Tag: Security Affairs

A China-linked group targeted a U.S. non-profit to gain long-term access, part of wider attacks on U.S. entities tied to policy matters. China-linked hackers breached a U.S. policy-focused nonprofit in April 2025, maintaining weeks of access. They used DLL sideloading…

Read more →

An Italian political adviser was targeted with Paragon’s Graphite spyware, becoming the fifth Italian in the ongoing government surveillance activity. Italian political adviser Francesco Nicodemo said he was targeted with Paragon’s Graphite spyware, becoming the fifth Italian in the ongoing…

Read more →

A now-patched Samsung Galaxy flaw, tracked as CVE-2025-21042, was exploited as a zero-day to deploy LANDFALL spyware in targeted attacks in Middle East. Samsung patched a flaw exploited as a zero-day, tracked as CVE-2025-21042 (CVSS score of 8.8), to deploy…

Read more →

Cisco patched a critical flaw in its Unified Contact Center Express (UCCX) software that allowed attackers to execute commands with root privileges. Cisco released security updates to address a critical vulnerability, tracked as CVE-2025-20354 (CVSS score 9.8), in the Unified Contact…

Read more →

Russia-linked group InedibleOchotense used fake ESET installers in phishing attacks on Ukrainian targets in May 2025. Russia-linked group InedibleOchotense used trojanized ESET installers in phishing attacks against Ukrainian entities detected in May 2025. The campaign used emails and Signal messages…

Read more →

The Clop Ransomware group claims the breach of The Washington Post and added the American daily newspaper to its Tor data leak site. The Clop Ransomware group announced the hack of the prestigious American daily newspaper The Washington Post. The cybercrime group created…

Read more →

Cisco warns of a new attack variant exploiting CVE-2025-20333 and CVE-2025-20362 in Secure Firewall ASA and FTD devices. Cisco warned of a new attack variant targeting vulnerable Secure Firewall ASA and FTD devices by exploiting the vulnerabilities CVE-2025-20333 and CVE-2025-20362.…

Read more →

Google warns malware now uses AI to mutate, adapt, and collect data during execution, boosting evasion and persistence. Google’s Threat Intelligence Group (GTIG) warn of a new generation of malware that is using AI during execution to mutate, adapt, and…

Read more →

Curly COMrades threat actors exploit Windows Hyper-V to hide Linux VMs, evade EDR tools, and deploy custom malware undetected. Bitdefender researchers, aided by Georgia’s CERT, uncovered that Curly COMrades, a group linked to Russian interests, abused Windows Hyper-V to gain…

Read more →

Cybersecurity firm SonicWall attributed the September security breach exposing firewall configuration files to state-sponsored hackers. In September, SonicWall urged customers to reset credentials after firewall backup files tied to MySonicWall accounts were exposed. The company announced it had blocked attackers’…

Read more →

U.S. sanctions North Korea bankers and firms accused of laundering cybercrime funds used to finance the country’s nuclear weapons program. The U.S. Government has imposed sanctions on several North Korea bankers, financial institutions, and individuals accused of laundering funds obtained…

Read more →

U.S. prosecutors charged three Florida men for using BlackCat ransomware to hack and extort five U.S. companies in 2023. U.S. prosecutors charged Ryan Clifford Goldberg, Kevin Tyler Martin, and another Florida-based accomplice (aka “Co-Conspirator 1”) for using BlackCat ransomware to…

Read more →

U.S. prosecutors charged three Florida men for using BlackCat ransomware to hack and extort five U.S. companies in 2023. U.S. prosecutors charged Ryan Clifford Goldberg, Kevin Tyler Martin, and another Florida-based accomplice (aka “Co-Conspirator 1”) for using BlackCat ransomware to…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added XWiki Platform, and Gladinet CentreStack, and CWP Control Web Panel…

Read more →

A coordinated Eurojust-led operation led to nine arrests in Cyprus, Spain, and Germany for laundering €600M in crypto fraud. Authorities in France, Belgium, and Cyprus arrested nine people in a coordinated Eurojust-led operation against a crypto money laundering ring that…

Read more →

Google’s November 2025 Android update fixes two flaws in the System component, including a critical remote code execution issue. Google’s November 2025 Android security updates addressed two vulnerabilities impacting the System component. The fixes are included in the 2025-11-01 security…

Read more →

Microsoft found a new backdoor, SesameOp, using the OpenAI Assistants API for stealthy command-and-control in hacked systems. Microsoft uncovered a new backdoor, named SesameOp, that abuses the OpenAI Assistants API for command-and-control, allowing covert communication within compromised systems. Microsoft Incident…

Read more →

Google’s AI agent, Big Sleep, helped Apple discover five WebKit flaws in Safari that could lead to browser crashes or memory corruption. Google’s AI agent Big Sleep helped Apple discover five WebKit flaws in Safari that could lead to browser…

Read more →

Hackers target trucking firms with RMM tools to steal freight, teaming with organized crime to loot goods, mainly food and beverages. Cybercriminals are targeting trucking and logistics firms with RMM tools (remote monitoring and management software) to steal freight. Active…

Read more →

Ukrainian Yuriy Rybtsov, aka MrICQ, a suspected Jabber Zeus developer, was extradited from Italy to the US to face cybercrime charges. Ukrainian national Yuriy Igorevich Rybtsov (41), aka MrICQ, an alleged Jabber Zeus developer, was arrested in Italy, lost his…

Read more →