Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners

Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans RATs like Quasar RAT. The vulnerability, assigned the CVE identifier CVE-2024-4577, refers to an argument injection vulnerability in PHP affecting Windows-based systems running in...

Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia

The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime gang and Russian authorities. The leak, containing over 200,000 messages from September 2023 to September 2024, was published by a Telegram...

Watch This Webinar to Learn How to Eliminate Identity-Based Attacks—Before They Happen

In today's digital world, security breaches are all too common. Despite the many security tools and training programs available, identity-based attacks—like phishing, adversary-in-the-middle, and MFA bypass—remain a major challenge. Instead of accepting these risks and pouring resources into fixi...

ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers

The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer. ClearFake, first highlighted in July 2023, is the name given to a threat activity cluster that...

5 Identity Threat Detection & Response Must-Haves for Super SaaS Security

Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS...

Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems

Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition SCADA system used in operational technology OT environments, that could allow malicious actors to take control of susceptible systems. "These vulnerabilities,...

CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities KEV catalog. The high-severity flaw, tracked as CVE-2025-30066 CVSS score:...

New 'Rules File Backdoor' Attack Lets Hackers Inject Malicious Code via AI Code Editors

Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence AI-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. "This technique enables hackers to silently compromis...

Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017

An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017. The zero-day vulnerability, tracked by Trend Micro's Zero...

Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security

Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion. "This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability...

New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking

A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller BMC software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085 , carries a CVSS v4 score of 10.0,...

How to Improve Okta Security in Four Steps

While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts. Okta serves as the...

New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads

Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store to serve full-screen ads and conduct phishing attacks. "The apps display out-of-context ads and even try to persuade victims to give away...

China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation

Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL. The attack, detected by ESET in late August 2024, singled out a Centr...

BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse

At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem. This includes SalesTracker Group, MoYu Group, Lemon Group, and LongTV,...

Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets

Microsoft is calling attention to a novel remote access trojan RAT named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data. The malware contains capabilities to "steal information from the...

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure

A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept PoC a mere 30 hours after public disclosure. The vulnerability, tracked as CVE-2025-24813 , affects the below versions - Apache Tomcat...

Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year

An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in question is CVE-2025-1316 CVSS v4 score: 9.3, a critical operating system command injection flaw that a...

Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions

Malicious actors are exploiting Cascading Style Sheets CSS, which are used to style and format the layout of web pages, to bypass spam filters and track users' actions. That's according to new findings from Cisco Talos, which said such malicious activities can compromise a victim's security and...

⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More

From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week's cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new...

SANS Institute Warns of Novel Cloud-Native Ransomware Attacks

The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider's storage security...

GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories

Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery CI/CD workflow. The incident involved the tj-actions/changed-files...

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index PyPI repository with bogus libraries masquerading as "time" related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain...

Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges

A 51-year-old dual Russian and Israeli national who is alleged to be a developer of the LockBit ransomware group has been extradited to the United States, nearly three months after he was formally charged in connection with the e-crime scheme. Rostislav Panev was previously arrested in Israel in...

GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging

The GSM Association GSMA has formally announced support for end-to-end encryption E2EE for securing messages sent via the Rich Communications Services RCS protocol, bringing much-needed security protections to cross-platform messages shared between Android and iOS platforms. To that end, the new...

Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom

Cyber threats evolve daily. In this live webinar, learn exactly how ransomware attacks unfold—from the initial breach to the moment hackers demand payment. Join Joseph Carson, Delinea's Chief Security Scientist and Advisory CISO, who brings 25 years of enterprise security expertise. Through a liv...

Why Most Microsegmentation Projects Fail—And How Andelyn Biosciences Got It Right

Most microsegmentation projects fail before they even get off the ground—too complex, too slow, too disruptive. But Andelyn Biosciences proved it doesn't have to be that way. Microsegmentation: The Missing Piece in Zero Trust Security Security teams today are under constant pressure to defend...

