Week in review: Chrome 0-day fixed, npm supply chain attack, LinkedIn data used for AI
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Most enterprise AI use is…
CISA Warns of Critical Vulnerabilities in Dover Fueling Solutions’ ProGauge MagLink LX
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about multiple critical vulnerabilities in ProGauge MagLink…
The Good, the Bad and the Ugly in Cybersecurity – Week 38
The Good | Federal Courts Crack Down on BreachForums & UNC3944 Cybercrime Operators Conor Brian Fitzpatrick, the 22-year-old operator of…
Attackers Abuse AI Tools to Generate Fake CAPTCHAs in Phishing Attacks
Cybercriminals are abusing AI platforms to create and host fake CAPTCHA pages to enhance phishing campaigns, according to new Trend Micro…
CVE-2025-59340: Critical HubSpot’s Jinjava Engine Flaw Exposes Thousands of Websites to RCE
HubSpot has issued a security advisory regarding a critical flaw in its Jinjava template engine, which powers thousands of websites and…
CISA Warns of Malicious Listener Malware Exploiting Ivanti Endpoint Manager Mobile
The Cybersecurity and Infrastructure Security Agency (CISA) has published a new Malware Analysis Report (MAR) detailing how threat actors are…
MuddyWater APT Shifts Tactics to Custom Malware
Group-IB analysts have released new intelligence on MuddyWater, the Iranian state-sponsored APT linked to Tehran’s Ministry of…
FileFix Campaign Using Steganography and Multistage Payloads
A rare in-the-wild FileFix campaign has been observed by cybersecurity researchers, which hides a second-stage PowerShell script and encrypted…
Microsoft Disrupts RaccoonO365 Phishing Kit, Seizes 338 Malicious Sites
Microsoft has announced the disruption of RaccoonO365, a popular subscription-based phishing kit focused on the theft of Microsoft365…
A Quarter of UK and US Firms Suffer Data Poisoning Attacks
British and American cybersecurity leaders are increasingly concerned about their expanding AI attack surface, particularly unsanctioned use…
Chinese AI Villager Pen Testing Tool Hits 11,000 PyPI Downloads
A new AI-native penetration testing tool called Villager has reached nearly 11,000 downloads on the Python Package Index (PyPI) just two…
UK: Tax Refund-Themed Phishing Slows in 2025
Phishing reports impersonating HM Revenue & Customs (HMRC), the British national tax authority, appear to be slowing, according to a new…
RevengeHotels: a new wave of attacks leveraging LLMs and VenomRAT
Background RevengeHotels, also known as TA558, is a threat group that has been active since 2015, stealing credit card data from hotel guests…
Securing Linux Systems in the Age of AI: Unified Security Strategies for Modern Enterprises
Introduction In the rapidly evolving landscape of cybersecurity, the integration of Artificial Intelligence (AI) has emerged as a…
SEO Poisoning Targets Chinese Users with Fake Software Sites
A search engine optimization (SEO) poisoning attack aimed at Chinese-speaking Microsoft Windows users has been identified by security…
AI-Forged Military IDs Used in North Korean Phishing Attack
A North Korean threat actor has leveraged AI to create fake South Korean military agency ID card images used in a spear-phishing campaign,…
6 Browser-Based Attacks Security Teams Need to Prepare For Right Now
Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we'll explore what a…
Phishing Campaigns Drop RMM Tools for Remote Access
Malicious actors are using multiple lures in new phishing campaigns designed to install remote monitoring and management (RMM) software onto…
ACR Stealer – Uncovering Attack Chains, Functionalities And IOCs
ACR Stealer represents one of the most sophisticated information-stealing malware families actively circulating in 2025, distinguished by its…
Phishing Wave Hits U.S. Energy Giants: Chevron, ConocoPhillips Targeted
The U.S. energy industry has become a prime target for large-scale phishing operations in 2025, according to new research from Hunt…
Beyond the Firewall: Protecting Your Marketing Department from Cyber Threats and Safeguarding Digital Assets
Digital media created more opportunities for companies to engage with consumers than ever before, but such increased interconnectedness has a…
A CISO’s Guide to Managing Cyber Risk in Healthcare
