Hunt for RedNovember: Beijing hacked critical orgs in year-long snooping campaign
RedNovember, a Chinese state-sponsored cyberspy group, targeted government and critical private-sector networks around the globe between June…
Researchers Expose SVG and PureRAT Phishing Threats Targeting Ukraine and Vietnam
A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader, which is then used to…
Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035)
CVE-2025-10035, a perfect CVSS 10.0 vulnerability in the Fortra GoAnywhere managed file transfer solution, has apparently been exploited in…
‘An attacker's playground:’ Crims exploit GoAnywhere perfect-10 bug
Security researchers have confirmed that threat actors have exploited the maximum-severity vulnerability affecting Fortra's GoAnywhere managed…
Maximum severity GoAnywhere MFT flaw exploited as zero day
Hackers are actively exploiting a maximum severity vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT that allows injecting commands…
Fortra GoAnywhere Vulnerability Exploited as 0-Day Before Patch
A critical, perfect 10.0 CVSS score vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) solution was actively exploited as…
New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks
The Russian advanced persistent threat (APT) group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed…
Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks
A widespread campaign aimed at breaching organizations via zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) has been…
Chinese State-Sponsored Hackers Attacking Telecommunications Infrastructure to Harvest Sensitive Data
In late 2024, a new wave of cyber espionage emerged targeting global telecommunications infrastructure. Operating under the moniker Salt…
Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure
Cybersecurity company watchTowr Labs has disclosed that it has "credible evidence" of active exploitation of the recently disclosed security…
CISA orders agencies to patch Cisco flaws exploited in zero-day attacks
CISA has issued a new emergency directive ordering U.S. federal agencies to secure their Cisco firewall devices against two flaws that have…
Malicious AI Agent Server Reportedly Steals Emails
A popular Model Context Protocol (MCP) server used to deploy AI agents has turned malicious in one of its latest updates, according to Koi…
North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers
The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented…
Chinese Hackers Use 'BRICKSTORM' Backdoor to Breach US Firms
Chinese cyber threat actors are suspected of deploying a recently identified backdoor to get a foothold into the systems of US organizations…
China-Linked Hackers Hit US Tech Firms with BRICKSTORM Malware
A group of hackers with links to China has been caught running a long-term spying operation against US companies. Cybersecurity researchers at…
Cisco SNMP Flaw (CVE-2025-20352) Actively Exploited: Patch Now to Stop Root Access!
Cisco has issued a security advisory warning of a critical flaw in its IOS and IOS XE Software, tracked as CVE-2025-20352 with a CVSS score of…
Hidden Backdoors in WordPress: How Attackers Use Fake Plugins and Core Files for Persistent Access
Security researcher Puja Srivastava from Sucuri uncovered two malicious files designed to guarantee persistent attacker access by manipulating…
Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike
A suspected cyber espionage activity cluster that was previously found targeting global government and private sector organizations spanning…
UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors
Companies in the legal services, software-as-a-service (SaaS) providers, Business Process Outsourcers (BPOs), and technology sectors in the…
Google warns China-linked spies lurking in 'numerous' enterprises since March
Unknown intruders – likely China-linked spies – have broken into "numerous" enterprise networks since March and deployed…
Google: Brickstone malware used to steal U.S. orgs' data for over a year
Suspected Chinese hackers have used the Brickstorm malware in long-term persistence espionage operations against U.S. organizations in the…
Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models
Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the…
Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs
Researchers at Cisco Talos have uncovered a long-running espionage campaign active since 2022, targeting the telecommunications and…
SonicWall releases rootkit-busting firmware update following wave of attacks
SonicWall on Monday released a firmware update that the security vendor says will remove rootkit malware deployed in recent attacks targeting…
Third time's the charm? SolarWinds (again) patches critical Web Help Desk RCE
SolarWinds on Tuesday released a hotfix - again - for a critical, 9.8-severity flaw in its Web Help Desk IT ticketing software that could…
BlockBlasters: When a Steam Game Turns Into a Malware Delivery Vehicle
What began as a promising indie platformer has turned into one of the most alarming cases of malware-laced games on Steam in 2025. According…
LastPass: Fake password managers infect Mac users with malware
LastPass is warning users of a campaign that targets macOS users with malicious software impersonating popular products delivered through…
Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More
The security landscape now moves at a pace no patch cycle can match. Attackers aren't waiting for quarterly updates or monthly…
How to Gain Control of AI Agents and Non-Human Identities
We hear this a lot: "We've got hundreds of service accounts and AI agents running in the background. We didn't create most of them. We don't…
Verified Steam game steals streamer's cancer treatment donations
A gamer seeking financial support for cancer treatment lost $32,000 after downloading from Steam a verified game named BlockBlasters that…
DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams
Threat actors with ties to the Democratic People's Republic of Korea (aka DPRK or North Korea) have been observed leveraging ClickFix-style…
Top Zero-Day Vulnerabilities Exploited in the Wild in 2025
The cybersecurity landscape in 2025 has been marked by an unprecedented surge in zero-day vulnerabilities actively exploited by threat actors.…
WannaCry Ransomware: A DFIR & SOC Monitoring Lab Walkthrough
Hello fellow defenders, I hope you are having a great day. In this article, I’m going to show you how you can make a cybersecurity home…
The Good, the Bad and the Ugly in Cybersecurity – Week 38
The Good | Federal Courts Crack Down on BreachForums & UNC3944 Cybercrime Operators Conor Brian Fitzpatrick, the 22-year-old operator of…
UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware
An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies,…
CISA Warns of Hackers Exploiting Ivanti Endpoint Manager Mobile Vulnerabilities to Deploy Malware
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding sophisticated malware campaigns targeting…
Russian State Hackers Collaborate in Attacks Against Ukraine
Two Russian state-linked threat actors, Gamaredon and Turla, are working together to compromise high-value defense targets in Ukraine,…
Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine
Cybersecurity researchers have discerned evidence of two Russian hacking groups Gamaredon and Turla collaborating together to target and…
MuddyWater APT Shifts Tactics to Custom Malware
Group-IB analysts have released new intelligence on MuddyWater, the Iranian state-sponsored APT linked to Tehran’s Ministry of…
Chinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy Experts
A China-aligned threat actor known as TA415 has been attributed to spear-phishing campaigns targeting the U.S. government, think tanks, and…
Apple Ends iCloud Support for Older Devices
According to Apple’s newly published support documentation, devices running iOS 10 or macOS 10.12 no longer meet the minimum system…
Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs
The China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a…