Cybersecurity News

  • Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner (Thursday July 17, 2025)
    Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryptocurrency miner called Linuxsys. The vulnerability in question is CVE-2021-41773 (CVSS score: 7.5), a high-severity path traversal vulnerability in Apache HTTP Server version 2.4.49 that could result in remote code execution. "The attacker leverages (HackerNews)
  • Europol Disrupts NoName057(16) Hacktivist Group Linked to DDoS Attacks Against Ukraine (Thursday July 17, 2025)
    An international operation coordinated by Europol has disrupted the infrastructure of a pro-Russian hacktivist group known as NoName057(16) that has been linked to a string of distributed denial-of-service (DDoS) attacks against Ukraine and its allies. The actions have led to the dismantling of a major part of the group's central server infrastructure and more than 100 systems across the world. (HackerNews)
  • CTEM vs ASM vs Vulnerability Management: What Security Leaders Need to Know in 2025 (Thursday July 17, 2025)
    The modern-day threat landscape requires enterprise security teams to think and act beyond traditional cybersecurity measures that are purely passive and reactive, and in most cases, ineffective against emerging threats and sophisticated threat actors. Prioritizing cybersecurity means implementing more proactive, adaptive, and actionable measures that can work together to effectively address the (HackerNews)
  • Chinese Hackers Target Taiwan's Semiconductor Sector with Cobalt Strike, Custom Backdoors (Thursday July 17, 2025)
    The Taiwanese semiconductor industry has become the target of spear-phishing campaigns undertaken by three Chinese state-sponsored threat actors. "Targets of these campaigns ranged from organizations involved in the manufacturing, design, and testing of semiconductors and integrated circuits, wider equipment and services supply chain entities within this sector, as well as financial investment (HackerNews)
  • Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code (Thursday July 17, 2025)
    Cisco has disclosed a new maximum-severity security vulnerability impacting Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) that could permit an attacker to execute arbitrary code on the underlying operating system with elevated privileges. Tracked as CVE-2025-20337, the shortcoming carries a CVSS score of 10.0 and is similar to CVE-2025-20281, which was patched (HackerNews)
  • Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms (Wednesday July 16, 2025)
    Cybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to enhance its stealth and evade detection. Matanbuchus is the name given to a malware-as-a-service (MaaS) offering that can act as a conduit for next-stage payloads, including Cobalt Strike beacons and ransomware. First advertised in February 2021 on (HackerNews)
  • UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit (Wednesday July 16, 2025)
    A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances as part of a campaign designed to drop a backdoor called OVERSTEP. The malicious activity, dating back to at least October 2024, has been attributed by the Google Threat Intelligence Group (GTIG) to a hacking crew it tracks as UNC6148. The number of known (HackerNews)
  • Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access (Wednesday July 16, 2025)
    Cybersecurity researchers have disclosed what they say is a "critical design flaw" in delegated Managed Service Accounts (dMSAs) introduced in Windows Server 2025. "The flaw can result in high-impact attacks, enabling cross-domain lateral movement and persistent access to all managed service accounts and their resources across Active Directory indefinitely," Semperis said in a report shared with (HackerNews)
  • AI Agents Act Like Employees With Root Access—Here's How to Regain Control (Wednesday July 16, 2025)
    The AI gold rush is on. But without identity-first security, every deployment becomes an open door. Most organizations secure native AI like a web app, but it behaves more like a junior employee with root access and no manager. From Hype to High Stakes Generative AI has moved beyond the hype cycle. Enterprises are: Deploying LLM copilots to accelerate software development Automating customer (HackerNews)
  • New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code (Wednesday July 16, 2025)
    Cybersecurity researchers have discovered a new, sophisticated variant of a known Android malware referred to as Konfety that leverages the evil twin technique to enable ad fraud. The sneaky approach essentially involves a scenario wherein two variants of an application share the same package name: A benign "decoy" app that's hosted on the Google Play Store and its evil twin, which is (HackerNews)
  • Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild (Wednesday July 16, 2025)
    Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild. The high-severity vulnerability in question is CVE-2025-6558 (CVSS score: 8.8), which has been described as an incorrect validation of untrusted input in the browser's ANGLE and GPU components. "Insufficient validation of untrusted input in ANGLE and (HackerNews)
