Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

The Qilin ransomware gang has introduced a “Call Lawyer” feature for its affiliates, announced on a Russian-speaking darknet forum. This Ransomware-as-a-Service (RaaS) enhancement provides on-demand legal assistance during extortion negotiations, leveraging the perceived authority of legal counsel to amplify pressure…

Read more →

Cyble Research and Intelligence Labs (CRIL) has uncovered a sophisticated Android banking trojan dubbed RedHook, which disguises itself as legitimate applications from Vietnamese government and financial institutions to deceive users. This malware, first observed in the wild around January 2025,…

Read more →

The ToxicPanda Android banking trojan has emerged as a significant threat, compromising over 4,500 devices primarily in Portugal and Spain as of early 2025, with a focus on stealing banking credentials, overlaying PIN and pattern codes, and enabling unauthorized transactions.…

Read more →

In the ever-evolving infostealer landscape, 0bj3ctivityStealer emerges as a formidable threat, blending advanced obfuscation with targeted data exfiltration. Discovered earlier this year by HP Wolf Security researchers, this .NET-based malware has been observed in proactive threat hunting by the Trellix…

Read more →

Security researchers may have discovered a reliable hosting company run by Qwins Ltd. that supports a broad range of international malware operations in a recent analysis resulting from standard follow-up on Lumma infostealer infections. Lumma, consistently ranking among the top…

Read more →

Netskope Threat Labs has uncovered a new iteration of the XWorm malware, version 6.0, which demonstrates ongoing development by threat actors and introduces sophisticated enhancements aimed at evading detection and maintaining persistence on Windows systems. This variant builds upon previously…

Read more →

The North Korean state-sponsored advanced persistent threat (APT) known as TraderTraitor, a subgroup of the notorious Lazarus Group, has emerged as a formidable actor specializing in digital asset heists. Tracked under aliases such as UNC4899, Jade Sleet, TA444, and Slow…

Read more →

Lumma, a sophisticated C++-based information stealer, has surged in prevalence over recent years, posing significant risks to both individuals and organizations by exfiltrating sensitive data such as browser credentials, cryptocurrency wallets, and personal files. Developed since December 2022 and distributed…

Read more →

Palo Alto, California, July 29th, 2025, CyberNewsWire Despite the expanding use of browser extensions, the majority of enterprises and individuals still rely on labels such as “Verified” and “Chrome Featured” provided by extension stores as a security indicator. The recent…

Read more →

A critical security vulnerability in CodeIgniter4’s ImageMagick handler has been discovered that could allow attackers to execute arbitrary commands on affected web applications through malicious file uploads. The vulnerability, tracked as CVE-2025-54418, has been assigned a maximum CVSS score of…

Read more →

Security researchers at Tracebit have discovered a critical vulnerability in Google’s Gemini CLI that enables attackers to silently execute malicious commands on developers’ systems through a sophisticated combination of prompt injection, improper validation, and misleading user interface design. The vulnerability,…

Read more →

Python developers are being warned about a sophisticated phishing campaign targeting users of the Python Package Index (PyPI) through fraudulent emails and a deceptive clone of the official repository website. While PyPI’s infrastructure remains secure, attackers are exploiting developer trust…

Read more →

Apple has unveiled a groundbreaking containerization feature that enables seamless integration of Kali Linux on macOS systems, marking a significant advancement in cross-platform development capabilities. Announced during WWDC 2025, this innovative technology brings Linux containerization directly to Apple’s ecosystem, offering…

Read more →

Security researchers have disclosed technical details of three previously patched vulnerabilities affecting SonicWall’s SMA100 series SSL-VPN appliances, highlighting concerning pre-authentication security flaws that could have enabled remote code execution and cross-site scripting attacks. The vulnerabilities, all confirmed against firmware version…

Read more →

Microsoft Teams is rolling out a new meeting join banner designed to streamline the meeting experience for users who have committed to attending scheduled sessions. The feature, which launched in mid-July 2025, represents the company’s continued effort to enhance productivity…

Read more →

Linux creator Linus Torvalds announced the release of Linux kernel version 6.16 on July 27, 2025, marking the end of what he described as a “nice and calm” development cycle. The latest stable release brings numerous performance improvements, networking enhancements,…

Read more →

Outpost24’s threat intelligence researchers have uncovered the operations of Lionishackers, a financially motivated cyber threat actor specializing in the exfiltration and illicit sale of corporate databases. This group employs an opportunistic approach to target selection, with a notable preference for…

