Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories 

Identity-based attacks are on the rise. Attacks in which malicious actors assume the identity of an entity to easily gain access to resources and sensitive data have been increasing in number and frequency over the last few years. Some recent reports estimate that 83% of attacks involve compromis...

⚡ Weekly Recap: Airline Hacks, Citrix 0-Day, Outlook Malware, Banking Trojans and more

Ever wonder what happens when attackers don’t break the rules—they just follow them better than we do? When systems work exactly as they’re built to, but that “by design” behavior quietly opens the door to risk? This week brings stories that make you stop and rethink what’s truly under control...

FBI Warns of Scattered Spider's Expanding Attacks on Airlines Using Social Engineering

The U.S. Federal Bureau of Investigation FBI has revealed that it has observed the notorious cybercrime group Scattered Spider broadening its targeting footprint to strike the airline sector. To that end, the agency said it's actively working with aviation and industry partners to combat the...

GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool

The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent intelligence-gathering tool. "Recent campaigns in June 2025 demonstrate GIFTEDCROOK's enhanced ability to exfiltrate a broad range of sensitive...

Facebook's New AI Tool Asks to Upload Your Photos for Story Ideas, Sparking Privacy Concerns

Facebook, the social network platform owned by Meta, is asking for users to upload pictures from their phones to suggest collages, recaps, and other ideas using artificial intelligence AI, including those that have not been directly uploaded to the service. According to TechCrunch, which first...

Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign

Threat hunters have discovered a network of more than 1,000 compromised small office and home office SOHO devices that have been used to facilitate a prolonged cyber espionage infrastructure campaign for China-nexus hacking groups. The Operational Relay Box ORB network has been codenamed LapDogs ...

PUBLOAD and Pubshell Malware Used in Mustang Panda's Tibet-Specific Attack

A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community. The spear-phishing attacks leveraged topics related to Tibet, such as the 9th World Parliamentarians' Convention on Tibet WPCT, China's education policy...

Business Case for Agentic AI SOC Analysts

Security operations centers SOCs are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today's security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending. At...

Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit

A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit. The activity has been attributed with medium confidence to a Chinese hacking group called Silver Fox aka Void...

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted

Threat intelligence firm GreyNoise is warning of a "notable surge" in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025—suggesting that attackers may be preparing for another mass exploitation campaign or probing for unpatched systems. MOVEit Transfer is a popular...

OneClik Red Team Campaign Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors

Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft's ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors. "The campaign exhibits characteristics aligned with...

Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks

Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry "open-vsx.org" that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk. "This vulnerability...

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine ISE and ISE Passive Identity Connector ISE-PIC that could permit an unauthenticated attacker to execute arbitrary commands as the root user. The vulnerabilities, assigned the CVE identifiers...

New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks

The ClickFix social engineering tactic as an initial access vector using fake CAPTCHA verifications increased by 517% between the second half of 2024 and the first half of this year, according to data from ESET. "The list of threats that ClickFix attacks lead to is growing by the day, including...

The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the...

Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks

An Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps IRGC has been linked to a spear-phishing campaign targeting journalists, high-profile cyber security experts, and computer science professors in Israel. "In some of those campaigns, Israeli technology a...

Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa

Cybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July 2023 using a mix of open-source and publicly available tools to maintain access. Palo Alto Networks Unit 42 is tracking the activity under the moniker...

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The list of vulnerabilitie...

WhatsApp Adds AI-Powered Message Summaries for Faster Chat Previews

Popular messaging platform WhatsApp has added a new artificial intelligence AI-powered feature that leverages its in-house solution Meta AI to summarize unread messages in chats. The feature, called Message Summaries, is currently rolling out in the English language to users in the United States,...

nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery

New research has uncovered continued risk from a known security weakness in Microsoft's Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service SaaS applications. Identity security company Semperis, in an analysis of 104 SaaS applications,...

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543 , carries a CVSS score of 9.2 out of a maximum of 10.0. It has been described as a case of memory overflow that could...

Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure

Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface GUI for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions. The vulnerabilities, tracked as CVE-2025-0055 and...

Pro-Iranian Hacktivist Group Leaks Personal Records from the 2024 Saudi Games

Thousands of personal records allegedly linked to athletes and visitors of the Saudi Games have been published online by a pro-Iranian hacktivist group called Cyber Fattah. Cybersecurity company Resecurity said the breach was announced on Telegram on June 22, 2025, in the form of SQL database...

Beware the Hidden Risk in Your Entra Environment

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk. A gap in access control in Microsoft Entra's subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full...

SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks

Unknown threat actors have been distributing a trojanized version of SonicWall's SSL VPN NetExtender application to steal credentials from unsuspecting users who may have installed it. "NetExtender enables remote users to securely connect and run applications on the company network," SonicWall...

North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages

Cybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from North Korea. According to Socket, the ongoing supply chain attack involves 35 malicious packages that were uploaded from 24 npm accounts. These...

Microsoft Extends Windows 10 Security Updates for One Year with New Enrollment Options

Microsoft on Tuesday announced that it's extending Windows 10 Extended Security Updates ESU for an extra year by letting users either pay a small fee of $30 or by sync their PC settings to the cloud. The development comes ahead of the tech giant's upcoming October 14, 2025, deadline, when it plan...

New U.S. Visa Rule Requires Applicants to Set Social Media Account Privacy to Public

The United States Embassy in India has announced that applicants for F, M, and J nonimmigrant visas should make their social media accounts public. The new guideline seeks to help officials verify the identity and eligibility of applicants under U.S. law. The U.S. Embassy said every visa...