  • Deepfakes. Fake Recruiters. Cloned CFOs — Learn How to Stop AI-Driven Attacks in Real Time (Wednesday July 16, 2025)
    Social engineering attacks have entered a new era—and they’re coming fast, smart, and deeply personalized. It’s no longer just suspicious emails in your spam folder. Today’s attackers use generative AI, stolen branding assets, and deepfake tools to mimic your executives, hijack your social channels, and create convincing fakes of your website, emails, and even voice. They don’t just spoof—they (HackerNews)
  • Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act (Wednesday July 16, 2025)
    Google on Tuesday revealed that its large language model (LLM)-assisted vulnerability discovery framework discovered a security flaw in the SQLite open-source database engine before it could have been exploited in the wild. The vulnerability, tracked as CVE-2025-6965 (CVSS score: 7.2), is a memory corruption flaw affecting all versions prior to 3.50.2. It was discovered by Big Sleep, an (HackerNews)
  • Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors (Tuesday July 15, 2025)
    Cloudflare on Tuesday said it mitigated 7.3 million distributed denial-of-service (DDoS) attacks in the second quarter of 2025, a significant drop from 20.5 million DDoS attacks it fended off the previous quarter. "Overall, in Q2 2025, hyper-volumetric DDoS attacks skyrocketed," Omer Yoachimik and Jorge Pacheco said. "Cloudflare blocked over 6,500 hyper-volumetric DDoS attacks, an average of 71 (HackerNews)
  • Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools (Tuesday July 15, 2025)
    Cybersecurity researchers have shed light on a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP that has targeted a wide range of sectors in Australia, Brazil, Europe, and the United States since its emergence in early June 2025. GLOBAL GROUP was "promoted on the Ramp4u forum by the threat actor known as '$$$,'" EclecticIQ researcher Arda Büyükkaya said. "The same actor controls (HackerNews)
  • State-Backed HazyBeacon Malware Uses AWS Lambda to Steal Data from SE Asian Governments (Tuesday July 15, 2025)
    Governmental organizations in Southeast Asia are the target of a new campaign that aims to collect sensitive information by means of a previously undocumented Windows backdoor dubbed HazyBeacon. The activity is being tracked by Palo Alto Networks Unit 42 under the moniker CL-STA-1020, where "CL" stands for "cluster" and "STA" refers to "state-backed motivation." "The threat actors behind this (HackerNews)
  • Securing Agentic AI: How to Protect the Invisible Identity Access (Tuesday July 15, 2025)
    AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can’t easily see. These “invisible” non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have (HackerNews)
  • AsyncRAT's Open-Source Code Sparks Surge in Dangerous Malware Variants Across the Globe (Tuesday July 15, 2025)
    Cybersecurity researchers have charted the evolution of a widely used remote access trojan called AsyncRAT, which was first released on GitHub in January 2019 and has since served as the foundation for several other variants. "AsyncRAT has cemented its place as a cornerstone of modern malware and as a pervasive threat that has evolved into a sprawling network of forks and variants," ESET (HackerNews)
  • North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign (Tuesday July 15, 2025)
    The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, underscoring ongoing attempts to poison the open-source ecosystem via software supply chain attacks. The packages, per Socket, have attracted more than 17,000 downloads, and incorporate a previously undocumented version of a malware (HackerNews)
  • DOGE Denizen Marko Elez Leaked API Key for xAI (Tuesday July 15, 2025)
    Marko Elez, a 25-year-old employee at Elon Musk's Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence to learn that Mr. Elez over the weekend inadvertently published a private key that allowed anyone to interact directly with more than four dozen large language models (LLMs) developed by Musk's artificial intelligence company xAI. (KrebsOnSecurity)
  • The Unusual Suspect: Git Repos (Monday July 14, 2025)
    While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping (HackerNews)
  • New PHP-Based Interlock RAT Variant Uses FileFix Delivery Mechanism to Target Multiple Industries (Monday July 14, 2025)
    Threat actors behind the Interlock ransomware group have unleashed a new PHP variant of its bespoke remote access trojan (RAT) as part of a widespread campaign using a variant of ClickFix called FileFix. "Since May 2025, activity related to the Interlock RAT has been observed in connection with the LandUpdate808 (aka KongTuke) web-inject threat clusters," The DFIR Report said in a technical (HackerNews)
  • ⚡ Weekly Recap: Scattered Spider Arrests, Car Exploits, macOS Malware, Fortinet RCE and More (Monday July 14, 2025)
    In cybersecurity, precision matters—and there’s little room for error. A small mistake, missed setting, or quiet misconfiguration can quickly lead to much bigger problems. The signs we’re seeing this week highlight deeper issues behind what might look like routine incidents: outdated tools, slow response to risks, and the ongoing gap between compliance and real security. For anyone responsible (HackerNews)
