Assessing the Role of AI in Zero Trust

By 2025, Zero Trust has evolved from a conceptual framework into an essential pillar of modern security. No longer merely theoretical, it's now a requirement that organizations must adopt. A robust, defensible architecture built on Zero Trust principles does more than satisfy baseline regulatory...

PoisonSeed Attack Turns Out to Be Not a FIDO Bypass After All

Cybersecurity firm Expel, in an update shared on July 25, 2025, said it's retracting its findings about a phishing attack that it said leveraged cross-device sign-in to get around FIDO account protections despite being not in physical proximity to the authenticating client device. "The evidence...

Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks

Microsoft on Sunday released security patches for an actively exploited security flaw in SharePoint and also disclosed details of another vulnerability that it said has been addressed with "more robust protections." The tech giant acknowledged it's "aware of active attacks targeting on-premises...

Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access

Hewlett-Packard Enterprise HPE has released security updates to address a critical security flaw affecting Instant On Access Points that could allow an attacker to bypass authentication and gain administrative access to susceptible systems. The vulnerability, tracked as CVE-2025-37103, carries a...

3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics

A new attack campaign has compromised more than 3,500 websites worldwide with JavaScript cryptocurrency miners, marking the return of browser-based cryptojacking attacks once popularized by the likes of CoinHive. Although the service has since shuttered after browser makers took steps to ban...

EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware

The financially motivated threat actor known as EncryptHubaka LARVA-208 and Water Gamayun has been attributed to a new campaign that's targeting Web3 developers to infect them with information stealer malware. "LARVA-208 has evolved its tactics, using fake AI platforms e.g., Norlax AI, mimicking...

Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers

A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 CVSS score: 9.8, has been described as a variant of CVE-2025-49704 CVSS score: 8.8, a code injection and...

Malware Injected into 7 npm Packages After Maintainer Tokens Stolen in Phishing Attack

Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers' npm tokens. The captured tokens were then used to publish malicious versions of the packages directly to the registry without a...

Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers

A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2025-54309 , the vulnerability carries a CVSS score of 9.0. "CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS...

China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones

Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that's used by law enforcement authorities in China to gather information from seized mobile devices. The hacking tool, believed to be a successor of MFSocket, is developed by a Chinese company named SDIC...

UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns

Multiple sectors in China, Hong Kong, and Pakistan have become the target of a threat activity cluster tracked as UNG0002 aka Unknown Group 0002 as part of a broader cyber espionage campaign. "This threat entity demonstrates a strong preference for using shortcut files LNK, VBScript, and...

Ivanti Flaws Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks

Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure ICS appliances. According to a report published by JPCERT/CC today, the threat actors behind the...

Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services

Cybersecurity researchers have disclosed a critical container escape vulnerability in the NVIDIA Container Toolkit that could pose a severe threat to managed AI cloud services. The vulnerability, tracked as CVE-2025-23266, carries a CVSS score of 9.0 out of 10.0. It has been codenamed NVIDIAScape...

CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign

The Computer Emergency Response Team of Ukraine CERT-UA has disclosed details of a phishing campaign that's designed to deliver a malware codenamed LAMEHUG. "An obvious feature of LAMEHUG is the use of LLM large language model, used to generate commands based on their textual representation...

Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices

Google on Thursday revealed it's pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX 2.0 botnet and residential proxy infrastructure. "The BADBOX 2.0 botnet compromised over 10 million uncertified devices running...

From Backup to Cyber Resilience: Why IT Leaders Must Rethink Backup in the Age of Ransomware

With IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing up data to maintaining operations during an incident. One of the key drivers behind this shift is the growing threat of ransomware, which continues to evolve in both frequency and complexity...

Hackers Use GitHub Repositories to Host Amadey Malware and Data Stealers, Bypassing Filters

Threat actors are leveraging public GitHub repositories to host malicious payloads and distribute them via Amadey as part of a campaign observed in April 2025. "The MaaS malware-as-a-service operators used fake GitHub accounts to host payloads, tools, and Amadey plug-ins, likely as an attempt to...

Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner

Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryptocurrency miner called Linuxsys. The vulnerability in question is CVE-2021-41773 CVSS score: 7.5, a high-severity path traversal vulnerability in Apache HTTP...

