Akira ransomware breaching MFA-protected SonicWall VPN accounts
Ongoing Akira ransomware attacks targeting SonicWall SSL VPN devices continue to evolve, with the threat actors found to be successfully…
Prompt Injection and Model Poisoning: The New Plagues of AI Security
You wake up. Your AI wakes up. Somewhere, a stranger types a sentence, and your AI listens. This is not science fiction. This is the…
Cybersecurity Weekly – Chrome 0-Day, 22.2 Tbps DDOS Attack, Kali Linux Release, Cisco IOS 0-Day and More
This week in cybersecurity was marked by a relentless pace of critical disclosures and unprecedented attack volumes, underscoring the…
AsyncRAT Malware Campaign Found Targeting South American Hotels
A new AsyncRAT malware campaign from threat actor TA558 is targeting the South American hospitality industry, demanding the attention of…
Fake Microsoft Teams installers push Oyster malware via malvertising
Hackers have been spotted using SEO poisoning and search engine advertisements to promote fake Microsoft Teams installers that infect…
Hunt for RedNovember: Beijing hacked critical orgs in year-long snooping campaign
RedNovember, a Chinese state-sponsored cyberspy group, targeted government and critical private-sector networks around the globe between June…
Apache Airflow Vulnerability Exposes Sensitive Details to Read-Only Users
A critical security flaw has emerged in Apache Airflow 3.0.3, exposing sensitive connection information to users with only read permissions.…
New Botnet Loader-as-a-Service Exploiting Routers and IoT Devices to Deploy Mirai Payloads
A sophisticated botnet operation has emerged, employing a Loader-as-a-Service model to systematically weaponize internet-connected devices…
Threat Actors Exploiting SonicWall Firewalls to Deploy Akira Ransomware Using Malicious Logins
A new wave of cyberattacks targeting organizations using SonicWall firewalls has been actively deploying Akira ransomware since late July…
ChatGPT Pulse Arrives: The Proactive AI Assistant That Reshapes Your Morning Routine
OpenAI has introduced a new feature within ChatGPT called “ChatGPT Pulse”, a service designed to deliver personalized daily…
Google Ads Used to Spread Trojan Disguised as TradingView Premium
A malicious advertising campaign that has been tricking content creators and unsuspecting users into downloading harmful software by offering…
GitLab High-Severity Vulnerabilities Let Attackers Crash Instances
GitLab has disclosed multiple high-severity Denial-of-Service (DoS) vulnerabilities that could allow unauthenticated attackers to crash…
Fortra GoAnywhere Vulnerability Exploited as 0-Day Before Patch
A critical, perfect 10.0 CVSS score vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) solution was actively exploited as…
New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks
The Russian advanced persistent threat (APT) group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed…
CISA Warns of Cisco Firewall 0-Day Vulnerabilities Actively Exploited in the Wild
CISA has issued an Emergency Directive mandating immediate action to mitigate two critical zero-day…
Chinese State-Sponsored Hackers Attacking Telecommunications Infrastructure to Harvest Sensitive Data
In late 2024, a new wave of cyber espionage emerged targeting global telecommunications infrastructure. Operating under the moniker Salt…
Critical Cisco Vulnerability Let Remote Attackers Execute Arbitrary Code on Firewalls and Routers
Cisco warns of a Critical remote code execution flaw in web services across multiple Cisco platforms. Tracked as CVE-2025-20363…
The Scam That Won’t Quit: Malicious “TradingView Premium” Ads Jump from Meta to Google and YouTube
Over the past year, Bitdefender researchers have been monitoring a persistent malicious campaign that initially spread via Facebook Ads,…
Threatsday Bulletin: Rootkit Patch, Federal Breach, OnePlus SMS Leak, TikTok Scandal & More
Welcome to this week's Threatsday Bulletin—your Thursday check-in on the latest twists and turns in cybersecurity and hacking. The…
Chinese Hackers Use 'BRICKSTORM' Backdoor to Breach US Firms
Chinese cyber threat actors are suspected of deploying a recently identified backdoor to get a foothold into the systems of US organizations…
China-Linked Hackers Hit US Tech Firms with BRICKSTORM Malware