Now more than ever before, our healthcare data is under attack. Of all of the sensitive information available on the dark web, medical records…
New VoidProxy Phishing Service Bypasses MFA on Microsoft and Google Accounts
Okta Threat Intelligence exposes VoidProxy, a new PhaaS platform. Learn how this advanced service uses the Adversary-in-the-Middle technique…
Microsoft Windows Defender Privilege Escalation Flaws
It was an uneventful Patch Tuesday—until the headlines hit. Security feeds and vuln catalogs started buzzing: The Microsoft Windows…
Muck Stealer Malware Used Alongside Phishing in New Attack Waves
A new report from Cofense reveals that cybercriminals are blending phishing and malware, including Muck Stealer, Info Stealer, ConnectWise…
CVE-2025-58754: Axios Vulnerability Puts Node.js Processes at Risk of DoS Attacks
Ddos September 12, 2025 The Axios project has released a security advisory for a newly discovered vulnerability affecting its popular…
Unveiling VoidProxy: The Phishing-as-a-Service That Bypasses MFA
Ddos September 12, 2025 Domain pattern for Google phishing pages | Image: Okta Okta Threat Intelligence has published a detailed analysis of…
New Google AppSheet Phishing Scam Deliver Fake Trademark Notices
A phishing scam is exploiting Google’s trusted AppSheet platform to bypass email filters. Learn how hackers are using legitimate tools…
12 Ways to Protect Your Business from Hackers During Remote Work
Michelle MooreUniversity of San Diego’sSeptember 11, 2025 Remote work is here to stay, with nearly a quarter of the U.S. workforce (22%)…
Palo Alto Networks User-ID Credential Agent Vulnerability Exposes password In Cleartext
A newly disclosed vulnerability in Palo Alto Networks’ User-ID Credential Agent for Windows, identified as CVE-2025-4235, could…
France: Three Regional Healthcare Agencies Targeted by Cyber-Attacks
French regional healthcare agencies have been targeted by cyber-attacks compromising the personal data of patients across the country. On…
LNER Reveals Supply Chain Attack Compromised Customer Information
The operator of one of the UK’s busiest rail lines has admitted that an unauthorized third party has accessed customer details via a supplier.…
More Than Sales… How Brokers Can Play a Critical Role in Strengthening the USA’s National Cybersecurity
As cyber threats continue to rise, enterprises can rely on unexpected allies for support: their insurance brokers. Brokers are not only able…
Using Artificial Intelligence for Strengthening Email Security
Today, email-based attacks are increasingly sophisticated, however artificial intelligence (AI) can offer vital defense. With AI use,…
Ransomware Payments Plummet in Education Amid Enhanced Resiliency
Ransomware demands and payments have plummeted in the education sector in the past year amid improved resilience and recovery capabilities,…
Microsoft Warns of Active Directory Domain Services Vulnerability, Let Attackers Escalate Privileges
Microsoft has issued an updated warning for a critical security vulnerability in Active Directory Domain Services, tracked as CVE-2025-21293.…
Two Zero-Days Among Patch Tuesday CVEs This Month
Microsoft issued updates to fix 81 vulnerabilities in this month’s Patch Tuesday yesterday, including two classed as zero-days which…
As hackers exploit one high-severity SAP flaw, company warns of 3 more
SecurityBridge warned that CVE-2025-42957 allowed hackers with minimal system rights to mount “a complete system compromise with minimal…
Plex tells users to change passwords due to data breach, pushes server owners to upgrade
Media streaming company Plex has suffered a data breach and is urging users to reset their account password and enable two-factor…
Exploring Key Technology Trends for 2024
Fast forward to today, and the importance of staying current with the latest tech trends can’t be overstated – it’s the…
Threat Actor Accidentally Exposes AI-Powered Operations
A threat actor has unintentionally revealed their methods and day-to-day activities after installing Huntress security software on their own…
Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks
Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft’s Direct Send feature to form a “highly…