North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials

The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center ASEC. The attacks commence with phishing emails...

Top 3 Ransomware Threats Active in 2025

You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: "Pay $2 million in Bitcoin within 48 hours or lose everything." And the worst part is that even after paying, there's no guarantee you'll ge...

Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc

Cisco has released updates to address two critical security flaws Identity Services Engine ISE that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices. The vulnerabilities are listed below - CVE-2025-20124 CVSS score: 9.9 - An insecure Java...

Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign

The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems. According to cybersecurity company Bitdefender, the scam...

Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts

Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover ATO attacks on Microsoft 365 environments. Enterprise security company Proofpoint said it observed campaigns using HTTP clients Axios and Node Fetch to send HTTP requests and receive HTTP...

Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks

A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan. "This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision...

New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack

Veeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2025-23114 , carries a CVSS score of 9.0 out of 10.0. "A vulnerability within the Veeam...

Navigating the Future: Key IT Vulnerability Management Trends 

As the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers MSPs and IT teams. Recent trends indicate that organizations increasingly prioritize more frequent IT security vulnerability assessments to identify...

AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks

A malware campaign has been observed delivering a remote access trojan RAT named AsyncRAT by making use of Python payloads and TryCloudflare tunnels. "AsyncRAT is a remote access trojan RAT that exploits the async/await pattern for efficient, asynchronous communication," Forcepoint X-Labs...

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added four security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-45195 CVSS score: 7.5/9.8 - A forced...

Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access

Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB...

Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections

A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 CVSS score: 7.0, allows remote attackers to circumvent mark-of-the-web MotW protections and execute arbitrary code in the context of the curre...

North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS

The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process. "Targets are typically asked to communicate with an interviewer through a link that throws a...

Watch Out For These 8 Cloud Security Shifts in 2025

As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could...

Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks

Taiwan has become the latest country to ban government agencies from using Chinese startup DeepSeek's Artificial Intelligence AI platform, citing security risks. "Government agencies and critical infrastructure should not use DeepSeek, because it endangers national information security," accordin...

AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access

A security vulnerability has been disclosed in AMD's Secure Encrypted Virtualization SEV that could permit an attacker to load a malicious CPU microcode under specific conditions. The flaw, tracked as CVE-2024-56161 , carries a CVSS score of 7.2 out of 10.0, indicating high severity. "Improper...

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below - CVE-2025-21396 CVSS score: 7.5 - Microsoft Accou...

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability in question is CVE-2024-53104 CVSS score: 7.8, which has been described as a case of privilege escalation in a kernel...

Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform

Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user's credentials and stage follow-on attacks. This could manifest in the form of...

768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023

As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck...

PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages

The maintainers of the Python Package Index PyPI registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security. "Maintainers can now archive a project to let users know that the project is not expected to receive any...

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [3 February]

This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in. From better locks on our devices...

Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions

Brazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote. "Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials,...

What Is Attack Surface Management?

Attack surfaces are growing faster than security teams can keep up – to stay ahead, you need to know what's exposed and where attackers are most likely to strike. With cloud adoption dramatically increasing the ease of exposing new systems and services to the internet, prioritizing threats and...

Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware

A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC, Atomic macOS Stealer aka AMOS, and Angel Drainer. "Specializing in...

U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan. The action, which took place on January 29, 2025, has been codenamed Operation Heart...

BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key

BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company's Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used...

Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists

Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members. The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutraliz...

Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts

Cybersecurity researchers have discovered a malvertising campaign that's targeting Microsoft advertisers with bogus Google ads that aim to take them to phishing pages that are capable of harvesting their credentials. "These malicious ads, appearing on Google Search, are designed to steal the logi...

CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors

The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Food and Drug Administration FDA have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626 , carries a CVS...

Top 5 AI-Powered Social Engineering Attacks

Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. There's no brute-force 'spray and pray' password guessing. No scouring systems for unpatched software. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for...

Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns

Italy's data protection watchdog has blocked Chinese artificial intelligence AI firm DeepSeek's service within the country, citing a lack of information on its use of users' personal data. The development comes days after the authority, the Garante, sent a series of questions to DeepSeek, asking...

Google Bans 158,000 Malicious Android App Developer Accounts in 2024

Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps. The tech giant also noted it prevented 1.3 million apps from...

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information. The list of identified flaws, which impact versions 8.x o...

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence AI technology powered by Google to further enable their malicious cyber and information operations. "Threat actors are experimenting with Gemini to enable their...

Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown

An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, Nulled, Sellix, and StarkRDP. The effort, which took place between January 28 and 30, 2025, targeted the following domains - www.cracked.io...

Lightning AI Studio Vulnerability Could've Allowed RCE via Hidden URL Parameter

Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could have allowed for remote code execution. The vulnerability, rated a CVSS score of 9.4, enables "attackers to potentially execute arbitrary comman...

SOC Analysts - Reimagining Their Role Using AI

The job of a SOC analyst has never been easy. Faced with an overwhelming flood of daily alerts, analysts and sometimes IT teams who are doubling as SecOps must try and triage thousands of security alerts—often false positives—just to identify a handful of real threats. This relentless, 24/7 work...

DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked

Buzzy Chinese artificial intelligence AI startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data. The ClickHouse database "allows full control over...

Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits

Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances. "When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the...

New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks

A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service DDoS attacks. The vulnerability in question is CVE-2024-41710 CVS...

Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks

The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control C2 infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. "Each C2 server hosted a...

AI in Cybersecurity: What's Effective and What's Not – Insights from 200 Experts

Curious about the buzz around AI in cybersecurity? Wonder if it's just a shiny new toy in the tech world or a serious game changer? Let's unpack this together in a not-to-be-missed webinar that goes beyond the hype to explore the real impact of AI on cybersecurity. Join Ravid Circus , a seasoned...

New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits

A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome. The attacks have been codenam...

How Interlock Ransomware Infects Healthcare Organizations

Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure th...

Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution

A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances. The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a...

UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents

The advanced persistent threat APT group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE. "This research focuses on completing the picture of UAC-0063's...

Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer

Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked as CVE-2025-22217 CVSS score: 8.6, has been described as an unauthenticated blind SQL injection. "A malicio...

Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability

Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild. "Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise,...

PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks

A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany. The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a...