Read more →

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that enables attackers to bypass Apple’s Transparency, Consent, and Control (TCC) framework, potentially exposing sensitive user data including files protected by privacy controls and information cached by Apple Intelligence. Vulnerability Overview…

Read more →

Security researchers have examined a complex online shell script called UpdateChecker.aspx that was installed on compromised Internet Information Services (IIS) servers in response to a notable increase in cyberthreats directed at Microsoft Windows installations. This analysis stems from a follow-up…

Read more →

Cybersecurity experts have pointed to an increase in sophisticated threat actor activity following the July 27 2025 Belgian Grand Prix at Spa-Francorchamps, which takes advantage of the event’s worldwide attraction. Formula 1’s reliance on advanced telemetry systems, which process real-time…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical PaperCut vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of active exploitation attempts targeting the widely-used print management software. The vulnerability, tracked as CVE-2023-2533, represents a significant…

Read more →

GitHub experienced a significant global outage on July 28-29, 2025, disrupting core services used by millions of developers worldwide. The incident, which lasted approximately eight hours, affected API requests, Issues, and Pull Requests functionality before being fully resolved early Tuesday…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding severe vulnerabilities in Cisco’s Identity Services Engine (ISE) that are being actively exploited by threat actors. The agency added two critical injection vulnerabilities to its Known…

Read more →

Security researchers have published a detailed proof-of-concept exploit for a critical vulnerability in Cisco Identity Services Engine (ISE) that allows attackers to achieve remote code execution without authentication. The flaw, tracked as CVE-2025-20281, affects the widely-deployed network access control platform…

Read more →

The advanced persistent threat group UNC3886 has escalated its sophisticated cyber espionage campaign by exploiting multiple zero-day vulnerabilities across critical infrastructure platforms, including VMware vCenter, ESXi hypervisors, and Fortinet FortiOS systems. This revelation comes as Singapore’s Coordinating Minister for National…

Read more →

Russia’s flagship carrier Aeroflot is reeling from a devastating cyberattack that pro-Ukraine hacking groups claim wiped approximately 7,000 servers and stole over 20 terabytes of sensitive data during a year-long clandestine operation. The airline was forced to cancel dozens of…

Read more →

ArmouryLoader and other malicious code loaders have become essential tools for introducing Trojan-type payloads into hacked systems in the ever-changing world of cyberattacks. First identified in 2024, ArmouryLoader exploits the ASUS Armoury Crate software by hijacking its export functions, such…

Read more →

Security researchers from Kaspersky have detailed a sophisticated exploit chain dubbed “ToolShell,” actively targeting on-premise Microsoft SharePoint servers worldwide. The campaign, which began widespread exploitation leverages an unauthenticated remote code execution (RCE) chain involving CVE-2025-49704 and CVE-2025-49706, enabling attackers to…

Read more →

Threat actors have been using trojanized versions of well-known IT tools like PuTTY and WinSCP to spread the Oyster backdoor, also known as Broomstick or CleanupLoader, in a sophisticated malvertising and SEO poisoning campaign that Arctic Wolf researchers first noticed…

Read more →

China’s Cyberspace Administration, Ministry of Public Security, and Ministry of Industry and Information Technology introduced the Regulations on the Management of Network Product Security Vulnerabilities (RMSV) in July 2021, mandating that software vulnerabilities exploitable flaws in code be reported to…

Read more →

Singapore’s critical infrastructure sectors, including energy, water, telecommunications, finance, and government services, are facing an active cyberattack from UNC3886, a sophisticated China-linked advanced persistent threat (APT) group renowned for leveraging zero-day exploits and custom malware. First identified by Mandiant in…

Read more →

Raven Stealer has emerged as sophisticated, lightweight information-stealing malware crafted in Delphi and C++, targeting Windows systems with a focus on extracting sensitive data like logins, payment details, and autofill information from Chromium-based browsers such as Chrome and Edge. First…

Read more →

In 2025, the demand for sophisticated ethical hacking services has intensified, driven by the rapid evolution of digital infrastructure and increasingly cunning cyber adversaries. Organizations are moving beyond periodic checks towards continuous security validation, seeking partners who offer deep technical…

Read more →

The popular npm package ‘is’, which has about 2.8 million weekly downloads, has been taken over by threat actors in a sophisticated escalation of a phishing effort that was first disclosed last Friday. The attack began with emails spoofing npm’s…

