Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord

Cryptocurrency users are the target of an ongoing social engineering campaign that employs fake startup companies to trick users into downloading malware that can drain digital assets from both Windows and macOS systems. "These malicious operations impersonate AI, gaming, and Web3 firms using...

Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods

The U.K. National Crime Agency NCA on Thursday announced that four people have been arrested in connection with cyber attacks targeting major retailers Marks & Spencer, Co-op, and Harrods. The arrested individuals include two men aged 19, a third aged 17, and a 20-year-old woman. They were...

What Security Leaders Need to Know About AI Governance for SaaS

Generative AI is not arriving with a bang, it's slowly creeping into the software that companies already use on a daily basis. Whether it is video conferencing or CRM, vendors are scrambling to integrate AI copilots and assistants into their SaaS applications. Slack can now provide AI summaries o...

New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App

Cybersecurity researchers have discovered new artifacts associated with an Apple macOS malware called ZuRu, which is known to propagate via trojanized versions of legitimate software. SentinelOne, in a new report shared with The Hacker News, said the malware has been observed masquerading as the...

AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs

Semiconductor company AMD is warning of a new set of vulnerabilities affecting a broad range of chipsets that could lead to information disclosure. The flaws, collectively called Transient Scheduler Attacks TSA, manifest in the form of a speculative side channel in its CPUs that leverage executio...

ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs

A high-severity security flaw has been disclosed in ServiceNow's platform that, if successfully exploited, could result in data exposure and exfiltration. The vulnerability, tracked as CVE-2025-3648 CVSS score: 8.2, has been described as a case of data inference in Now Platform through conditiona...

Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets

The Initial Access Broker IAB known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized access to organizations and peddle that access to other threat actors. The activity is being tracked by Palo Alto Networks Unit 42 under the monike...

DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware

A threat actor with suspected ties to India has been observed targeting a European foreign affairs ministry with malware capable of harvesting sensitive data from compromised hosts. The activity has been attributed by Trellix Advanced Research Center to an advanced persistent threat APT group...

U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme

The U.S. Department of the Treasury's Office of Foreign Assets Control OFAC on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the infamous remote information technology IT worker scheme. The Treasury said Song Kum Hyok, a 38-year-old North Korean...

How To Automate Ticket Creation, Device Identification and Threat Triage With Tines

Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition. A recent standout is a workflow that...

Chinese Hacker Xu Zewei Arrested for Ties to Silk Typhoon Group and U.S. Cyber Attacks

A Chinese national has been arrested in Milan, Italy, for his alleged links to a state-sponsored hacking group known as Silk Typhoon and for carrying out cyber attacks against American organizations and government agencies. The 33-year-old, Xu Zewei , has been charged with nine counts of wire fra...

Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server

For the first time in 2025, Microsoft's Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but the company acknowledged one of the addressed flaws had been publicly known. The patches resolve a whopping 130 vulnerabilities, along with 10 other non-Microsoft CVEs th...

Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware

In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute stealer malware. The company behind the software said a company that had recently purchased...

Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play

Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google's official app marketplace. The malware, disguised as a "PDF Update" to a document viewer app, has been...

Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension

Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code VS Code extension called Ethcode that has been installed a little over 6,000 times. The compromise, per ReversingLabs, occurred via a GitHub pull request that was opened by a user named Airez299 ...

5 Ways Identity-based Attacks Are Breaching Retail

From overprivileged admin roles to long-forgotten vendor tokens, these attackers are slipping through the cracks of trust and access. Here's how five retail breaches unfolded, and what they reveal about... In recent months, major retailers like Adidas, The North Face, Dior, Victoria's Secret,...

RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks

Cybersecurity researchers are calling attention to a malware campaign that's targeting security flaws in TBK digital video recorders DVRs and Four-Faith routers to rope the devices into a new botnet called RondoDox. The vulnerabilities in question include CVE-2024-3721, a medium-severity command...

BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally

A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites BNS—to deceive users into online investment fraud across 50 countries. These BNS pages are made to look like real news outlets: CNN, BBC, CNBC, or...

Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms

Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia. The activity, per cybersecurity vendor Kaspersky, has been active since July 2024. "The targeted attack begins with bait emails containing malicious link...

CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added four security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The list of flaws is as follows - CVE-2014-3931 CVSS score: 9.8 - A buffer overflow...

SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools

Cybersecurity researchers have disclosed a malicious campaign that leverages search engine optimization SEO poisoning techniques to deliver a known malware loader called Oyster aka Broomstick or CleanUpLoader. The malvertising activity, per Arctic Wolf, promotes fake websites hosting trojanized...

⚡ Weekly Recap: Chrome 0-Day, Ivanti Exploits, MacOS Stealers, Crypto Heists and More

Everything feels secure—until one small thing slips through. Even strong systems can break if a simple check is missed or a trusted tool is misused. Most threats don't start with alarms—they sneak in through the little things we overlook. A tiny bug, a reused password, a quiet connection—that's a...

Manufacturing Security: Why Default Passwords Must Go

If you didn't hear about Iranian hackers breaching US water facilities, it's because they only managed to control a single pressure station serving 7,000 people. What made this attack noteworthy wasn't its scale, but how easily the hackers gained access — by simply using the manufacturer's defaul...

TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors

A hacking group with ties other than Pakistan has been found targeting Indian government organizations with a modified variant of a remote access trojan RAT called DRAT. The activity has been attributed by Recorded Future's Insikt Group to a threat actor tracked as TAG-140, which it said overlaps...

