Topic: security recommendations
-
Patch Now: SonicWall Warns of Critical RCE Flaw in SMA 100 Devices
SonicWall warns of a critical remote code execution vulnerability (CVE-2025-40599) in SMA 100 series appliances, urging immediate patching due to active exploitation by attackers with admin access. A hacker group (UNC6148) is deploying the rootkit OVERSTEP on compromised devices, enabling data th...
Read More » -
Beware Fake PayPal Alerts: Hackers Steal Logins, Deploy Malware
A sophisticated cyberattack uses fake PayPal security alerts, starting with phishing emails and escalating through phone-based social engineering to install malware. Attackers abuse legitimate remote monitoring tools like LogMeIn Rescue and AnyDesk to gain persistent access, evading detection by ...
Read More » -
North Korea's IT Workers Expand Targets Beyond Tech and Crypto
North Korea's covert IT worker program has expanded beyond targeting American tech and cryptocurrency firms to now include a wide range of global industries such as finance, healthcare, and public administration, posing a significant international security threat. Over 130 DPRK-linked operatives ...
Read More » -
60,000 Redis Servers Exposed by Critical Security Flaw
A critical vulnerability (CVE-2025-49844) in Redis, rated 10.0 in severity, allows attackers to gain full control over servers by exploiting a flaw in the Lua scripting engine that has existed for 13 years. Approximately 60,000 publicly accessible Redis servers with no authentication are at direc...
Read More » -
Over 40,000 OpenClaw Instances Found Exposed Online
Over 40,000 publicly exposed OpenClaw AI instances have been discovered, granting attackers the same access to systems and data as the AI agent itself. Exploitation is active, with many instances linked to prior breaches and vulnerabilities, including critical remote code execution flaws that all...
Read More » -
48 Million Gmail Credentials Leaked Online
A database containing nearly 149 million login credentials, including an estimated 48 million Gmail accounts, was exposed online, compiled from past breaches and infostealer malware. The primary risk is credential stuffing attacks, where stolen usernames and passwords are used to access other acc...
Read More » -
NCSC Alerts Orgs to Vulnerabilities in Exposed Devices
The UK's National Cyber Security Center has launched a **Proactive Notifications service** pilot, which scans the public internet for vulnerabilities in UK-connected systems and alerts organizations with tailored advice to fix them. The service operates legally and sends communications only from ...
Read More » -
SonicWall VPN Breach: Hackers Exploit Stolen Credentials
Attackers breached over 100 SonicWall SSLVPN accounts using stolen credentials, with malicious activity detected from October 4th to at least October 10th by Huntress. The intrusions utilized previously compromised valid credentials, not brute-force methods, and involved network reconnaissance an...
Read More » -
Urgent: Patch Citrix Bleed 2 NetScaler flaw as exploits go public
A critical Citrix NetScaler vulnerability (CVE-2025-5777) allows attackers to steal session tokens by exploiting malformed login requests to dump memory contents, similar to last year's CitrixBleed flaw. The flaw arises from improper use of the snprintf function, leaking ~127 bytes of memory per ...
Read More » -
500 npm Packages Infected by Shai-Hulud Malware Leaking Secrets
Over 500 npm packages, including popular tools like Zapier and Postman, have been compromised by the Shai-Hulud malware, which steals developer secrets and uploads them to rapidly multiplying GitHub repositories. The attack uses trojanized versions of legitimate packages to inject malicious scrip...
Read More » -
State Actor Behind SonicWall Cloud Backup Hack
A state-sponsored threat actor breached SonicWall's cloud backup service using brute-force techniques, accessing all stored backup files through an API call in a sophisticated nation-state level operation. SonicWall confirmed that core products, internal systems, and customer infrastructures were...
Read More » -
Beware: Malicious Blender Files Spreading StealC Malware
A Russian-linked cyberattack is distributing the StealC V2 malware via weaponized Blender files on 3D model marketplaces, exploiting trusted platforms to infect users' systems. The malware uses Blender's Auto Run feature to execute malicious Python scripts, which fetch a loader that installs pers...
Read More » -
Critical Flaws Exposed in Smart Air Compressor
Smart air compressors like the CAT-10020SMHAD with MDR2i controllers offer digital convenience but introduce cybersecurity risks, including vulnerabilities that could disrupt operations or manipulate data. Security flaws identified include hardcoded Wi-Fi passwords, unencrypted HTTP communication...