Europol Disrupts NoName057(16) Hacktivist Group Linked to DDoS Attacks Against Ukraine

An international operation coordinated by Europol has disrupted the infrastructure of a pro-Russian hacktivist group known as NoName05716 that has been linked to a string of distributed denial-of-service DDoS attacks against Ukraine and its allies. The actions have led to the dismantling of a maj...

CTEM vs ASM vs Vulnerability Management: What Security Leaders Need to Know in 2025

The modern-day threat landscape requires enterprise security teams to think and act beyond traditional cybersecurity measures that are purely passive and reactive, and in most cases, ineffective against emerging threats and sophisticated threat actors. Prioritizing cybersecurity means implementin...

Chinese Hackers Target Taiwan's Semiconductor Sector with Cobalt Strike, Custom Backdoors

The Taiwanese semiconductor industry has become the target of spear-phishing campaigns undertaken by three previously undocumented Chinese state-sponsored threat actors. "Targets of these campaigns ranged from organizations involved in the manufacturing, design, and testing of semiconductors and...

Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code

Cisco has disclosed a new maximum-severity security vulnerability impacting Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC that could permit an attacker to execute arbitrary code on the underlying operating system with elevated privileges. Tracked as CVE-2025-20337,...

Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms

Cybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to enhance its stealth and evade detection. Matanbuchus is the name given to a malware-as-a-service MaaS offering that can act as a conduit for next-stage payloads,...

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access SMA 100 series appliances as part of a campaign designed to drop a backdoor called OVERSTEP. The malicious activity, dating back to at least October 2024, has been attributed by the Goog...

Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access

Cybersecurity researchers have disclosed what they say is a "critical design flaw" in delegated Managed Service Accounts dMSAs introduced in Windows Server 2025. "The flaw can result in high-impact attacks, enabling cross-domain lateral movement and persistent access to all managed service accoun...

AI Agents Act Like Employees With Root Access—Here's How to Regain Control

The AI gold rush is on. But without identity-first security, every deployment becomes an open door. Most organizations secure native AI like a web app, but it behaves more like a junior employee with root access and no manager. From Hype to High Stakes Generative AI has moved beyond the hype cycl...

Deepfakes. Fake Recruiters. Cloned CFOs — Learn How to Stop AI-Driven Attacks in Real Time

Social engineering attacks have entered a new era—and they're coming fast, smart, and deeply personalized. It's no longer just suspicious emails in your spam folder. Today's attackers use generative AI, stolen branding assets, and deepfake tools to mimic your executives, hijack your social...

New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code

Cybersecurity researchers have discovered a new, sophisticated variant of a known Android malware referred to as Konfety that leverages the evil twin technique to enable ad fraud. The sneaky approach essentially involves a scenario wherein two variants of an application share the same package nam...

Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild

Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild. The high-severity vulnerability in question is CVE-2025-6558 CVSS score: 8.8, which has been described as an incorrect validation of untrusted input in...

Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act

Google on Tuesday revealed that its large language model LLM-assisted vulnerability discovery framework identified a security flaw in the SQLite open-source database engine before it could have been exploited in the wild. The vulnerability, tracked as CVE-2025-6965 CVSS score: 7.2, is a memory...

Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors

Cloudflare on Tuesday said it mitigated 7.3 million distributed denial-of-service DDoS attacks in the second quarter of 2025, a significant drop from 20.5 million DDoS attacks it fended off the previous quarter. "Overall, in Q2 2025, hyper-volumetric DDoS attacks skyrocketed," Omer Yoachimik and...

Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools

Cybersecurity researchers have shed light on a new ransomware-as-a-service RaaS operation called GLOBAL GROUP that has targeted a wide range of sectors in Australia, Brazil, Europe, and the United States since its emergence in early June 2025. GLOBAL GROUP was "promoted on the Ramp4u forum by the...

State-Backed HazyBeacon Malware Uses AWS Lambda to Steal Data from SE Asian Governments

Governmental organizations in Southeast Asia are the target of a new campaign that aims to collect sensitive information by means of a previously undocumented Windows backdoor dubbed HazyBeacon. The activity is being tracked by Palo Alto Networks Unit 42 under the moniker CL-STA-1020 , where "CL"...