  • CBI Shuts Down £390K U.K. Tech Support Scam, Arrests Key Operatives in Noida Call Center (Monday July 14, 2025)
    India's Central Bureau of Investigation (CBI) has announced that it has taken steps to dismantle what it said was a transnational cybercrime syndicate that carried out "sophisticated" tech support scams targeting citizens of Australia and the United Kingdom. The fraudulent scheme is estimated to have led to losses worth more than £390,000 ($525,000) in the United Kingdom alone. The law (HackerNews)
  • eSIM Vulnerability in Kigen's eUICC Cards Exposes Billions of IoT Devices to Malicious Attacks (Monday July 14, 2025)
    Cybersecurity researchers have discovered a new hacking technique that exploits weaknesses in the eSIM technology used in modern smartphones, exposing users to severe risks. The issues impact the Kigen eUICC card. According to the Irish company's website, more than two billion SIMs in IoT devices have been enabled as of December 2020. The findings come from Security Explorations, a research lab (HackerNews)
  • GPUHammer: New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs (Saturday July 12, 2025)
    NVIDIA is urging customers to enable System-level Error Correction Codes (ECC) as a defense against a variant of a RowHammer attack demonstrated against its graphics processing units (GPUs). "Risk of successful exploitation from RowHammer attacks varies based on DRAM device, platform, design specification, and system settings," the GPU maker said in an advisory released this week. Dubbed (HackerNews)
  • Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub (Saturday July 12, 2025)
    Cybersecurity researchers have discovered a serious security issue that allows leaked Laravel APP_KEYs to be weaponized to gain remote code execution capabilities on hundreds of applications. "Laravel's APP_KEY, essential for encrypting sensitive data, is often leaked publicly (e.g., on GitHub)," GitGuardian said. "If attackers get access to this key, they can exploit a deserialization flaw to (HackerNews)
  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257) (Friday July 11, 2025)
    Fortinet has released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on susceptible instances. Tracked as CVE-2025-25257, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0. "An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in (HackerNews)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution (Friday July 11, 2025)
    Cybersecurity researchers have discovered a set of four security flaws in OpenSynergy's BlueSDK Bluetooth stack that, if successfully exploited, could allow remote code execution on millions of transport vehicles from different vendors. The vulnerabilities, dubbed PerfektBlue, can be fashioned together as an exploit chain to run arbitrary code on cars from at least three major automakers, (HackerNews)
  • Securing Data in the AI Era (Friday July 11, 2025)
    The 2025 Data Risk Report: Enterprises face potentially serious data loss risks from AI-fueled tools. Adopting a unified, AI-driven approach to data security can help. As businesses increasingly rely on cloud-driven platforms and AI-powered tools to accelerate digital transformation, the stakes for safeguarding sensitive enterprise data have reached unprecedented levels. The Zscaler ThreatLabz (HackerNews)
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild (Friday July 11, 2025)
    A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress. The vulnerability, tracked as CVE-2025-47812 (CVSS score: 10.0), is a case of improper handling of null ('\0') bytes in the server's web interface, which allows for remote code execution. It has been addressed in version 7.4.4. "The user and (HackerNews)
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals (Friday July 11, 2025)
    An Iranian-backed ransomware-as-a-service (RaaS) named Pay2Key has resurfaced in the wake of the Israel-Iran-U.S. conflict last month, offering bigger payouts to cybercriminals who launch attacks against Israel and the U.S. The financially motivated scheme, now operating under the moniker Pay2Key.I2P, is assessed to be linked to a hacking group tracked as Fox Kitten (aka Lemon Sandstorm). " (HackerNews)
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises (Friday July 11, 2025)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities (KEV) catalog, officially confirming the vulnerability has been weaponized in the wild. The shortcoming in question is CVE-2025-5777 (CVSS score: 9.3), an instance of insufficient input validation that could (HackerNews)
  • UK Arrests Four in ‘Scattered Spider’ Ransom Group (Thursday July 10, 2025)
    Authorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer. (KrebsOnSecurity)
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads (Thursday July 10, 2025)
    Cybersecurity researchers have discovered a critical vulnerability in the open-source mcp-remote project that could result in the execution of arbitrary operating system (OS) commands. The vulnerability, tracked as CVE-2025-6514, carries a CVSS score of 9.6 out of 10.0. "The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it (HackerNews)