Read More » -
Windows App-V Scripts Bypass Enterprise Defenses with Infostealer
A sophisticated malware campaign bypasses enterprise security by tricking users into running a command that abuses a legitimate Microsoft script (`SyncAppvPublishingServer.vbs`) to stealthily execute PowerShell, targeting high-value corporate systems. The attack relies on specific Windows environ...
Read More » -
Critical Flaws Found in Fluent Bit Logging Agent
Severe security vulnerabilities have been discovered in Fluent Bit, a widely used telemetry logging tool installed over 15 billion times, impacting core functions in banking, cloud, and SaaS environments. The flaws include input validation issues, tag manipulation, path traversal, buffer overflow...
Read More » -
New MacOS Malware 'DigitStealer' Targets Apple M2/M3 Chips
DigitStealer is a sophisticated malware targeting macOS systems with Apple M2 and M3 chips, disguising itself as legitimate tools like DynamicLake or Google Drive to trick users into installation. The malware employs a multi-stage delivery process, checking system location and hardware to avoid v...
Read More » -
Skuld Infostealer Exploits WSUS Flaw (CVE-2025-59287)
A critical remote code execution vulnerability (CVE-2025-59287) in Windows Server Update Services (WSUS) is being actively exploited, allowing attackers to install information-stealing malware on unpatched systems. The flaw stems from unsafe deserialization of untrusted data, enabling unauthentic...
Read More » -
Tenable Uncovers Critical Google Gemini AI Flaws That Risked User Data
Tenable Research uncovered three critical security flaws in Google's Gemini AI, known as the Gemini Trifecta, which allowed attackers to manipulate the AI and steal sensitive user data without direct system access. The vulnerabilities affected components like Gemini Cloud Assist, Search Personali...
Read More » -
Russian APT28 Deploys 'NotDoor' Backdoor to Target Microsoft Outlook
A new sophisticated backdoor called NotDoor, attributed to Russian state-aligned group APT28, targets Microsoft Outlook to exfiltrate data and execute remote commands. The malware uses obfuscated VBA code and triggers from specific email phrases to deploy malicious actions, while employing evasio...
Read More » -
Chaos Ransomware Strikes: New Wave of Cyberattacks
The ransomware group Chaos employs aggressive double extortion tactics and psychological pressure, offering rewards for compliance while escalating threats like data leaks and DDoS attacks for non-payment. Chaos targets organizations globally, particularly in the U.S., UK, New Zealand, and India,...
Read More » -
WorldLeaks Ransomware Unleashes New 'RustyRocket' Malware
A new malware called **'RustyRocket'**, used by the extortion group World Leaks, is designed for stealthy data theft and persistent network access, evading traditional security. The malware, written in Rust, acts as a data exfiltration and proxy tool, targeting Windows and Linux by hiding its tra...
Read More » -
Major Cybersecurity Firms Impacted by Salesloft Data Breach
A data breach at Salesloft impacted over 700 organizations, including major cybersecurity firms, by compromising OAuth tokens to access Salesforce databases and Google Workspace accounts. Attackers, identified as UNC6395, targeted AWS access keys, passwords, and Snowflake tokens, posing risks for...
Read More » -
Viral AI Assistant Sparks Data Security Concerns
The Moltbot AI assistant's deep system integration and popularity pose severe security risks, as its power can lead to leaks of sensitive corporate and personal data if deployments are not properly secured. Insecure enterprise deployments are common, often due to misconfigured proxies that expose...
Read More » -
Rising Google Ads MCC Takeover Scams: How Phishing Attacks Work
A surge in sophisticated phishing attacks is compromising Google Ads Manager accounts, allowing fraudsters to drain advertising budgets of tens of thousands of dollars within hours, even bypassing two-factor authentication. Attackers use deceptive emails that mimic legitimate Google invitations, ...
Read More » -
AI Hacker Breached 600 Fortinet Firewalls in 5 Weeks
A Russian-speaking hacker exploited exposed management interfaces and weak credentials to breach over 600 Fortinet firewalls across 55 nations, using generative AI to automate network exploration and compromise. The attacker used AI-generated custom tools to decrypt stolen firewall configuration ...
