrial Control Systems (ICS) security advisories on July 17, 2025, highlighting critical vulnerabilities that could compromise essential infrastructure operations. This coordinated disclosure represents one of the most significant advisory releases of…
‘Daemon Ex Plist’ Vulnerability Grants Root Access on macOS
A newly disclosed vulnerability dubbed “Daemon Ex Plist” allows attackers to escalate privileges from standard user to root access on macOS systems, exploiting a timing flaw in how the operating system handles daemon configuration files. Security researcher Egor Filatov published details of…