Malicious ZIP Files Use Windows Shortcuts to Drop Malware
A new wave of phishing attacks has been detected by the cybersecurity research firm, Blackpoint Cyber, that is exploiting users’ trust…
Phishing Dominates EU-Wide Intrusions, says ENISA
Phishing and vulnerability exploitation accounted for the vast majority of initial access in cyber-attacks against EU organizations over the…
Multiple Splunk Enterprise Vulnerabilities Let Attackers Execute Unauthorized JavaScript code
Splunk has released patches for multiple vulnerabilities in its Enterprise and Cloud Platform products, some of which could allow attackers to…
Critical Flaw in Termix Docker Image (CVE-2025-59951) Leaks SSH Credentials Without Authentication
The Termix project has disclosed a critical authentication bypass in its official Docker image, exposing sensitive SSH configuration data…
Splunk Fixes Six Flaws, Including Unauthenticated SSRF and XSS Vulnerabilities in Enterprise Platform
Splunk has released a series of advisories addressing six in Splunk Enterprise and Splunk Cloud Platform, ranging from medium to high…
That annoying SMS phish you just got may have come from a box like this
The researchers added: “This campaign is notable in that it demonstrates how impactful smishing operations can be executed using simple,…
Cyber Brief 25-10 – September 2025
Cyber Brief (September 2025)October 1, 2025 - Version: 1TLP:CLEARExecutive summaryWe analysed 285 open source reports for this Cyber Security…
Meet SpamGPT and MatrixPDF, AI Toolkits Driving Malware Attacks
A new trend lately observed in the world of cybercrime is the demand for user-friendly, plug-and-play tools that make it easier for people…
Navigating Holiday Threats: Strengthening PC Resilience with Desktops as a Service (DaaS)
The holiday season, often seen as a time for joy and celebration, has transformed into a crucial period for organizational cybersecurity. With…
Campaign Warns Solicitors and House Buyers of Payment Diversion Fraud
UK house buyers hit with payment diversion fraud (PDF) have suffered average losses of £82,000 over the past year, a new awareness campaign…
48+ Cisco Firewalls Vulnerable to Actively Exploited 0-Day Vulnerability in the Wild
A critical zero-day vulnerability affecting thousands of Cisco firewalls is being actively exploited by threat actors in the wild. The…
Smishing Campaigns Exploit Cellular Routers to Target Belgium
A newly identified wave of smishing attacks has been traced to exploited Milesight Industrial Cellular Routers. According to research by…
Threat Actors Allegedly Listed Veeam RCE Exploit for Sale on Dark Web
Veeam Backup & Replication, a cornerstone of many enterprises’ data protection strategy, has reportedly become the focus of a new…
US Cuts Federal Funding for MS-ISAC Cybersecurity Program
The US federal government is cutting support for a major federal cyber threat information-sharing program. In a public statement published on…
Gemini Trifecta Highlights Dangers of Indirect Prompt Injection
Network defenders must start treating AI integrations as active threat surfaces, experts have warned after revealing three new vulnerabilities…
Microsoft Flags AI Phishing Attack Hiding in SVG Files
Forget the old, error-filled emails you could spot easily. Cybercriminals have completely upgraded their methods, using AI (Artificial…
China-linked RedNovember Campaign Shows Importance of Patching Edge Devices
A long-running threat campaign linked to a Chinese state-sponsored cyber-espionage group highlights the importance of patching and protecting…
AI-Generated Code Used in Phishing Campaign Blocked by Microsoft
A credential phishing campaign that likely relied on AI-generated code to evade detection has been stopped by Microsoft Threat Intelligence.…
Inside the Mind of a Threat Actor: What CISOs Must Learn Before the Next Breach
Cybersecurity isn’t a game of defense—it’s a game of anticipation. Yet too many CISOs and security leaders still think in…
Data Is a Dish Best Served Fresh: “In the Wild” Versus Active Exploitation
The term “In the Wild” is broadly used to refer to any activity that has been observed outside of a controlled environment.…
Notepad++ DLL Hijacking Vulnerability Let Attackers Execute Malicious Code