Read More » -
Hackers Use SolarWinds Flaws to Deploy DFIR Tool in Attacks
Cybersecurity researchers have identified an active campaign exploiting critical vulnerabilities (CVE-2025-40551 and CVE-2025-26399) in SolarWinds Web Help Desk software to gain unauthorized access and deploy legitimate tools for malicious purposes. Attackers establish persistent control by insta...
Read More » -
Forensic Tool's Signed Driver Exploited as EDR Killer
Hackers exploited a revoked but still functional kernel driver from the EnCase forensic tool to disable endpoint security software, highlighting the threat of Bring Your Own Vulnerable Driver (BYOVD) attacks. The attackers initially breached the network via a SonicWall VPN lacking multi-factor au...
Read More » -
149 Million Accounts Exposed in Major Data Breach
A massive, unprotected database containing 149 million usernames and passwords was discovered, exposing credentials for major email, social media, financial, and government websites. The database was actively updated and left completely open for a month before being secured, highlighting a slow a...
Read More » -
42 Million Downloads: Malicious Android Apps Found on Google Play
Malicious Android applications on Google Play accumulated over 42 million downloads, with spyware and banking trojans posing severe risks as criminals shift to social engineering tactics targeting mobile payment systems. Adware now dominates Android threats at 69% of detections, while spyware saw...
Read More » -
Pro-Russia Hackers Target Water Utility in Honeypot Sting
A Russia-aligned hacktivist group called TwoNet was tricked into attacking a decoy water treatment facility, revealing their shift from website disruptions to targeting industrial infrastructure. The group used default credentials to access the system, performed disruptive actions like deleting c...
Read More » -
Hacktivists Breach Decoy Infrastructure in Cyber Attack
The pro-Russian hacktivist group TwoNet has escalated from DDoS attacks to targeting critical infrastructure, as shown by their breach of a water treatment facility honeypot in September, moving from access to disruption in just over a day. During the attack, TwoNet exploited default credentials ...
Read More » -
Gen AI Data Breaches Surge Over 100%
The enterprise security landscape is being reshaped by generative AI and cloud adoption, forcing a re-evaluation of controls to monitor data flows across unsanctioned personal applications and AI tools. Phishing remains a top threat for credential theft, increasingly targeting cloud logins, while...
Read More » -
Beware: Fake Booking.com Emails and BSODs Target Hotels
A sophisticated phishing campaign targets the European hospitality industry using convincing fake Booking.com emails to deliver the DCRat malware, which steals data and provides attackers with persistent remote access. The attack employs advanced social engineering, including a fake Windows error...
Read More » -
Crimson Collective Hackers Breach AWS for Data Theft
The Crimson Collective is a hacking group infiltrating AWS infrastructures to steal sensitive data and extort organizations, as seen in a breach at Red GitLab repositories. Attackers compromise AWS using exposed credentials and tools like TruffleHog, then escalate privileges to gain administrativ...
Read More » -
Microsoft Entra Accounts Targeted in Vishing Attacks
A new wave of attacks combines device code phishing with voice phishing (vishing) to compromise Microsoft Entra accounts, exploiting the legitimate OAuth 2.0 device authorization flow to steal authentication tokens without traditional password theft. The **ShinyHunters** extortion group is believ...
Read More » -
RondoDox Botnet Breaches Next.js Servers via React2Shell Flaw
The RondoDox botnet is actively exploiting the critical React2Shell vulnerability (CVE-2025-55182) to compromise Next.js servers, deploying malware and cryptocurrency miners. This campaign is part of the botnet's evolving, aggressive strategy, which also includes large-scale exploitation of vulne...
Read More » -
EDR Exploited for Stealthy Ransomware Attacks
Attackers are exploiting trusted security tools like EDR software and Windows utilities to deploy malware with stealth and persistence, shifting from mass phishing to more sophisticated methods. A specific attack involved social engineering to execute malicious commands, sideloading a rogue DLL v...
Read More » -
APT37 Hackers Use Google Find Hub to Wipe Android Data
North Korean hackers are using Google's Find Hub service to remotely wipe Android devices and track locations, primarily targeting South Koreans through KakaoTalk messages and linked to known threat groups like APT37 and Kimsuky. The attack begins with spear-phishing messages impersonating author...