Read more →

Cybersecurity researchers have successfully deployed artificial intelligence-powered honeypots to trick cybercriminals into revealing their attack strategies, demonstrating a promising new approach to threat intelligence gathering. The innovative technique uses large language models (LLMs) to create convincing fake systems that lure…

Read more →

Malware-as-a-service (MaaS) platforms like PhantomOS and Nebula are democratizing Android device attacks because they provide pre-built, subscription-based malware kits for as little as $300 per month, marking a fundamental shift in the cybercrime scene. These services eliminate the need for…

Read more →

The Atomic macOS Stealer (AMOS), a notorious infostealer malware targeting Apple’s macOS ecosystem, has undergone a significant upgrade by incorporating a sophisticated backdoor mechanism that facilitates persistent access and remote command execution on infected systems. This enhancement, detailed in a…

Read more →

Palo Alto Networks’ Unit 42, the cybercrime group tracked as Muddled Libra also known as Scattered Spider or UNC3944 has demonstrated remarkable resilience and adaptation in 2025, following international law enforcement disruptions in late 2024. Despite federal charges against five…

Read more →

Dutch intelligence agencies AIVD and MIVD, alongside Microsoft Threat Intelligence, have identified Laundry Bear also tracked as Void Blizzard as a sophisticated Russian state-sponsored advanced persistent threat (APT) group active since at least April 2024. This actor has focused on…

Read more →

Tea, a women-only dating safety app that allows users to review and share information about men they’ve dated anonymously, has suffered a significant data breach that exposed approximately 72,000 user images, including 13,000 sensitive selfies and photo identification documents submitted…

Read more →

Cybercriminals have reportedly claimed a successful breach of Airpay, an Indian payment gateway service, raising serious concerns about the security of financial data and customer information. The allegations surfaced on underground forums where threat actors are allegedly offering access to…

Read more →

A critical security vulnerability has been discovered in the popular Post SMTP plugin for WordPress, potentially exposing over 400,000 websites to account takeover attacks. The vulnerability, tracked as CVE-2025-24000, affects versions 3.2.0 and below of the plugin, allowing even low-privileged…

Read more →

Unidentified hackers have successfully compromised a critical intelligence website operated by the National Reconnaissance Office, marking a significant security breach affecting the CIA and multiple government agencies. The attack targeted the Acquisition Research Center website, which serves as a crucial…

Read more →

A significant data breach has exposed sensitive information about users of Leakzone, a prominent dark web forum known for trading hacking tools and compromised accounts. Security firm UpGuard discovered an unprotected Elasticsearch database containing approximately 22 million web request records,…

Read more →

A sophisticated new information stealer named SHUYAL was recently discovered by Hybrid Analysis. It has demonstrated extensive capabilities in credential extraction from 19 different web browsers, including popular ones like Google Chrome, Microsoft Edge, Opera, Brave, and Yandex, as well…

Read more →

A critical security vulnerability has been discovered in LG Innotek’s LNV5110R CCTV camera model that could allow remote attackers to gain complete administrative control over affected devices. The vulnerability, designated as CVE-2025-7742, represents a significant authentication bypass flaw that poses…

Read more →

FortiGuard Labs has identified a critical new exploit chain dubbed “ToolShell” that is actively being used by multiple threat actors to target on-premises Microsoft SharePoint servers. This sophisticated attack combines two previously patched vulnerabilities with two fresh zero-day variants to…

Read more →

Salesforce has disclosed a series of critical security vulnerabilities in its Tableau Server platform that could allow attackers to execute remote code and gain unauthorized access to production databases. The vulnerabilities, announced on June 26, 2025, affect multiple versions of…

Read more →

Salesforce has disclosed a series of critical security vulnerabilities in its Tableau Server platform that could allow attackers to execute remote code and gain unauthorized access to production databases. The vulnerabilities, announced on June 26, 2025, affect multiple versions of…

Read more →

Gaming peripheral manufacturer Endgame Gear has disclosed a security incident involving malware-infected software distributed through their official website, affecting users who downloaded the OP1w 4k v2 mouse configuration tool between June 26 and July 9, 2025. The company has issued…

Read more →

Chinese laws requiring vulnerability disclosure to the government create transparency issues and potential conflicts for international cybersecurity efforts. Microsoft is probing whether a leak from its confidential early warning system enabled Chinese state-sponsored hackers to exploit significant flaws in its…

Read more →

Christina Marie Chapman, a 50-year-old Arizona woman, has been sentenced to 102 months in prison for her role in an elaborate fraud scheme that helped North Korean IT workers pose as U.S. citizens to obtain remote positions at over 300…

