Lucene search
+L

20915 matches found

thn
thn
added 2025/08/27 9:28 a.m.6 views

Blind Eagle's Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra

Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025. These attacks, observed by Recorded Future Insikt Group, targeted various victims, but primarily within the Colombian government acros...

7AI score
Exploits0
thn
thn
added 2025/08/26 5:29 p.m.17 views

Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775

Citrix has released fixes to address three security flaws in NetScaler ADC and NetScaler Gateway, including one that it said has been actively exploited in the wild. The vulnerabilities in question are listed below - CVE-2025-7775 CVSS score: 9.2 - Memory overflow vulnerability leading to Remote...

9.8CVSS9.8AI score0.9987EPSS
Exploits25
thn
thn
added 2025/08/26 5:23 p.m.5 views

New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station

A team of academics has devised a novel attack that can be used to downgrade a 5G connection to a lower generation without relying on a rogue base station gNB. The attack, per the ASSET Automated Systems SEcuriTy Research Group at the Singapore University of Technology and Design SUTD, relies on ...

7.5AI score
Exploits0
thn
thn
added 2025/08/26 1:30 p.m.8 views

MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers

Cybersecurity researchers are calling attention to a sophisticated social engineering campaign that's targeting supply chain-critical manufacturing companies with an in-memory malware dubbed MixShell. The activity has been codenamed ZipLine by Check Point Research. "Instead of sending unsolicited...

7.5AI score
Exploits0
thn
thn
added 2025/08/26 10:45 a.m.3 views

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that employ the ClickFix social engineering tactic to deliver information stealers, ransomware, and cryptocurrency miners. The large-scale...

7.7AI score
Exploits0
thn
thn
added 2025/08/26 9:1 a.m.9 views

HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands

Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages. "A prominent characteristic of the latest variant is its capacity to deploy a full-screen ransomware overlay, which aims t...

7.6AI score
Exploits0
thn
thn
added 2025/08/26 6:27 a.m.4 views

Google to Verify All Android Developers in 4 Countries to Block Malicious Apps

Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute their software outside the Play Store. "Android will require all apps to be registered by verified developers in order to be installed by users on certified...

7.1AI score
Exploits0
thn
thn
added 2025/08/26 5:55 a.m.4 views

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added three security flaws impacting Citrix Session Recording and Git to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2024-8068 CV...

8CVSS8.9AI score0.14736EPSS
Exploits11
thn
thn
added 2025/08/25 6:11 p.m.5 views

UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats

A China-nexus threat actor known as UNC6384 has been attributed to a set of attacks targeting diplomats in Southeast Asia and other entities across the globe to advance Beijing's strategic interests. "This multi-stage attack chain leverages advanced social engineering including valid code signing...

7.6AI score
Exploits0
thn
thn
added 2025/08/25 5:53 p.m.10 views

Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3

Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container. The vulnerability, tracked as CVE-2025-9074 , carries a CVSS score of 9.3 out of 10.0. It has...

9.3CVSS7AI score0.01594EPSS
Exploits15
thn
thn
added 2025/08/25 4:4 p.m.6 views

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads

Cybersecurity researchers have flagged a new phishing campaign that's using fake voicemails and purchase orders to deliver a malware loader called UpCrypter. The campaign leverages "carefully crafted emails to deliver malicious URLs linked to convincing phishing pages," Fortinet FortiGuard Labs...

7.5AI score
Exploits0
thn
thn
added 2025/08/25 12:17 p.m.26 views

⚡ Weekly Recap: Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More

Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage, or shift who holds the upper hand. For leaders, this means defense isn't just a matter of firewalls and patches—it's about strategy. The strongest...

10CVSS9.9AI score0.9951EPSS
Exploits20
thn
thn
added 2025/08/25 11:50 a.m.2 views

Why SIEM Rules Fail and How to Fix Them: Insights from 160 Million Attack Simulations

Security Information and Event Management SIEM systems act as the primary tools for detecting suspicious activity in enterprise networks, helping organizations identify and respond to potential attacks in real time. However, the new Picus Blue Report 2025 , based on over 160 million real-world...

7AI score
Exploits0
thn
thn
added 2025/08/25 8:13 a.m.4 views

Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing

The advanced persistent threat APT actor known as Transparent Tribe has been observed targeting both Windows and BOSS Bharat Operating System Solutions Linux systems with malicious Desktop shortcut files in attacks targeting Indian Government entities. "Initial access is achieved through...