Taiwan NSB Alerts Public on Data Risks from Douyin, Weibo, and RedNote Over China Ties

Taiwan's National Security Bureau NSB has warned that China-developed applications like RedNote aka Xiaohongshu, Weibo, Douyin, WeChat, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China. The alert comes following an inspection of these apps carried ou...

Alert: Exposed JDWP Interfaces Lead to Crypto Mining, Hpingbot Targets SSH for DDoS

Threat actors are weaponizing exposed Java Debug Wire Protocol JDWP interfaces to obtain code execution capabilities and deploy cryptocurrency miners on compromised hosts. "The attacker used a modified version of XMRig with a hard-"coded configuration, allowing them to avoid suspicious command-li...

NightEagle APT Exploits Microsoft Exchange Flaw to Target China's Military and Tech Sectors

Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle aka APT-Q-95 that has been observed targeting Microsoft Exchange servers as a part of a zero-day exploit chain designed to target government, defense, and technology sectors in China. According t...

Your AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop It

Generative AI is changing how businesses work, learn, and innovate. But beneath the surface, something dangerous is happening. AI agents and custom GenAI workflows are creating new, hidden ways for sensitive enterprise data to leak —and most teams don't even realize it. If you're building,...

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros

Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines. A brief description of the vulnerabilities is below - CVE-2025-324...

Google Ordered to Pay $314M for Misusing Android Users' Cellular Data Without Permission

Google has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused Android device users' cellular data when they were idle to passively send information to the company. The verdict marks an end to a legal class-action complaint that was originally...

Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams

A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN. The identified apps were designed to load out-of-context ads on a user's screen and hide their icons from the device home screen launcher, making it harder for...

Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets

Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users' digital assets at risk. "These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase,...

The Hidden Weaknesses in AI SOC Tools that No One Talks About

If you're evaluating AI-powered SOC platforms, you've likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions rely on pre-trained AI models that are hardwired for a handful of specific use cases. While that might...

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms

The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities...

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager Unified CM and Unified Communications Manager Session Management Edition Unified CM SME that could permit an attacker to login to a susceptible device as the root user, allowing them ...

North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics. "Unusually for macOS malware, the threat actors employ a process injection...

That Network Traffic Looks Legit, But it Could be Hiding a Serious Threat

With nearly 80% of cyber threats now mimicking legitimate user behavior, how are top SOCs determining what's legitimate traffic and what is potentially dangerous? Where do you turn when firewalls and endpoint detection and response EDR fall short at detecting the most important threats to your...

Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns

Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors. "A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers,...

U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware

The U.S. Department of the Treasury's Office of Foreign Assets Control OFAC has levied sanctions against Russia-based bulletproof hosting BPH service provider Aeza Group to assist threat actors in their malicious activities and targeting victims in the country and across the world. The sanctions...

Vercel's v0 AI Tool Weaponized by Cybercriminals to Rapidly Create Fake Login Pages at Scale

Unknown threat actors have been observed weaponizing v0, a generative artificial intelligence AI tool from Vercel, to design fake sign-in pages that impersonate their legitimate counterparts. "This observation signals a new evolution in the weaponization of Generative AI by threat actors who have...

Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits

Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence AI company Anthropic's Model Context Protocol MCP Inspector project that could result in remote code execution RCE and allow an attacker to gain complete access to the hosts. The vulnerability,...

TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns

Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader. Enterprise security firm Proofpoint is tracking the activity associated with TransferLoader to a group...

New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status

A new study of integrated development environments IDEs like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in how they handle the extension verification process, ultimately enabling attackers to execute malicious code on developer machines. "We...

A New Maturity Model for Browser Security: Closing the Last-Mile Risk

Despite years of investment in Zero Trust, SSE, and endpoint protection, many enterprises are still leaving one critical layer exposed: the browser. It's where 85% of modern work now happens. It's also where copy/paste actions, unsanctioned GenAI usage, rogue extensions, and personal devices crea...

Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as CVE-2025-6554 CVSS score: 8.1, has been described as a type confusion flaw in the V8 JavaScript and WebAssembly engine. "Type...

U.S. Arrests Facilitator in North Korean IT Worker Scheme; Seizes 29 Domains and Raids 21 Laptop Farms

The U.S. Department of Justice DoJ on Monday announced sweeping actions targeting the North Korean information technology IT worker scheme, leading to the arrest of one individual and the seizure of 29 financial accounts, 21 fraudulent websites, and nearly 200 computers. The coordinated action sa...

Microsoft Removes Password Management from Authenticator App Starting August 2025

Microsoft has said that it's ending support for passwords in its Authenticator app starting August 1, 2025. Microsoft's move is part of a much larger shift away from traditional password-based logins. The company said the changes are also meant to streamline autofill within its two-factor...

U.S. Agencies Warn of Rising Iranian Cyber Attacks on Defense, OT Networks, and Critical Infrastructure

U.S. cybersecurity and intelligence agencies have issued a joint advisory warning of potential cyber attacks from Iranian state-sponsored or affiliated threat actors. "Over the past several months, there has been increasing activity from hacktivists and Iranian government-affiliated actors, which...

Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects

Europol on Monday announced the takedown of a cryptocurrency investment fraud ring that laundered €460 million $540 million from more than 5,000 victims across the world. The international effort, codenamed Operation Borrelli, was carried out by the Spanish Guardia Civil, along with support from...

Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks

The threat actor known as Blind Eagle has been attributed with high confidence to the use of the Russian bulletproof hosting service Proton66. Trustwave SpiderLabs, in a report published last week, said it was able to make this connection by pivoting from Proton66-linked digital assets, leading t...