Researchers Find Way to Shut Down Cryptominer Campaigns Using Bad Shares and XMRogue

Cybersecurity researchers have detailed two novel methods that can be used to disrupt cryptocurrency mining botnets. The methods take advantage of the design of various common mining topologies in order to shut down the mining process, Akamai said in a new report published today. "We developed tw...

Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers

Unidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials. Positive Technologies, in a new analysis published last week, said it identified two different kinds of keylogger code...

Between Buzz and Reality: The CTEM Conversation We All Need

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it mean...

Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network

Misconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in susceptible environments. "Attackers are exploiting misconfigured Docker APIs to gain access to containerized environments, then using Tor to mask their activiti...

U.S. House Bans WhatsApp on Official Devices Over Security and Data Protection Issues

The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns. The development was first reported by Axios. The decision, according to the House Chief Administrative Officer CAO, was motivated by worrie...

APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine

The Computer Emergency Response Team of Ukraine CERT-UA has warned of a new cyber attack campaign by the Russia-linked APT28 aka UAC-0001 threat actors using Signal chat messages to deliver two previously undocumented malware families dubbedd BEARDSHELL and COVENANT. BEARDSHELL, per CERT-UA, is...

China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom

The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation FBI have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber espionage campaign. The attackers exploit...

Echo Chamber Jailbreak Tricks LLMs Like OpenAI and Google into Generating Harmful Content

Cybersecurity researchers are calling attention to a new jailbreaking method called Echo Chamber that could be leveraged to trick popular large language models LLMs into generating undesirable responses, irrespective of the safeguards put in place. "Unlike traditional jailbreaks that rely on...

DHS Warns Pro-Iranian Hackers Likely to Target U.S. Networks After Iranian Nuclear Strikes

The United States government has warned of cyber attacks mounted by pro-Iranian groups after it launched airstrikes on Iranian nuclear sites as part of the Iran–Israel war that commenced on June 13, 2025. Stating that the ongoing conflict has created a "heightened threat environment" in the...

XDigo Malware Exploits Windows LNK Flaw in Eastern European Government Attacks

Cybersecurity researchers have uncovered a Go-based malware called XDigo that has been used in attacks targeting Eastern European governmental entities in March 2025. The attack chains are said to have leveraged a collection of Windows shortcut LNK files as part of a multi-stage procedure to depl...

How AI-Enabled Workflow Automation Can Help SOCs Reduce Burnout

It sure is a hard time to be a SOC analyst. Every day, they are expected to solve high-consequence problems with half the data and twice the pressure. Analysts are overwhelmed—not just by threats, but by the systems and processes in place that are meant to help them respond. Tooling is fragmented...

Google Adds Multi-Layered Defenses to Secure GenAI from Prompt Injection Attacks

Google has revealed the various safety measures that are being incorporated into its generative artificial intelligence AI systems to mitigate emerging attack vectors like indirect prompt injections and improve the overall security posture for agentic AI systems. "Unlike direct prompt injections,...

⚡ Weekly Recap: Chrome 0-Day, 7.3 Tbps DDoS, MFA Bypass Tricks, Banking Trojan and More

Not every risk looks like an attack. Some problems start as small glitches, strange logs, or quiet delays that don't seem urgent—until they are. What if your environment is already being tested, just not in ways you expected? Some of the most dangerous moves are hidden in plain sight. It's worth...

Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages

The April 2025 cyber attacks targeting U.K. retailers Marks & Spencer and Co-op have been classified as a "single combined cyber event." That's according to an assessment from the Cyber Monitoring Centre CMC, a U.K.-based independent, non-profit body set up by the insurance industry to categorize...

Qilin Ransomware Adds "Call Lawyer" Feature to Pressure Victims for Larger Ransoms

The threat actors behind the Qilin ransomware-as-a-service RaaS scheme are now offering legal counsel for affiliates to put more pressure on victims to pay up, as the cybercrime group intensifies its activity and tries to fill the void left by its rivals. The new feature takes the form of a "Call...

Iran's State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist

Iran's state-owned TV broadcaster was hacked Wednesday night to interrupt regular programming and air videos calling for street protests against the Iranian government, according to multiple reports. It's currently not known who is behind the attack, although Iran pointed fingers at Israel, per...

6 Steps to 24/7 In-House SOC Success

Hackers never sleep, so why should enterprise defenses? Threat actors prefer to target businesses during off-hours. That's when they can count on fewer security personnel monitoring systems, delaying response and remediation. When retail giant Marks & Spencer experienced a security event over...

Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider

Cloudflare on Thursday said it autonomously blocked the largest distributed denial-of-service DDoS attack ever recorded, which hit a peak of 7.3 terabits per second Tbps. The attack, which was detected in mid-May 2025, targeted an unnamed hosting provider. "Hosting providers and critical Internet...

200+ Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers

Cybersecurity researchers have uncovered a new campaign in which the threat actors have published more than 67 GitHub repositories that claim to offer Python-based hacking tools, but deliver trojanized payloads instead. The activity, codenamed Banana Squad by ReversingLabs, is assessed to be a...

New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud, and NFC Theft

Cybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique campaigns. "Operated by the financially motivated threat actor LARVA-398, AntiDot is actively sold as a Malware-as-a-Service MaaS on...

BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with macOS Backdoor Malware

The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices. Huntress, which revealed details of the cyber...

Secure Vibe Coding: The Complete New Guide

DALL-E for coders? That's the promise behind vibe coding, a term describing the use of natural language to create software. While this ushers in a new era of AI-generated code, it introduces "silent killer" vulnerabilities: exploitable flaws that evade traditional security tools despite perfect...