Read more →

Wiz Research has uncovered an active cryptomining campaign, dubbed Soco404, that exploits misconfigurations in PostgreSQL databases and other cloud services to deploy platform-specific malware on both Linux and Windows systems. This operation, part of a broader crypto-scam infrastructure, leverages opportunistic…

Read more →

AhnLab’s Threat Intelligence Platform (TIP) has been instrumental in monitoring ransomware activities across dark web forums and marketplaces. Through its Live View > Dark Web Watch feature, security teams can track active groups, their collaborations, and emerging attack vectors, allowing…

Read more →

CloudSEK’s TRIAD team uncovered an active development site deploying Clickfix-themed malware linked to the Epsilon Red ransomware. This variant deviates from traditional clipboard-based command injection tactics by directing victims to a secondary page on the same domain, where malicious shell…

Read more →

Cybersecurity firm Sygnia has been tracking and mitigating a sophisticated espionage operation dubbed Fire Ant, which zeroes in on virtualization and networking infrastructure, particularly VMware ESXi hypervisors and vCenter management servers, alongside network appliances. The threat actors behind Fire Ant…

Read more →

Cybercriminals are increasingly using Google Forms to plan cryptocurrency theft in a sophisticated evolution of phishing assaults, taking advantage of the platform’s built-in credibility and smooth integration with Google’s ecosystem. This tactic allows malicious actors to bypass traditional email security…

Read more →

A malicious Android application has been uncovered, impersonating legitimate Indian banking apps to orchestrate credential theft, surveillance, and unauthorized financial transactions. This malware employs a modular architecture featuring a dropper and a primary payload, leveraging deceptive user interfaces, silent installation…

Read more →

Cybercriminals are using a variety of dishonest tactics in a sophisticated phishing effort aimed at Facebook users in order to obtain login information. The attack begins with a malicious redirect that leads victims to a fraudulent website mimicking legitimate Facebook…

Read more →

The United States government announced coordinated actions across multiple departments today, offering rewards totaling up to $15 million for information leading to the arrests and convictions of North Korean nationals involved in extensive revenue generation schemes targeting American companies and…

Read more →

Cisco Talos’ Vulnerability Discovery & Research team has disclosed five critical security vulnerabilities in Bloomberg’s Comdb2 open-source database that could allow attackers to cause denial-of-service conditions through specially crafted network packets. The vulnerabilities, all affecting version 8.1 of the high-availability…

Read more →

Security researchers have uncovered critical vulnerabilities in VMware Tools’ Guest Authentication Service (VGAuth) that allow attackers to escalate privileges from any user account to full SYSTEM access on Windows virtual machines. The flaws, tracked as CVE-2025-22230 and CVE-2025-22247, affect VMware…

Read more →

Cybersecurity researchers at Nozomi Networks Labs have discovered 13 critical vulnerabilities in Tridium’s widely-used Niagara Framework, potentially exposing sensitive network data across building management, industrial automation, and smart infrastructure systems worldwide. The vulnerabilities, consolidated into 10 distinct CVEs, could allow…

Read more →

The Acronis Threat Research Unit (TRU) has uncovered a sophisticated malware campaign deploying infostealers like Leet Stealer, its modified variant RMC Stealer, and Sniffer Stealer, leveraging social engineering tactics centered on gaming hype. These threats masquerade as indie game installers,…

Read more →

Cybersecurity researchers have uncovered a sophisticated botnet operation exploiting VoIP-enabled routers through default password attacks, with initial activity concentrated in rural New Mexico before expanding globally to compromise approximately 500 devices. The discovery began when GreyNoise Intelligence engineers noticed an…

Read more →

A newly identified loader malware dubbed CastleLoader has emerged as a significant threat since early 2025, rapidly evolving into a distribution platform for various information stealers and remote access trojans (RATs). Leveraging sophisticated phishing tactics under T1566 and drive-by compromise…

Read more →

Chennai, India, July 25th, 2025, CyberNewsWire xonPlus, a real-time digital risk alerting system, officially launches today to help security teams detect credential exposures before attackers exploit them. The platform detects data breaches and alerts teams and systems to respond instantly.…

Read more →

Microsoft has confirmed that a pair of zero-day vulnerabilities in on-premises SharePoint Server, collectively dubbed ToolShell, are under active exploitation by diverse threat actors ranging from opportunistic cybercriminals to sophisticated nation-state advanced persistent threat (APT) groups. ToolShell encompasses CVE-2025-53770, a…

