Interpol Cracks Down on Large-Scale African Scamming Networks
A transnational operation involving 14 African countries has taken down a large-scale digital scamming network, leading to 260 arrests and the…
Phishing Campaign Evolves into PureRAT Deployment, Linked to Vietnamese Threat Actors
A recent investigation has revealed a phishing campaign that began with a simple Python-based infostealer but ultimately led to the deployment…
The Threat of Privilege Abuse in Active Directory
In early 2024, the BlackCat ransomware attack against Change Healthcare caused massive disruption across the U.S. healthcare sector. It later…
New Phishing Campaign Targets PyPI Maintainers with Fake Domain
The Python Package Index (PyPI) is once again the target of a phishing campaign aimed at maintainers, with attackers using domain confusion…
Iranian Hacking Group Nimbus Manticore Expands European Targeting
A long-running cyber-espionage campaign tied to Iran has intensified its operations in Europe. The group, known as Nimbus Manticore, has a…
Deepfake Attacks Hit Two-Thirds of Businesses
Nearly two-thirds (62%) of organizations have experienced a deepfake attack in the past 12 months, according to a new Gartner survey. These…
Deepfakes: The Cybersecurity Pandora’s Box
The meteoric rise of artificial intelligence (AI) has not only revolutionized industries but also unleashed a Pandora’s box of potential…
Critical Security Flaws Grow with AI Use, New Report Shows
A sharp increase in hardware, API and network vulnerabilities is exposing organizations to new risks, according to Inside the Mind of a CISO…
Attacker Breakout Time Falls to 18 Minutes
Threat actors are accelerating their attacks and adopting innovative new ways to circumvent endpoint detection mechanisms, according to a new…
Car Giant Stellantis Confims Third-Party Breach
Stellantis, one of the world’s leading car manufacturers, has confirmed it was affected by a cyber incident targeting a third-party supplier.…
Jaguar Land Rover Extends Production Pause Again
The UK’s largest carmaker has announced a further delay to restarting production after suffering a major cyber-attack earlier this month.…
Beyond Trust: A New Campaign Is Using a Legitimate Tool to Deliver RATs
A new report from Hunt Intelligence reveals how attackers are abusing ConnectWise ScreenConnect (formerly ConnectWise Control) to deliver…
Organizations Must Update Defenses to Scattered Spider Tactics, Experts Urge
Organizations must urgently update their defenses to protect against tactics deployed by the Scattered Spider hacking collective this year,…
Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More
The security landscape now moves at a pace no patch cycle can match. Attackers aren't waiting for quarterly updates or monthly…
FBI Says Threat Actors Are Spoofing its IC3 Site
The FBI has urged cybercrime victims to exercise caution when visiting its Internet Crime Complaint Center (IC3) website, claiming that threat…
Countering The Adaptive Playbook of Modern Threat Actors
The cybersecurity landscape has seen a substantial threat vector transformation. While malware and ransomware continue to be relevant threats,…
Week in review: Chrome 0-day fixed, npm supply chain attack, LinkedIn data used for AI
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Most enterprise AI use is…
CISA Warns of Critical Vulnerabilities in Dover Fueling Solutions’ ProGauge MagLink LX
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about multiple critical vulnerabilities in ProGauge MagLink…
The Good, the Bad and the Ugly in Cybersecurity – Week 38
The Good | Federal Courts Crack Down on BreachForums & UNC3944 Cybercrime Operators Conor Brian Fitzpatrick, the 22-year-old operator of…
Attackers Abuse AI Tools to Generate Fake CAPTCHAs in Phishing Attacks
Cybercriminals are abusing AI platforms to create and host fake CAPTCHA pages to enhance phishing campaigns, according to new Trend Micro…
CVE-2025-59340: Critical HubSpot’s Jinjava Engine Flaw Exposes Thousands of Websites to RCE
HubSpot has issued a security advisory regarding a critical flaw in its Jinjava template engine, which powers thousands of websites and…
