Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping.
"By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence," Vasu Jakkal, corporate vice president at MicrosoftView the full article
Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild.
The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine.
"Out of bounds read and write in V8 in GoogleView the full article
Cybersecurity researchers have discovered a new cryptojacking campaign that's targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies.
Cloud security firm Wiz, which is tracking the activity under the name JINX-0132, said the attackers are exploiting a wide range of known misconfigurations andView the full article
Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application.
A brief description of the three flaws is as follows -
CVE-2024-13915 (CVSS score: 6.9) - A pre-installed "com.pri.factorytest" application on Ulefone andView the full article
Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild.
The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below -
CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6) - Two incorrect authorization vulnerabilities in the GraphicsView the full article
If this had been a security drill, someone would’ve said it went too far. But it wasn’t a drill—it was real. The access? Everything looked normal. The tools? Easy to find. The detection? Came too late.
This is how attacks happen now—quiet, convincing, and fast. Defenders aren’t just chasing hackers anymore—they’re struggling to trust what their systems are telling them.
The problem isn’t tooView the full article
The evolution of cyber threats has forced organizations across all industries to rethink their security strategies. As attackers become more sophisticated — leveraging encryption, living-off-the-land techniques, and lateral movement to evade traditional defenses — security teams are finding more threats wreaking havoc before they can be detected. Even after an attack has been identified, it canView the full article
Cybersecurity researchers have warned of a new spear-phishing campaign that uses a legitimate remote access tool called Netbird to target Chief Financial Officers (CFOs) and financial executives at banks, energy companies, insurers, and investment firms across Europe, Africa, Canada, the Middle East, and South Asia.
"In what appears to be a multi-stage phishing operation, the attackersView the full article
Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU).
Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools likeView the full article
A multinational law enforcement operation has resulted in the takedown of an online cybercrime syndicate that offered services to threat actors to ensure that their malicious software stayed undetected from security software.
To that effect, the U.S. Department of Justice (DoJ) said it seized four domains and their associated server facilitated the crypting service on May 27, 2025, inView the full article
A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages.
"This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such asView the full article
The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023.
"The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations," TrendView the full article
Breaking Out of the Security Mosh Pit
When Jason Elrod, CISO of MultiCare Health System, describes legacy healthcare IT environments, he doesn't ****** words: "Healthcare loves to walk backwards into the future. And this is how we got here, because there are a lot of things that we could have prepared for that we didn't, because we were so concentrated on where we were."
This chaotic approach hasView the full article
The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against a Philippines-based company named Funnull Technology Inc. and its administrator Liu Lizhi for providing infrastructure to conduct romance baiting scams that led to massive cryptocurrency losses.
The Treasury accused the Taguig-headquartered company of enabling thousands of websites involved inView the full article
ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor.
"ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation-state actor, which affected a very small number of ScreenConnectView the full article
Meta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China, and Romania during the first quarter of 2025.
"We detected and removed these campaigns before they were able to build authentic audiences on our apps," the social media giant said in its quarterly Adversarial Threat Report.
This included a network of 658 accounts on Facebook, 14 Pages, andView the full article
Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero.
"CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim's system," Cisco Talos researcher ChetanView the full article
Cybersecurity researchers have taken the wraps off an unusual cyber attack that leveraged malware with corrupted DOS and PE headers, according to new findings from Fortinet.
The DOS (Disk Operating System) and PE (Portable Executable) headers are essential parts of a Windows PE file, providing information about the executable.
While the DOS header makes the executable file backward compatibleView the full article
The threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider's (MSP) SimpleHelp remote monitoring and management (RMM) tool, and then leveraged it to exfiltrate data and drop the locker on multiple endpoints.
It's believed that the attackers exploited a trio of security flaws in SimpleHelp (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) that wereView the full article
Google on Wednesday disclosed that the ******** state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control (C2).
The tech giant, which discovered the activity in late October 2024, said the malware was hosted on a compromised government website and was used to target multiple other government entities.
"Misuse of cloudView the full article
Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files.
TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to allow e-commerce site customers to save their favorite products for later and share the lists on socialView the full article
An Iranian national has pleaded guilty in the U.S. over his involvement in an international ransomware and extortion scheme involving the Robbinhood ransomware.
Sina Gholinejad (aka Sina Ghaaf), 37, and his co-conspirators are said to have breached the computer networks of various organizations in the United States and encrypted files with Robbinhood ransomware to demand Bitcoin ransom payments.View the full article
The Czech Republic on Wednesday formally accused a threat actor associated with the People's Republic of China (PRC) of targeting its Ministry of Foreign Affairs.
In a public statement, the government said it identified China as the culprit behind a malicious campaign targeting one of the unclassified networks of the Czech Ministry of Foreign Affairs. The extent of the breach is presently notView the full article
Cybersecurity researchers have discovered a security flaw in Microsoft's OneDrive File Picker that, if successfully exploited, could allow websites to access a user's entire cloud storage content, as opposed to just the files selected for upload via the tool.
"This stems from overly broad OAuth scopes and misleading consent screens that fail to clearly explain the extent of access being granted,View the full article
Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot.
Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts.
"Rather than scanning the internet, the malware retrieves a list of targets from a command-and-control (C2) serverView the full article
Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.