Read more →

Threat analysts at Silent Push announced the discovery of a major infrastructure shift by the bulletproof hosting provider Aeza Group, which was designated and sanctioned by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on July…

Read more →

International law enforcement agencies delivered a significant blow to cybercriminals this week with the successful takedown of critical infrastructure belonging to the BlackSuit ransomware gang. The coordinated operation, dubbed “Operation Checkmate,” has effectively dismantled the group’s primary communication and extortion…

Read more →

A significant security breach has exposed critical vulnerabilities in Amazon’s artificial intelligence infrastructure, with hackers successfully injecting malicious computer-wiping commands into the tech giant’s popular AI coding assistant. The incident represents a concerning escalation in cyber threats targeting AI-powered development…

Read more →

[London, UK ] July 2025 – As digital assets continue to gain mainstream adoption, investors are turning to innovative tools that simplify how they participate in the crypto economy. Quid Miner, a UK-based platform, is leading this shift with a…

Read more →

IBM X-Force researchers have identified ongoing cyber campaigns by Hive0156, a Russian-aligned threat actor, systematically targeting Ukrainian government and military personnel with sophisticated malware attacks. The group, which shows significant operational overlap with CERT-UA’s UAC-0184 actor, has been actively deploying…

Read more →

Artificial intelligence (AI) and machine learning (ML) are enabling hackers to plan extremely complex assaults that surpass conventional defenses in a threat landscape that is changing quickly. According to the Gigamon Hybrid Cloud Security Survey, which polled over 1,000 security…

Read more →

Cybersecurity researchers have observed a significant uptick in phishing campaigns that leverage domains designed to impersonate Microsoft SharePoint, employing highly structured naming conventions to evade detection. These malicious domains, which have proliferated since June 26, 2025, follow predictable patterns, including…

Read more →

Ukraine’s Computer Emergency Response Team (CERT-UA) has publicly reported the emergence of LAMEHUG, marking it as the inaugural malware to embed large language model (LLM) capabilities directly into its attack chain. This campaign targets Ukrainian government officials through phishing emails…

Read more →

Arctic Wolf Labs has uncovered a sophisticated cyber-espionage operation attributed to the Dropping Elephant advanced persistent threat (APT) group, also known as Patchwork or Quilted Tiger, focusing on Turkish defense contractors specializing in precision-guided missile systems. The campaign, which began…

Read more →

The AhnLab Security intelligence Center (ASEC) has identified a sophisticated campaign where threat actors are leveraging Hangul Word Processor (.hwp) documents to disseminate the RokRAT remote access trojan (RAT), marking a departure from traditional methods that relied on shortcut (LNK)…

Read more →

The pro-Russian hacktivist collective NoName057(16) has been documented executing distributed denial-of-service (DDoS) attacks against over 3,700 unique hosts, predominantly targeting government and public-sector entities in European nations aligned against Russia’s invasion of Ukraine. Emerging in March 2022 amid the full-scale…

Read more →

The Google Threat Intelligence Group has uncovered a highly advanced cyber operation orchestrated by the threat actor UNC3944, also linked to aliases such as “0ktapus,” “Octo Tempest,” and “Scattered Spider”. This financially motivated group has intensified its focus on sectors…

Read more →

The cybersecurity landscape is grappling with CVE-2025-5777, informally known as “CitrixBleed 2,” an out-of-bounds memory read vulnerability affecting Citrix NetScaler ADC and Gateway devices. This flaw, echoing the notorious CVE-2023-4966 from 2023, enables unauthenticated attackers to leak sensitive memory contents,…

Read more →

Security researchers have successfully exploited vulnerabilities in Cursor’s Background Agents to gain unauthorized access to an Amazon EC2 instance, demonstrating critical risks associated with SaaS applications that integrate deeply with cloud infrastructure. The researchers immediately disclosed their findings to Cursor’s…

Read more →

Researchers have introduced WhoFi, an AI-powered deep learning pipeline that leverages Wi-Fi Channel State Information (CSI) for person re-identification (Re-ID), achieving a remarkable 95.5% Rank-1 accuracy on the NTU-Fi dataset. Traditional visual Re-ID systems, reliant on convolutional neural networks (CNNs)…

Read more →

Zscaler ThreatLabz, in collaboration with TibCERT, has uncovered two linked attack campaigns dubbed Operation GhostChat and Operation PhantomPrayers, attributed with high confidence to a China-nexus advanced persistent threat (APT) group. These operations targeted the Tibetan community by capitalizing on heightened…