CISA Warns of Malicious Listener Malware Exploiting Ivanti Endpoint Manager Mobile
The Cybersecurity and Infrastructure Security Agency (CISA) has published a new Malware Analysis Report (MAR) detailing how threat actors are…
MuddyWater APT Shifts Tactics to Custom Malware
Group-IB analysts have released new intelligence on MuddyWater, the Iranian state-sponsored APT linked to Tehran’s Ministry of…
FileFix Campaign Using Steganography and Multistage Payloads
A rare in-the-wild FileFix campaign has been observed by cybersecurity researchers, which hides a second-stage PowerShell script and encrypted…
Microsoft Disrupts RaccoonO365 Phishing Kit, Seizes 338 Malicious Sites
Microsoft has announced the disruption of RaccoonO365, a popular subscription-based phishing kit focused on the theft of Microsoft365…
A Quarter of UK and US Firms Suffer Data Poisoning Attacks
British and American cybersecurity leaders are increasingly concerned about their expanding AI attack surface, particularly unsanctioned use…
Chinese AI Villager Pen Testing Tool Hits 11,000 PyPI Downloads
A new AI-native penetration testing tool called Villager has reached nearly 11,000 downloads on the Python Package Index (PyPI) just two…
UK: Tax Refund-Themed Phishing Slows in 2025
Phishing reports impersonating HM Revenue & Customs (HMRC), the British national tax authority, appear to be slowing, according to a new…
RevengeHotels: a new wave of attacks leveraging LLMs and VenomRAT
Background RevengeHotels, also known as TA558, is a threat group that has been active since 2015, stealing credit card data from hotel guests…
Securing Linux Systems in the Age of AI: Unified Security Strategies for Modern Enterprises
Introduction In the rapidly evolving landscape of cybersecurity, the integration of Artificial Intelligence (AI) has emerged as a…
SEO Poisoning Targets Chinese Users with Fake Software Sites
A search engine optimization (SEO) poisoning attack aimed at Chinese-speaking Microsoft Windows users has been identified by security…
AI-Forged Military IDs Used in North Korean Phishing Attack
A North Korean threat actor has leveraged AI to create fake South Korean military agency ID card images used in a spear-phishing campaign,…
6 Browser-Based Attacks Security Teams Need to Prepare For Right Now
Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we'll explore what a…
Phishing Campaigns Drop RMM Tools for Remote Access
Malicious actors are using multiple lures in new phishing campaigns designed to install remote monitoring and management (RMM) software onto…
ACR Stealer – Uncovering Attack Chains, Functionalities And IOCs
ACR Stealer represents one of the most sophisticated information-stealing malware families actively circulating in 2025, distinguished by its…
Phishing Wave Hits U.S. Energy Giants: Chevron, ConocoPhillips Targeted
The U.S. energy industry has become a prime target for large-scale phishing operations in 2025, according to new research from Hunt…
Beyond the Firewall: Protecting Your Marketing Department from Cyber Threats and Safeguarding Digital Assets
Digital media created more opportunities for companies to engage with consumers than ever before, but such increased interconnectedness has a…
A CISO’s Guide to Managing Cyber Risk in Healthcare
Now more than ever before, our healthcare data is under attack. Of all of the sensitive information available on the dark web, medical records…
New VoidProxy Phishing Service Bypasses MFA on Microsoft and Google Accounts
Okta Threat Intelligence exposes VoidProxy, a new PhaaS platform. Learn how this advanced service uses the Adversary-in-the-Middle technique…
Microsoft Windows Defender Privilege Escalation Flaws
It was an uneventful Patch Tuesday—until the headlines hit. Security feeds and vuln catalogs started buzzing: The Microsoft Windows…
Muck Stealer Malware Used Alongside Phishing in New Attack Waves
A new report from Cofense reveals that cybercriminals are blending phishing and malware, including Muck Stealer, Info Stealer, ConnectWise…
CVE-2025-58754: Axios Vulnerability Puts Node.js Processes at Risk of DoS Attacks
Ddos September 12, 2025 The Axios project has released a security advisory for a newly discovered vulnerability affecting its popular…