Securing Agentic AI: How to Protect the Invisible Identity Access

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can't easily see. These "invisible"...

AsyncRAT's Open-Source Code Sparks Surge in Dangerous Malware Variants Across the Globe

Cybersecurity researchers have charted the evolution of a widely used remote access trojan called AsyncRAT , which was first released on GitHub in January 2019 and has since served as the foundation for several other variants. "AsyncRAT has cemented its place as a cornerstone of modern malware an...

North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign

The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, underscoring ongoing attempts to poison the open-source ecosystem via software supply chain attacks. The packages, per Socket, have...

The Unusual Suspect: Git Repos

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of...

New PHP-Based Interlock RAT Variant Uses FileFix Delivery Mechanism to Target Multiple Industries

Threat actors behind the Interlock ransomware group have unleashed a new PHP variant of its bespoke remote access trojan RAT as part of a widespread campaign using a variant of ClickFix called FileFix. "Since May 2025, activity related to the Interlock RAT has been observed in connection with the...

⚡ Weekly Recap: Scattered Spider Arrests, Car Exploits, macOS Malware, Fortinet RCE and More

In cybersecurity, precision matters—and there's little room for error. A small mistake, missed setting, or quiet misconfiguration can quickly lead to much bigger problems. The signs we're seeing this week highlight deeper issues behind what might look like routine incidents: outdated tools, slow...

CBI Shuts Down £390K U.K. Tech Support Scam, Arrests Key Operatives in Noida Call Center

India's Central Bureau of Investigation CBI has announced that it has taken steps to dismantle what it said was a transnational cybercrime syndicate that carried out "sophisticated" tech support scams targeting citizens of Australia and the United Kingdom. The fraudulent scheme is estimated to ha...

eSIM Vulnerability in eUICC Cards Exposes Billions of IoT Devices to Malicious Attacks

Cybersecurity researchers have discovered a new hacking technique that exploits weaknesses in the eSIM technology used in modern smartphones, exposing users to severe risks. The issues impact the Kigen eUICC card. According to the Irish company's website, more than two billion SIMs in IoT devices...

GPUHammer: New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs

NVIDIA is urging customers to enable System-level Error Correction Codes ECC as a defense against a variant of a RowHammer attack demonstrated against its graphics processing units GPUs. "Risk of successful exploitation from RowHammer attacks varies based on DRAM device, platform, design...

Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub

Cybersecurity researchers have discovered a serious security issue that allows leaked Laravel APPKEYs to be weaponized to gain remote code execution capabilities on hundreds of applications. "Laravel's APPKEY, essential for encrypting sensitive data, is often leaked publicly e.g., on GitHub,"...

Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)

Fortinet has released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on susceptible instances. Tracked as CVE-2025-25257, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0. "An improper...

PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution

Cybersecurity researchers have discovered a set of four security flaws in OpenSynergy's BlueSDK Bluetooth stack that, if successfully exploited, could allow remote code execution on millions of transport vehicles from different vendors. The vulnerabilities, dubbed PerfektBlue , can be fashioned...

Securing Data in the AI Era

The 2025 Data Risk Report: Enterprises face potentially serious data loss risks from AI-fueled tools. Adopting a unified, AI-driven approach to data security can help. As businesses increasingly rely on cloud-driven platforms and AI-powered tools to accelerate digital transformation, the stakes f...

Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild

A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress. The vulnerability, tracked as CVE-2025-47812 CVSS score: 10.0, is a case of improper handling of null '\0' bytes in the server's web interface,...

Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals

An Iranian-backed ransomware-as-a-service RaaS named Pay2Key has resurfaced in the wake of the Israel-Iran-U.S. conflict last month, offering bigger payouts to cybercriminals who launch attacks against Israel and the U.S. The financially motivated scheme, now operating under the moniker...

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities KEV catalog, officially confirming the vulnerability has been weaponized in the wild. The shortcoming in...

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

Cybersecurity researchers have discovered a critical vulnerability in the open-source mcp-remote project that could result in the execution of arbitrary operating system OS commands. The vulnerability, tracked as CVE-2025-6514 , carries a CVSS score of 9.6 out of 10.0. "The vulnerability allows...