Read more →

Google has unveiled OSS Rebuild, a pioneering project designed to enhance trust in package registries by independently reproducing upstream artifacts. This initiative targets the escalating threat of supply chain attacks on widely-used dependencies across Python’s PyPI, JavaScript/TypeScript’s npm, and Rust’s…

Read more →

TP-Link has disclosed critical security vulnerabilities affecting two of its VIGI Network Video Recorder models, potentially allowing attackers to execute arbitrary commands on the underlying operating system. The vulnerabilities, identified as CVE-2025-7723 and CVE-2025-7724, impact the VIGI NVR1104H-4P V1 and…

Read more →

Security researchers have released a Metasploit exploitation module targeting critical zero-day vulnerabilities in Microsoft SharePoint Server, marking a significant escalation in the threat landscape for enterprise collaboration platforms. The module exploits a chain of unauthenticated remote code execution flaws identified…

Read more →

GitLab has released critical security patches addressing six vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms, with two high-severity cross-site scripting (XSS) flaws requiring immediate attention from self-managed installations. The security update, distributed through versions 18.2.1, 18.1.3,…

Read more →

Amazon Web Services has disclosed a critical security vulnerability in its Client VPN software for Windows that could allow non-administrative users to escalate their privileges to root-level access during the installation process. The vulnerability, tracked as CVE-2025-8069, affects multiple versions…

Read more →

Multiple high-severity security vulnerabilities have been discovered in Weidmueller Industrial Routers, potentially allowing attackers to execute arbitrary code with root privileges on affected devices. The German industrial automation company has released security patches to address five critical flaws affecting its…

Read more →

Cybersecurity vendor SonicWall issued a critical advisory highlighting three serious vulnerabilities affecting its Secure Mobile Access (SMA) 100 series appliances. Impacting SMA 210, SMA 410, and SMA 500v models running firmware version 10.2.1.15-81sv and earlier, the flaws could allow unauthenticated…

Read more →

International law enforcement agencies have dismantled one of the world’s most influential Russian-speaking cybercrime platforms following the arrest of its suspected administrator in a coordinated operation spanning France, Ukraine, and broader European cooperation. The takedown of xss.is represents a significant…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding a severe input validation vulnerability in Google Chromium that is currently being actively exploited by threat actors. The vulnerability, designated as CVE-2025-6558, poses significant risks to millions…

Read more →

Security researchers have discovered a concerning trend in which a highly skilled malware campaign has been targeting WordPress websites by using the frequently disregarded mu-plugins directory to insert a covert backdoor. This directory, short for “must-use plugins,” houses automatically activated…

Read more →

SEQRITE Labs’ APT-Team has uncovered a sophisticated spear-phishing campaign dubbed Operation CargoTalon, targeting employees at Russia’s Voronezh Aircraft Production Association (VASO), a key aerospace entity. The operation leverages malicious attachments disguised as товарно-транспортная накладная (TTN) logistics documents, critical for Russian…

Read more →

ACRStealer, an infostealer malware that has been circulating since last year and gained momentum in early 2025, continues to evolve with sophisticated modifications aimed at evading detection and complicating analysis. Initially documented by AhnLab Security Intelligence Center (ASEC) for leveraging…

Read more →

The Clorox Company filed a major lawsuit against IT services provider Cognizant on July 22, 2025, seeking $380 million in damages over a devastating cyberattack that the cleaning products giant claims was enabled by Cognizant’s security failures. The lawsuit, filed…

Read more →

The Datadog Security Research team has uncovered the Mimo threat actor also known as Mimo’lette or Hezb expanding its operations from Craft CMS to Magento CMS. Previously documented for deploying cryptominers via public-facing vulnerabilities, Mimo now exploits undetermined PHP-FPM flaws…

Read more →

Germany’s AMEOS Hospital Network has confirmed a sophisticated cyberattack that compromised its IT infrastructure, leading to unauthorized access and potential exposure of sensitive data. Despite robust defenses including multi-factor authentication, intrusion detection systems, and regular vulnerability assessments, attackers managed to…

Read more →

A Silicon Valley engineer with dual U.S.-China citizenship pleaded guilty to stealing critical defense technologies worth hundreds of millions of dollars, including classified systems designed to detect nuclear missile launches and track hypersonic weapons. The case highlights growing concerns about…

Read more →