New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions

Users searching for pirated software are the target of a new malware campaign that delivers a previously undocumented clipper malware called MassJacker, according to findings from CyberArk. Clipper malware is a type of cryware as coined by Microsoft that's designed to monitor a victim's clipboard...

OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection

A new malware campaign has been observed leveraging social engineering tactics to deliver an open-source rootkit called r77. The activity, condemned OBSCUREBAT by Securonix, enables threat actors to establish persistence and evade detection on compromised systems. It's currently not known who is...

Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails

Microsoft has shed light on an ongoing phishing campaign that has targeted the hospitality sector by impersonating online travel agency Booking.com using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware. The activity, the tech giant's...

North Korea's ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps

The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The...

GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks

Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language SAML authentication protections. SAML is an XML-based markup language and open-standard used for exchanging authentication and...

Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025

As IT environments grow more complex, IT professionals are facing unprecedented pressure to secure business-critical data. With hybrid work the new standard and cloud adoption on the rise, data is increasingly distributed across different environments, providers and locations, expanding the attac...

Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk

Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild. The vulnerability has been assigned the CVE identifier CVE-2025-27363, and carries a CVSS score of 8.1, indicating high severity. Described as an...

WARNING: Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback

Browser maker Mozilla is urging users to update their Firefox instances to the latest version to avoid facing issues with using add-ons due to the impending expiration of a root certificate. "On March 14, 2025, a root certificate used to verify signed content and add-ons for various Mozilla...

Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits

The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX Series routers from Juniper Networks as part of a campaign designed to deploy custom backdoors, highlighting their ability to focus on internal networking infrastructure. "The backdoors had varying...

Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack

Threat intelligence firm GreyNoise is warning of a "coordinated surge" in the exploitation of Server-Side Request Forgery SSRF vulnerabilities spanning multiple platforms. "At least 400 IPs have been seen actively exploiting multiple SSRF CVEs simultaneously, with notable overlap between attack...

Pentesters: Is AI Coming for Your Role?

We've been hearing the same story for years: AI is coming for your job. In fact, in 2017, McKinsey printed a report, Jobs Lost, Jobs Gained: Workforce Transitions in a Time of Automation , predicting that by 2030, 375 million workers would need to find new jobs or risk being displaced by AI and...

URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days

Microsoft on Tuesday released security updates to address 57 security vulnerabilities in its software, including a whopping six zero-days that it said have been actively exploited in the wild. Of the 56 flaws, six are rated Critical, 50 are rated Important, and one is rated Low in severity...

Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks

Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in "extremely sophisticated" attacks. The vulnerability has been assigned the CVE identifier CVE-2025-24201 and is rooted in the WebKit web browser engine component. It has been described as an...

Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks

The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. "The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection...

Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Targets Over 6,000 Devices

Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. "The botnet exploits a remote code execution RCE vulnerability in TP-Link Archer routers CVE-2023-1389 to spread itself automatically over the...

Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real Threats

In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security , believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world...

Steganography Explained: How XWorm Hides Inside Images

Inside the most innocent-looking image, a breathtaking landscape, or a funny meme, something dangerous could be hiding, waiting for its moment to strike. No strange file names. No antivirus warnings. Just a harmless picture, secretly concealing a payload that can steal data, execute malware, and...

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa

Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat APT group dubbed SideWinder. The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates,...

Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches

Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees. The vulnerability, tracked as CVE-2024-12297 , has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0...

CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager EPM to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation in the wild. The list of vulnerabilities is ...

Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials

Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on. "The polymorphic extensions create a pixel perfect replica of the target's icon, HTML popup, workflows and even temporarily disables the legitimate...

Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links

The Middle East and North Africa have become the target of a new campaign that delivers a modified version of a known malware called AsyncRAT since September 2024. "The campaign, which leverages social media to distribute malware, is tied to the region's current geopolitical climate," Positive...

Why The Modern Google Workspace Needs Unified Security

The Need For Unified Security Google Workspace is where teams collaborate, share ideas, and get work done. But while it makes work easier, it also creates new security challenges. Cybercriminals are constantly evolving, finding ways to exploit misconfigurations, steal sensitive data, and hijack...