A group of hackers with links to China has been caught running a long-term spying operation against US companies. Cybersecurity researchers at…
Critical DNN Platform Vulnerability Let Attackers Execute Malicious Scripts
A critical stored cross-site scripting vulnerability has emerged in the popular DotNetNuke (DNN) Platform, threatening websites powered by…
Hidden Backdoors in WordPress: How Attackers Use Fake Plugins and Core Files for Persistent Access
Security researcher Puja Srivastava from Sucuri uncovered two malicious files designed to guarantee persistent attacker access by manipulating…
Cisco IOS 0-Day RCE Vulnerability Actively Exploited in the Wild
Cisco has disclosed a zero-day vulnerability, CVE-2025-20352, in its widely used IOS and IOS XE software, confirming it is being actively…
Unpatched flaw in OnePlus phones lets rogue apps text messages
A vulnerability in multiple versions of OxygenOS, the Android-based operating system from OnePlus, allows any installed app to access SMS data…
UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors
Companies in the legal services, software-as-a-service (SaaS) providers, Business Process Outsourcers (BPOs), and technology sectors in the…
Google warns China-linked spies lurking in 'numerous' enterprises since March
Unknown intruders – likely China-linked spies – have broken into "numerous" enterprise networks since March and deployed…
Google: Brickstone malware used to steal U.S. orgs' data for over a year
Suspected Chinese hackers have used the Brickstorm malware in long-term persistence espionage operations against U.S. organizations in the…
GitHub notifications abused to impersonate Y Combinator for crypto theft
A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y Combinator (YC) W2026…
iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks
Think payment iframes are secure by design? Think again. Sophisticated attackers have quietly evolved malicious overlay techniques to exploit…
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials
Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part…
Chrome High-severity Vulnerabilities Let Attackers Access Sensitive Data and Crash System
Google has issued an urgent security update for its Chrome web browser to address three high-severity vulnerabilities that could allow…
CVE-2025-59545: Critical XSS Flaw in DNN Software Puts 750,000 Websites at Risk
DNN Software has issued a security advisory warning of a critical stored cross-site scripting (XSS) vulnerability in its Prompt module,…
Google Chrome Patches Three High-Severity Flaws in V8 Engine
Google has released a Stable Channel Update for Desktop with builds 140.0.7339.207/.208 for Windows and Mac and 140.0.7339.207 for Linux. The…
SonicWall releases rootkit-busting firmware update following wave of attacks
SonicWall on Monday released a firmware update that the security vendor says will remove rootkit malware deployed in recent attacks targeting…
SonicWall Releases Urgent Update to Remove Rootkit Malware ‘OVERSTEP’ from SMA Devices
SonicWall has issued an urgent firmware update, version 10.2.2.2-92sv, for its Secure Mobile Access (SMA) 100 series appliances to detect and…
SonicWall releases SMA100 firmware update to wipe rootkit malware
SonicWall has released a firmware update that can help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices.…
Libraesva ESG Vulnerability Let Attackers Inject Malicious Commands
A critical security flaw in Libraesva ESG email security gateways has been identified and patched, allowing threat actors to execute arbitrary…
CVE-2025-9125: Cross-Site Scripting Flaw in Lectora Courses Puts E-Learning Platforms at Risk
The CERT Coordination Center (CERT/CC) has issued a vulnerability note warning of a cross-site scripting (XSS) flaw affecting Lectora, a…
Kawa4096: A New Ransomware Group with Akira-Style Branding and Qilin-Like Notes
In June 2025, a new ransomware group known as Kawa4096 surfaced, launching disruptive attacks against multinational organizations in finance,…
Automaker giant Stellantis confirms data breach after Salesforce hack
Automotive manufacturing giant Stellantis has confirmed that attackers stole some of its North American customers' data after gaining access…
LastPass: Fake password managers infect Mac users with malware
LastPass is warning users of a campaign that targets macOS users with malicious software impersonating popular products delivered through…