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord (Thursday July 10, 2025)
    Cryptocurrency users are the target of an ongoing social engineering campaign that employs fake startup companies to trick users into downloading malware that can drain digital assets from both Windows and macOS systems. "These malicious operations impersonate AI, gaming, and Web3 firms using spoofed social media accounts and project documentation hosted on legitimate platforms like Notion and (HackerNews)
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods (Thursday July 10, 2025)
    The U.K. National Crime Agency (NCA) on Thursday announced that four people have been arrested in connection with cyber attacks targeting major retailers Marks & Spencer, Co-op, and Harrods. The arrested individuals include two men aged 19, a third aged 17, and a 20-year-old woman. They were apprehended in the West Midlands and London on suspicion of Computer Misuse Act offenses, blackmail, (HackerNews)
  • What Security Leaders Need to Know About AI Governance for SaaS (Thursday July 10, 2025)
    Generative AI is not arriving with a bang, it’s slowly creeping into the software that companies already use on a daily basis. Whether it is video conferencing or CRM, vendors are scrambling to integrate AI copilots and assistants into their SaaS applications. Slack can now provide AI summaries of chat threads, Zoom can provide meeting summaries, and office suites such as Microsoft 365 contain (HackerNews)
  • New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App (Thursday July 10, 2025)
    Cybersecurity researchers have discovered new artifacts associated with an Apple macOS malware called ZuRu, which is known to propagate via trojanized versions of legitimate software. SentinelOne, in a new report shared with The Hacker News, said the malware has been observed masquerading as the cross‑platform SSH client and server‑management tool Termius in late May 2025. "ZuRu malware (HackerNews)
  • AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs (Thursday July 10, 2025)
    Semiconductor company AMD is warning of a new set of vulnerabilities affecting a broad range of chipsets that could lead to information disclosure. The flaws, collectively called Transient Scheduler Attacks (TSA), manifest in the form of a speculative side channel in its CPUs that leverage execution timing of instructions under specific microarchitectural conditions. "In some cases, an attacker (HackerNews)
  • ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs (Thursday July 10, 2025)
    A high-severity security flaw has been disclosed in ServiceNow's platform that, if successfully exploited, could result in data exposure and exfiltration. The vulnerability, tracked as CVE-2025-3648 (CVSS score: 8.2), has been described as a case of data inference in Now Platform through conditional access control list (ACL) rules. It has been codenamed Count(er) Strike. "A vulnerability has (HackerNews)
  • Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets (Wednesday July 09, 2025)
    The Initial Access Broker (IAB) known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized access to organizations and peddle that access to other threat actors. The activity is being tracked by Palo Alto Networks Unit 42 under the moniker TGR-CRI-0045, where "TGR" stands for "temporary group" and "CRI" refers to "criminal motivation." (HackerNews)
  • DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware (Wednesday July 09, 2025)
    A threat actor with suspected ties to India has been observed targeting a European foreign affairs ministry with malware capable of harvesting sensitive data from compromised hosts. The activity has been attributed by Trellix Advanced Research Center to an advanced persistent threat (APT) group called DoNot Team, which is also known as APT-C-35, Mint Tempest, Origami Elephant, SECTOR02, and (HackerNews)
  • U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme (Wednesday July 09, 2025)
    The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the infamous remote information technology (IT) worker scheme. The Treasury said Song Kum Hyok, a 38-year-old North Korean national with an address in the Chinese province of Jilin, enabled the fraudulent operation by using (HackerNews)
  • How To Automate Ticket Creation, Device Identification and Threat Triage With Tines (Wednesday July 09, 2025)
    Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform’s Community Edition. A recent standout is a workflow that handles malware alerts with CrowdStrike, Oomnitza, GitHub, and PagerDuty. Developed by Lucas Cantor at (HackerNews)
  • Chinese Hacker Xu Zewei Arrested for Ties to Silk Typhoon Group and U.S. Cyber Attacks (Wednesday July 09, 2025)
    A Chinese national has been arrested in Milan, Italy, for his alleged links to a state-sponsored hacking group known as Silk Typhoon and for carrying out cyber attacks against American organizations and government agencies. The 33-year-old, Xu Zewei, has been charged with nine counts of wire fraud and conspiracy to cause damage to and obtain information by unauthorized access to protected (HackerNews)
  • Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server (Wednesday July 09, 2025)
    For the first time in 2025, Microsoft's Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but the company acknowledged one of the addressed flaws had been publicly known. The patches resolve a whopping 130 vulnerabilities, along with 10 other non-Microsoft CVEs that affect Visual Studio, AMD, and its Chromium-based Edge browser. Of these, 10 are rated Critical (HackerNews)
  • Microsoft Patch Tuesday, July 2025 Edition (Wednesday July 09, 2025)
    Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire "critical" rating, meaning they could be exploited to seize control over vulnerable Windows PCs with little or no help from users. (KrebsOnSecurity)
  • Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware (Tuesday July 08, 2025)
    In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute stealer malware. The company behind the software said a company that had recently purchased Shellter Elite licenses leaked their copy, prompting malicious actors to weaponize the tool for (HackerNews)
  • Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play (Tuesday July 08, 2025)
    Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google's official app marketplace. The malware, disguised as a "PDF Update" to a document viewer app, has been caught serving a deceptive overlay when users attempt to access their banking application, claiming (HackerNews)
  • Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension (Tuesday July 08, 2025)
    Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a little over 6,000 times. The compromise, per ReversingLabs, occurred via a GitHub pull request that was opened by a user named Airez299 on June 17, 2025. First released by 7finney in 2022, Ethcode is a VS Code extension that's used to (HackerNews)
  • 5 Ways Identity-based Attacks Are Breaching Retail (Tuesday July 08, 2025)
    From overprivileged admin roles to long-forgotten vendor tokens, these attackers are slipping through the cracks of trust and access. Here’s how five retail breaches unfolded, and what they reveal about... In recent months, major retailers like Adidas, The North Face, Dior, Victoria's Secret, Cartier, Marks & Spencer, and Co‑op have all been breached. These attacks weren’t sophisticated (HackerNews)
  • RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks (Tuesday July 08, 2025)
    Cybersecurity researchers are calling attention to a malware campaign that's targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers to rope the devices into a new botnet called RondoDox. The vulnerabilities in question include CVE-2024-3721, a medium-severity command injection vulnerability affecting TBK DVR-4104 and DVR-4216 DVRs, and CVE-2024-12856, an operating (HackerNews)
  • Big Tech’s Mixed Response to U.S. Treasury Sanctions (Thursday July 03, 2025)
    In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But more than a month later, the accused continues to openly operate accounts at a slew of American tech companies, including Facebook, Github, LinkedIn, PayPal and Twitter/X. (KrebsOnSecurity)
  • Senator Chides FBI for Weak Advice on Mobile Security (Monday June 30, 2025)
    Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to U.S. lawmakers. But in a letter this week to the FBI, one of the Senate's most tech-savvy lawmakers says the feds aren't doing enough to recommend more appropriate security protections that are already built into most consumer mobile devices. (KrebsOnSecurity)
  • Inside a Dark Adtech Empire Fed by Fake CAPTCHAs (Thursday June 12, 2025)
    Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more resilient and incestuous than previously known. (KrebsOnSecurity)
  • Patch Tuesday, June 2025 Edition (Wednesday June 11, 2025)
    Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now public.  (KrebsOnSecurity)
  • Proxy Services Feast on Ukraine’s IP Address Exodus (Thursday June 05, 2025)
    Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of proxy and anonymity services nested at some of America's largest Internet service providers (ISPs). (KrebsOnSecurity)
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams (Friday May 30, 2025)
    The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams, commonly known as “pig butchering." In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based cloud providers. (KrebsOnSecurity)
  • Pakistan Arrests 21 in ‘Heartsender’ Malware Service (Wednesday May 28, 2025)
    Authorities in Pakistan have arrested 21 individuals accused of operating "Heartsender," a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime groups that tried to trick victim companies into making payments to a third party, and its alleged proprietors were publicly identified by KrebsOnSecurity in 2021 after they inadvertently infected their computers with malware. (KrebsOnSecurity)

Disclaimer: Some Links listed are external-links and are not managed by Western Illinois University. Western Illinois University or any of its employees shall not be held liable for any improper or incorrect use of the information described and/or contained herein and assumes no responsibility for anyone's use of the information.