Read More » -
New Gladinet Triofox Flaw Exploited by Attackers (CVE-2025-12480)
A critical security flaw (CVE-2025-12480) in Gladinet Triofox allows unauthenticated attackers to bypass access controls and gain administrative privileges, which has been exploited by the threat group UNC6485 since late August 2025. Attackers used an HTTP Host header attack to access the configu...
Read More » -
Moxa Devices Expose Hard-Coded Credentials (CVE-2025-6950)
Moxa has urgently patched five critical vulnerabilities in its industrial network devices, including a severe flaw (CVE-2025-6950) that allows remote attackers to take full control without authentication. The vulnerabilities include authentication bypasses and privilege escalations, enabling unau...
Read More » -
Palo Alto Networks Login Portals Under Massive Attack Surge
A dramatic 500% surge in suspicious network scans is targeting Palo Alto Networks login portals, with over 1,285 unique IPs involved, indicating a coordinated reconnaissance campaign. The majority of scanning IPs originated from the U.S., with clusters focusing on targets in the U.S. and Pakistan...
Read More » -
Allianz Life Data Breach Exposes 1.5 Million Customers
Allianz Life experienced a cybersecurity breach compromising personal data of nearly 1.5 million individuals, including names, addresses, birth dates, and Social Security numbers, through a third-party cloud system. The breach has been linked to the ShinyHunters group targeting Salesforce systems...
Read More » -
Fake npm 2FA Reset Email Used to Hijack Popular Code Packages
A phishing campaign compromised at least 18 widely used JavaScript npm packages, injecting malicious code to hijack cryptocurrency transactions and highlighting supply chain vulnerabilities. The attack began when a developer fell for a convincing phishing email, allowing the threat actor to take ...
Read More » -
Major Dating Apps Hacked: Hinge, Tinder, OkCupid Data Exposed
A major data breach at Match Group, parent company of Hinge, Tinder, and OkCupid, was caused by a phishing attack that compromised an employee's single sign-on account. The stolen data includes millions of user records and internal documents, but the company states passwords, financial details, a...
Read More » -
Peruvian Scam Steals Card Details with Fake Loan Apps
A sophisticated loan scam in Peru uses fake bank websites and social media ads to harvest high-quality credit card details and banking passwords through a multi-stage verification process. The fraud employs psychological manipulation and technical checks, like real-time card number validation, to...
Read More » -
DeadLock Ransomware Evades Security with BYOVD Attack
The DeadLock ransomware campaign uses a BYOVD technique, exploiting a known vulnerability (CVE-2024-51324) in a Baidu Antivirus driver to disable security software and delete recovery options before deploying its payload. The ransomware itself, written in C++, uses process hollowing and a custom ...
Read More » -
Oracle Issues Urgent Patch for Critical E-Business Suite Flaw
Oracle has released an urgent security patch for a critical vulnerability (CVE-2025-61884) in its E-Business Suite, which can be exploited remotely without authentication to access confidential information. The vulnerability, with a CVSS score of 7.5, affects EBS versions 12.2.3 to 12.2.14, and O...
Read More » -
SonicWall VPN Attacks Intensify, MFA Bypassed
A ransomware group named Akira is exploiting SonicWall SSL VPN appliances, primarily through a known vulnerability (CVE-2024-40766), to bypass multi-factor authentication and gain unauthorized access. The attacks are highly automated and rapid, with intruders moving quickly to scan networks and d...
Read More » -
Self-Propagating Attack Infects 187 npm Packages
A self-propagating worm named 'Shai-Hulud' has compromised at least 187 npm packages, starting with @ctrl/tinycolor and spreading to include modules under CrowdStrike’s namespace. The malware injects malicious scripts to steal sensitive credentials using TruffleHog and creates unauthorized GitHub...
Read More » -
ScreenConnect Admins Alerted to Spoofed Login Attacks
ScreenConnect administrators are targeted by a phishing campaign using fake security alerts to steal login credentials and bypass multi-factor authentication, aiming to compromise Super Admin accounts. Attackers employ the EvilGinx framework to create convincing phishing portals that capture sess...
Read More »