7.5AI score
Exploits0
thn
thn
added 2025/08/24 1:38 p.m.5 views

Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot

Cybersecurity researchers have discovered a malicious Go module that presents itself as a brute-force tool for SSH but actually contains functionality to discreetly exfiltrate credentials to its creator. "On the first successful login, the package sends the target IP address, username, and passwo...

7.5AI score
Exploits0
thn
thn
added 2025/08/23 7:38 a.m.13 views

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets

Cybersecurity researchers are calling attention to multiple campaigns that are taking advantage of known security vulnerabilities and exposed Redis servers to various malicious activities, including leveraging the compromised devices as IoT botnets, residential proxies, or cryptocurrency mining...

9.8CVSS10AI score0.99813EPSS
Exploits25
thn
thn
added 2025/08/22 2:31 p.m.5 views

Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection

Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell. The "Linux-specific malware infection chain that starts with a spam email with a malicious RAR archive file," Trellix researcher Sagar Bade said in a...

8.7AI score
Exploits0
thn
thn
added 2025/08/22 11:6 a.m.3 views

Automation Is Redefining Pentest Delivery

Pentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn't kept pace. Most organizations still rely on traditional reporting methods—static PDFs, emailed...

7.3AI score
Exploits0
thn
thn
added 2025/08/22 11:6 a.m.17 views

Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage

Cybersecurity researchers are calling attention to malicious activity orchestrated by a China-nexus cyber espionage group known as Murky Panda that involves abusing trusted relationships in the cloud to breach enterprise networks. "The adversary has also shown considerable ability to quickly...

9.8CVSS7.7AI score0.99445EPSS
Exploits248
thn
thn
added 2025/08/22 11:5 a.m.18 views

INTERPOL Arrests 1,209 Cybercriminals Across 18 African Nations in Global Crackdown

INTERPOL on Friday announced that authorities from 18 countries across Africa have arrested 1,209 cybercriminals who targeted 88,000 victims. "The crackdown recovered $97.4 million and dismantled 11,432 malicious infrastructures, underscoring the global reach of cybercrime and the urgent need for...

6.9AI score
Exploits0
thn
thn
added 2025/08/22 6:4 a.m.9 views

Ex-Developer Jailed Four Years for Sabotaging Ohio Employer with Kill-Switch Malware

A 55-year-old Chinese national has been sentenced to four years in prison and three years of supervised release for sabotaging his former employer's network with custom malware and deploying a kill switch that locked out employees when his account was disabled. Davis Lu, 55, of Houston, Texas, wa...

7.8AI score
Exploits0
thn
thn
added 2025/08/21 4:38 p.m.7 views

Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks

Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances. The list of vulnerabilities, identified in Commvault versions before 11.36.60, is as follows - CVE-2025-57788 CVSS score: 6.9 - A vulnerability in a know...

10CVSS9.2AI score0.97292EPSS
Exploits9
thn
thn
added 2025/08/21 4:25 p.m.11 views

Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages

Threat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3. Google-owned Mandiant described the activity, which it tracks as UNC5518, as part of an access-as-a-service scheme that employs fake CAPTCHA...

6.2AI score
Exploits0
thn
thn
added 2025/08/21 10:50 a.m.9 views

Weak Passwords and Compromised Accounts: Key Findings from the Blue Report 2025

As security professionals, it's easy to get caught up in a race to counter the latest advanced adversary techniques. Yet the most impactful attacksoften aren't from cutting-edge exploits, but from cracked credentials and compromised accounts. Despite widespread awareness of this threat vector,...

7.8AI score
Exploits0
thn
thn
added 2025/08/21 10:41 a.m.5 views

Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger

Cybersecurity researchers have disclosed details of a new malware loader called QuirkyLoader that's being used to deliver via email spam campaigns an array of next-stage payloads ranging from information stealers to remote access trojans since November 2024. Some of the notable malware families...

7.7AI score
Exploits0
thn
thn
added 2025/08/21 6:45 a.m.5 views

Scattered Spider Hacker Gets 10 Years, $13M Restitution for SIM Swapping Crypto Theft

A 20-year-old member of the notorious cybercrime gang known as Scattered Spider has been sentenced to ten years in prison in the U.S. in connection with a series of major hacks and cryptocurrency thefts. Noah Michael Urban pleaded guilty to charges related to wire fraud and aggravated identity...

