Topic: forensic analysis
-
Active Attacks Exploit Cisco ASA Zero-Day Flaws
A coordinated international cybersecurity alert warns of active attacks exploiting zero-day vulnerabilities in Cisco ASA and FTD software, attributed to a sophisticated, likely state-sponsored threat actor linked to previous ArcaneDoor campaigns. Two critical vulnerabilities (CVE-2025-20362 and C...
Read More » -
Nozomi Networks' Arc Release Boosts OT Security
Nozomi Networks has upgraded its Arc platform to include automated threat prevention for operational technology, enabling active defense of critical infrastructure without downtime. The enhancement introduces flexible prevention modes, OT-focused threat intelligence, and seamless integration with...
Read More » -
AI's New Jobs: Forensic Vibers and 10 Other Future Roles
AI integration is creating new professions that blend technical skills with ethical oversight, strategic thinking, and psychological insight to ensure systems are productive and aligned with goals. Over 85% of American workers expect prompt-writing skills to become essential, with younger generat...
Read More » -
BridgePay Hit by Ransomware, Says Customer Card Data Safe
BridgePay Network Solutions suffered a major ransomware attack causing a widespread system outage, but preliminary analysis indicates encrypted payment card data was not compromised. The company is working with cybersecurity experts and federal authorities on the investigation and recovery, thoug...
Read More » -
eScan AV Users Hit by Malicious Update Attack
Unknown attackers compromised eScan's update server, weaponizing it to deploy a malicious downloader that disabled the antivirus and blocked future security updates. The breach, detected in January 2026, forced the vendor to take its global update system offline and required many users to manuall...
Read More » -
React2Shell flaw fuels ransomware attacks
The **React2Shell** vulnerability (CVE-2025-55182) is being actively exploited, allowing attackers to gain unauthorized server access and deploy ransomware in under a minute without authentication. Attackers used this flaw to deploy the **Weaxor ransomware**, a less sophisticated rebrand of older...
Read More » -
Dutch Police Seize 250 Servers in Bulletproof Hosting Crackdown
Dutch law enforcement dismantled a major bulletproof hosting service used exclusively by cybercriminals, seizing approximately 250 physical servers and taking thousands of virtual servers offline. The service facilitated serious criminal activities like ransomware, botnets, and phishing by ignori...
Read More » -
Top Cybersecurity Jobs Hiring Now | October 2025
Cybersecurity careers are thriving with high demand across sectors like energy, finance, and healthcare, requiring technical skills and strategic thinking to protect infrastructure from evolving threats. Key roles include Threat Intelligence Analysts, Application Security Engineers, and Cloud Sec...
Read More » -
'BRICKSTORM' Backdoor: Chinese Hackers Target US Firms
A sophisticated cyber espionage campaign using the BRICKSTORM backdoor is targeting U.S. companies, particularly in legal, tech, and SaaS sectors, and is attributed to Chinese-aligned hackers with goals beyond intelligence gathering. The threat actors, known as UNC5221, employ a complex, multi-st...
Read More » -
ESA Confirms Hack of External Servers
The European Space Agency (ESA) confirmed a cybersecurity breach on external servers used for unclassified collaborative engineering, with a forensic investigation underway and measures taken to secure affected devices. A threat actor publicly claimed responsibility, alleging the theft of over 20...
Read More » -
CPU Spike Exposed RansomHub Ransomware Attack
An employee inadvertently triggered a ransomware attack by downloading a malicious file disguised as a browser update, initiating automated reconnaissance and credential harvesting. Attackers established persistence and network access through a SOCKS proxy, exploiting Active Directory weaknesses ...
Read More » -
APT37 Hackers Use Google Find Hub to Wipe Android Data
North Korean hackers are using Google's Find Hub service to remotely wipe Android devices and track locations, primarily targeting South Koreans through KakaoTalk messages and linked to known threat groups like APT37 and Kimsuky. The attack begins with spear-phishing messages impersonating author...
Read More » -
Nozomi Networks Automates Critical Infrastructure Cybersecurity
Nozomi Networks has launched automated threat prevention in its Nozomi Arc platform, providing the industry's first safe, automated response solution tailored for operational technology environments. The platform offers flexible prevention modes, integrates OT-specific threat intelligence, and se...
Read More » -
CISA Mandates Urgent Patching for Actively Exploited Cisco Zero-Day Flaws
CISA has issued an emergency directive requiring U.S. federal agencies to immediately address two actively exploited critical vulnerabilities (CVE-2025-20333 and CVE-2025-20362) in Cisco ASA and FTD firewalls, which allow unauthenticated remote code execution. Agencies must inventory all affected...
Read More » -
Libraesva ESG Zero-Day Exploited in Active Attacks (CVE-2025-59689)
A critical zero-day vulnerability (CVE-2025-59689) in the Libraesva Email Security Gateway is being actively exploited by a suspected state-sponsored actor, allowing arbitrary command execution on affected systems. The flaw is a command injection vulnerability caused by improper input sanitizatio...
Read More » -
Google Uncovers Custom Backdoor on SonicWall Devices
Google researchers identified a cyberattack targeting outdated SonicWall Secure Mobile Access (SMA) appliances, using custom malware called Overstep to evade detection and erase evidence. The compromised devices lack security updates, making them vulnerable, and Google urges affected businesses t...
Read More » -
ESA Server Breach Confirmed: Data Security Alert
The European Space Agency (ESA) is investigating a security breach of external servers, which appears limited to unclassified scientific collaboration systems but highlights growing cybersecurity threats in the space sector. A threat actor claimed to have stolen over 200GB of sensitive data, incl...
Read More » -
China-Linked Hackers Exploit Cisco Firewall Zero-Days
Cisco has released emergency patches for two actively exploited zero-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) in its ASA and FTD firewall software, linked to the ArcaneDoor espionage campaign. The vulnerabilities allowed attackers, suspected to be a China-based group, to execute co...
Read More » -
Hackers Stole Data From 200 Companies in Google-Linked Breach
A major supply chain attack compromised data from over 200 organizations, with Google confirming theft from Salesforce instances through Gainsight applications, highlighting risks in interconnected digital ecosystems. The hacking group Scattered Lapsus$ Hunters claimed responsibility, targeting c...
Read More »