Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk
Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal…
From HealthKick to GOVERSHELL: The Evolution of UTA0388's Espionage Malware
A China-aligned threat actor codenamed UTA0388 has been attributed to a series of spear-phishing campaigns targeting North America, Asia, and…
SaaS Breaches Start with Tokens – What Security Teams Must Watch
Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen…
From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine
Russian hackers' adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025…
New FileFix attack uses cache smuggling to evade security software
A new variant of the FileFix social engineering attack uses cache smuggling to secretly download a malicious ZIP archive onto a victim’s…
Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks
Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that…
Zimbra XSS Zero-Day (CVE-2025-27915) Actively Exploited; CISA Adds to KEV Catalog
A cross-site scripting (XSS) in Synacor Zimbra Collaboration Suite (ZCS) — tracked as CVE-2025-27915 — has been confirmed to be…
Salesforce refuses to pay ransom over widespread data theft attacks
Salesforce has confirmed that it will not negotiate with or pay a ransom to the threat actors behind a massive wave of data theft attacks that…
ShinyHunters Wage Broad Corporate Extortion Spree
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has…
Medusa Ransomware Exploiting GoAnywhere MFT Flaw, Confirms Microsoft
A CVSS 10.0 deserialization vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) solution is now being actively exploited by…
GoAnywhere 0-Day RCE Vulnerability Exploited in the Wild to Deploy Medusa Ransomware
A critical deserialization flaw in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035, has already been weaponized by the…
Microsoft: Critical GoAnywhere Bug Exploited in Medusa Ransomware Campaign
A vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) tool with a CVSS score of 10.0 is being actively exploited in…
Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware
Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere…
⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More
The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons…
ShinyHunters launches Salesforce data leak site to extort 39 victims
An extortion group has launched a new data leak site to publicly extort dozens of companies impacted by a wave of Salesforce breaches,…
Android malware uses VNC to give attackers hands-on access
A new Android banking and remote access trojan (RAT) dubbed Klopatra disguised as an IPTV and VPN app has infected more than 3,000…
Cyber Brief 25-10 – September 2025
Cyber Brief (September 2025)October 1, 2025 - Version: 1TLP:CLEARExecutive summaryWe analysed 285 open source reports for this Cyber Security…
Weekly Recap: Cisco 0-Day, Record DDoS, LockBit 5.0, BMC Bugs, ShadowV2 Botnet & More
Cybersecurity never stops—and neither do hackers. While you wrapped up last week, new attacks were already underway. From hidden…
Threat Actors Exploiting SonicWall Firewalls to Deploy Akira Ransomware Using Malicious Logins
A new wave of cyberattacks targeting organizations using SonicWall firewalls has been actively deploying Akira ransomware since late July…
Malicious Rust packages on Crates.io steal crypto wallet keys
Two malicious packages with nearly 8,500 downloads in Rust's official crate repository scanned developers' systems to steal cryptocurrency…
Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed
Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and…
ShadowV2: How a New DDoS Botnet Mimics Cloud-Native Apps
The login UI | Image: Darktrace Researchers at Darktrace have identified a sophisticated new campaign that merges traditional malware…
ShadowV2 Botnet Exposes Rise of DDoS-as-a-service Platforms
A new campaign that combines traditional malware with modern DevOps tooling has been observed by cybersecurity analysts. The ShadowV2 DDoS…
Google: Brickstone malware used to steal U.S. orgs' data for over a year
Suspected Chinese hackers have used the Brickstorm malware in long-term persistence espionage operations against U.S. organizations in the…
Cloudflare mitigates new record-breaking 22.2 Tbps DDoS attack
Cloudflare has mitigated a distributed denial-of-service (DDoS) attack that peaked at a record-breaking 22.2 terabits per second (Tbps) and…
Iranian Hacking Group Nimbus Manticore Expands European Targeting
A long-running cyber-espionage campaign tied to Iran has intensified its operations in Europe. The group, known as Nimbus Manticore, has a…
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service
Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service…
Automaker giant Stellantis confirms data breach after Salesforce hack
Automotive manufacturing giant Stellantis has confirmed that attackers stole some of its North American customers' data after gaining access…
Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More
The security landscape now moves at a pace no patch cycle can match. Attackers aren't waiting for quarterly updates or monthly…
Week in review: Chrome 0-day fixed, npm supply chain attack, LinkedIn data used for AI
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Most enterprise AI use is…
UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware
An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies,…
Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine
Cybersecurity researchers have discerned evidence of two Russian hacking groups Gamaredon and Turla collaborating together to target and…
MuddyWater APT Shifts Tactics to Custom Malware
Group-IB analysts have released new intelligence on MuddyWater, the Iranian state-sponsored APT linked to Tehran’s Ministry of…
PyPI invalidates tokens stolen in GhostAction supply chain attack
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September,…
SolarWinds Issues Advisory on Salesforce Data Breach Linked to Salesloft Drift
SolarWinds has issued a security advisory regarding a major Salesforce data breach that exposed sensitive information from numerous companies…
ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks
The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft…
Microsoft and Cloudflare disrupt massive RaccoonO365 phishing service
Microsoft and Cloudflare have disrupted a massive Phishing-as-a-Service (PhaaS) operation, known as RaccoonO365, that helped cybercriminals…
Chinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy Experts
A China-aligned threat actor known as TA415 has been attributed to spear-phishing campaigns targeting the U.S. government, think tanks, and…
RaccoonO365 Phishing Network Dismantled as Microsoft, Cloudflare Take Down 338 Domains
Microsoft's Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially…
Jaguar Land Rover extends shutdown after cyberattack by another week
Jaguar Land Rover (JLR) announced today that it will extend the production shutdown for another week, following a devastating cyberattack that…
New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site
Cybersecurity researchers have warned of a new campaign that's leveraging a variant of the FileFix social engineering tactic to deliver the…
Google confirms fraudulent account created in law enforcement portal
Google has confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) platform that law enforcement uses…