7.1AI score
Exploits0
thn
thn
added 2025/08/21 4:47 a.m.9 views

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild. The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300 CVSS score: 8.8, resides in the ImageIO framework and could result...

8.8CVSS8.2AI score0.21922EPSS
Exploits21
thn
thn
added 2025/08/20 5:54 p.m.12 views

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft

Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication 2FA codes, and credit card details under certain conditions. The technique has been dubbed Documen...

6.6AI score
Exploits0
thn
thn
added 2025/08/20 5:25 p.m.3 views

🕵️ Webinar: Discover and Control Shadow AI Agents in Your Enterprise Before Hackers Do

Do you know how many AI agents are running inside your business right now? If the answer is "not sure," you're not alone—and that's exactly the concern. Across industries, AI agents are being set up every day. Sometimes by IT, but often by business units moving fast to get results. That means...

7.3AI score
Exploits0
thn
thn
added 2025/08/20 3:59 p.m.12 views

FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage

A Russian state-sponsored cyber espionage group known as Static Tundra has been observed actively exploiting a seven-year-old security flaw in Cisco IOS and Cisco IOS XE software as a means to establish persistent access to target networks. Cisco Talos, which disclosed details of the activity, sa...

10CVSS9.7AI score0.9951EPSS
Exploits2
thn
thn
added 2025/08/20 1:1 p.m.10 views

Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts

Cybersecurity researchers have demonstrated a new prompt injection technique called PromptFix that tricks a generative artificial intelligence GenAI model into carrying out unintended actions by embedding the malicious instruction inside a fake CAPTCHA check on a web page. Described by Guardio La...

5.7AI score
Exploits0
thn
thn
added 2025/08/20 10:30 a.m.5 views

From Impact to Action: Turning BIA Insights Into Resilient Recovery

Modern businesses face a rapidly evolving and expanding threat landscape, but what does this mean for your business? It means a growing number of risks, along with an increase in their frequency, variety, complexity, severity, and potential business impact. The real question is, "How do you tackl...

6.6AI score
Exploits0
thn
thn
added 2025/08/20 9:18 a.m.5 views

North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms

North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between March and July 2025. The activity manifested in the form of at least 19 spear-phishing emails that impersonated trusted diplomatic contacts...

6.2AI score
Exploits0
thn
thn
added 2025/08/20 4:19 a.m.5 views

DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks

A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service DDoS-for-hire botnet called RapperBot. Ethan Foltz of Eugene, Oregon, has been identified as the administrator of the service, the U.S. Department of Justice D...

7.6AI score
Exploits0
thn
thn
added 2025/08/19 5:37 p.m.8 views

Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems

Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware called DripDropper. But in an unusual twist, the unknown attackers have been observed patching the exploited vulnerability after securing initial...

10CVSS8.5AI score0.99654EPSS
Exploits31
thn
thn
added 2025/08/19 2:33 p.m.9 views

New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code

Financial institutions like trading and brokerage firms are the target of a new campaign that delivers a previously unreported remote access trojan called GodRAT. The malicious activity involves the "distribution of malicious .SCR screen saver files disguised as financial documents via Skype...

7.3AI score
Exploits0
thn
thn
added 2025/08/19 1:0 p.m.13 views

Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution

A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and data theft. The exploit in question chains together CVE-2025-31324 and CVE-2025-42999 to bypass authentication and achieve remote code...

10CVSS10AI score0.99406EPSS
Exploits19
thn
thn
added 2025/08/19 11:24 a.m.11 views

U.K. Government Drops Apple Encryption Backdoor Order After U.S. Civil Liberties Pushback

The U.K. government has apparently abandoned its plans to force Apple to weaken encryption protections and include a backdoor that would have enabled access to the protected data of U.S. citizens. U.S. Director of National Intelligence DNI Tulsi Gabbard, in a statement posted on X, said the U.S...

6.7AI score
Exploits0
thn
thn
added 2025/08/19 11:15 a.m.4 views

Why Your Security Culture is Critical to Mitigating Cyber Risk

After two decades of developing increasingly mature security architectures, organizations are running up against a hard truth: tools and technologies alone are not enough to mitigate cyber risk. As tech stacks have grown more sophisticated and capable, attackers have shifted their focus. They are...