A newly discovered DLL hijacking vulnerability in Notepad++, the popular source code editor, could allow attackers to execute arbitrary code…
SUSE Rancher Security Team Patches Three Vulnerabilities in Rancher Manager
The SUSE Rancher Team has issued fixes for three affecting Rancher Manager, with severities ranging from Medium to High. These could lead to…
Cybersecurity Weekly – Chrome 0-Day, 22.2 Tbps DDOS Attack, Kali Linux Release, Cisco IOS 0-Day and More
This week in cybersecurity was marked by a relentless pace of critical disclosures and unprecedented attack volumes, underscoring the…
AsyncRAT Malware Campaign Found Targeting South American Hotels
A new AsyncRAT malware campaign from threat actor TA558 is targeting the South American hospitality industry, demanding the attention of…
Week in review: Cisco ASA zero-day vulnerabilities exploited, Fortra GoAnywhere instances at risk
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How Juventus protects fans,…
Fake Ukraine Police Notices Spread New Amatera Stealer and PureMiner
Hackers are distributing malicious emails that imitate official notices from the National Police of Ukraine. This phishing campaign,…
Interpol Cracks Down on Large-Scale African Scamming Networks
A transnational operation involving 14 African countries has taken down a large-scale digital scamming network, leading to 260 arrests and the…
Phishing Campaign Evolves into PureRAT Deployment, Linked to Vietnamese Threat Actors
A recent investigation has revealed a phishing campaign that began with a simple Python-based infostealer but ultimately led to the deployment…
The Threat of Privilege Abuse in Active Directory
In early 2024, the BlackCat ransomware attack against Change Healthcare caused massive disruption across the U.S. healthcare sector. It later…
New Phishing Campaign Targets PyPI Maintainers with Fake Domain
The Python Package Index (PyPI) is once again the target of a phishing campaign aimed at maintainers, with attackers using domain confusion…
Iranian Hacking Group Nimbus Manticore Expands European Targeting
A long-running cyber-espionage campaign tied to Iran has intensified its operations in Europe. The group, known as Nimbus Manticore, has a…
Deepfake Attacks Hit Two-Thirds of Businesses
Nearly two-thirds (62%) of organizations have experienced a deepfake attack in the past 12 months, according to a new Gartner survey. These…
Deepfakes: The Cybersecurity Pandora’s Box
The meteoric rise of artificial intelligence (AI) has not only revolutionized industries but also unleashed a Pandora’s box of potential…
Critical Security Flaws Grow with AI Use, New Report Shows
A sharp increase in hardware, API and network vulnerabilities is exposing organizations to new risks, according to Inside the Mind of a CISO…
Attacker Breakout Time Falls to 18 Minutes
Threat actors are accelerating their attacks and adopting innovative new ways to circumvent endpoint detection mechanisms, according to a new…
Car Giant Stellantis Confims Third-Party Breach
Stellantis, one of the world’s leading car manufacturers, has confirmed it was affected by a cyber incident targeting a third-party supplier.…
Jaguar Land Rover Extends Production Pause Again
The UK’s largest carmaker has announced a further delay to restarting production after suffering a major cyber-attack earlier this month.…
Beyond Trust: A New Campaign Is Using a Legitimate Tool to Deliver RATs
A new report from Hunt Intelligence reveals how attackers are abusing ConnectWise ScreenConnect (formerly ConnectWise Control) to deliver…
Organizations Must Update Defenses to Scattered Spider Tactics, Experts Urge
Organizations must urgently update their defenses to protect against tactics deployed by the Scattered Spider hacking collective this year,…
Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More
The security landscape now moves at a pace no patch cycle can match. Attackers aren't waiting for quarterly updates or monthly…
FBI Says Threat Actors Are Spoofing its IC3 Site
The FBI has urged cybercrime victims to exercise caution when visiting its Internet Crime Complaint Center (IC3) website, claiming that threat…
Countering The Adaptive Playbook of Modern Threat Actors
The cybersecurity landscape has seen a substantial threat vector transformation. While malware and ransomware continue to be relevant threats,…