6.9AI score
Exploits0
thn
thn
added 2025/08/19 6:36 a.m.9 views

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

The maintainers of the Python Package Index PyPI repository have announced that the package manager now checks for expired domains to prevent supply chain attacks. "These changes improve PyPI's overall account security posture, making it harder for attackers to exploit expired domain names to gai...

8.1AI score
Exploits0
thn
thn
added 2025/08/18 7:24 p.m.7 views

Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures

The threat actors behind the Noodlophile malware are leveraging spear-phishing emails and updated delivery mechanisms to deploy the information stealer in attacks aimed at enterprises located in the U.S., Europe, Baltic countries, and the Asia-Pacific APAC region. "The Noodlophile campaign, activ...

7.2AI score
Exploits0
thn
thn
added 2025/08/18 4:3 p.m.17 views

Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware

Cybersecurity researchers have lifted the lid on the threat actors' exploitation of a now-patched security flaw in Microsoft Windows to deploy the PipeMagic malware in RansomExx ransomware attacks. The attacks involve the exploitation of CVE-2025-29824, a privilege escalation vulnerability...

9.3CVSS8.9AI score0.9923EPSS
Exploits59
thn
thn
added 2025/08/18 12:47 p.m.25 views

⚡ Weekly Recap: NFC Fraud, Curly COMrades, N-able Exploits, Docker Backdoors & More

Power doesn't just disappear in one big breach. It slips away in the small stuff—a patch that's missed, a setting that's wrong, a system no one is watching. Security usually doesn't fail all at once; it breaks slowly, then suddenly. Staying safe isn't about knowing everything—it's about acting fa...

10CVSS9.6AI score0.99999EPSS
Exploits48
thn
thn
added 2025/08/18 10:56 a.m.8 views

Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks

Cybersecurity researchers have discovered a malicious package in the Python Package Index PyPI repository that introduces malicious behavior through a dependency that allows it to establish persistence and achieve code execution. The package, named termncolor , realizes its nefarious functionalit...

7.7AI score
Exploits0
thn
thn
added 2025/08/18 10:15 a.m.9 views

Wazuh for Regulatory Compliance

Organizations handling various forms of sensitive data or personally identifiable information PII require adherence to regulatory compliance standards and frameworks. These compliance standards also apply to organizations operating in regulated sectors such as healthcare, finance, government...

6.8AI score
Exploits0
thn
thn
added 2025/08/16 10:41 a.m.24 views

ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure

Cybersecurity researchers have detailed the inner workings of an Android banking trojan called ERMAC 3.0, uncovering serious shortcomings in the operators' infrastructure. "The newly uncovered version 3.0 reveals a significant evolution of the malware, expanding its form injection and data theft...

7.7AI score
Exploits0
thn
thn
added 2025/08/16 5:34 a.m.32 views

Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware

The threat actor known as EncryptHub is continuing to exploit a now-patched security flaw impacting Microsoft Windows to deliver malicious payloads. Trustwave SpiderLabs said it recently observed an EncryptHub campaign that brings together social engineering and the exploitation of a vulnerabilit...

7CVSS7.8AI score0.31894EPSS
Exploits7
thn
thn
added 2025/08/15 4:20 p.m.12 views

Taiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking Tools

A Chinese-speaking advanced persistent threat APT actor has been observed targeting web infrastructure entities in Taiwan using customized versions of open-sourced tools with an aim to establish long-term access within high-value victim environments. The activity has been attributed by Cisco Talo...

7.7AI score
Exploits0
thn
thn
added 2025/08/15 11:27 a.m.6 views

U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions

The U.S. Department of the Treasury's Office of Foreign Assets Control OFAC on Thursday renewed sanctions against Russian cryptocurrency exchange platform Garantex for facilitating ransomware actors and other cybercriminals by processing more than $100 million in transactions linked to illicit...

6.9AI score
Exploits0
thn
thn
added 2025/08/15 11:0 a.m.4 views

Zero Trust + AI: Privacy in the Age of Agentic AI

We used to think of privacy as a perimeter problem: about walls and locks, permissions, and policies. But in a world where artificial agents are becoming autonomous actors — interacting with data, systems, and humans without constant oversight — privacy is no longer about control. It's about trus...

6.7AI score
Exploits0
Total number of security vulnerabilities20915