Monthly Archives: May 2025

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers...

31
May
U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation

A multinational law enforcement operation has resulted in the takedown of an online cybercrime syndicate...

31
May
New EDDIESTEALER Malware Bypasses Chrome’s App-Bound Encryption to Steal Browser Data

A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the...

30
May
China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in...

30
May
From the “Department of No” to a “Culture of Yes”: A Healthcare CISO’s Journey to Enabling Modern Care

Breaking Out of the Security Mosh Pit When Jason Elrod, CISO of MultiCare Health System,...

30
May
U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud

The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) has levied sanctions against...

30
May
ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach

ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was...

30
May
Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas

Meta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China,...

30
May
Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools

Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are...

29
May
New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers

Cybersecurity researchers have taken the wraps off an unusual cyber attack that leveraged malware with...

29
May
DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

The threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider’s...

29
May
Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations

Google on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a...

29
May
Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin

Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for...

29
May
Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore

An Iranian national has pleaded guilty in the U.S. over his involvement in an international...

28
May
Czech Republic Blames China-Linked APT31 Hackers for 2022 Cyberattack

The Czech Republic on Wednesday formally accused a threat actor associated with the People’s Republic...

28
May
Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File

Cybersecurity researchers have discovered a security flaw in Microsoft’s OneDrive File Picker that, if successfully...

28
May
New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto

Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet...

28
May
From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign

Stealer malware no longer just steals passwords. In 2025, it steals live sessions—and attackers are...

28
May
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware

A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution...

28
May
How ‘Browser-in-the-Middle’ Attacks Steal Sessions in Seconds

Would you expect an end user to log on to a cybercriminal’s computer, open their...

28
May
251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch

Cybersecurity researchers have disclosed details of a coordinated cloud-based scanning activity that targeted 75 distinct...

28
May
Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats

Apple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the...

28
May
New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency

Misconfigured Docker API instances have become the target of a new malware campaign that transforms...

27
May
Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets

Cybersecurity researchers have disclosed a new malicious campaign that uses a fake website advertising antivirus...

27
May
The Threat Landscape: SMiShing

On your way to work, you drive through an E-Z pass toll lane. Days or...

27
May
Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages

Microsoft has shed light on a previously undocumented cluster of threat activity originating from a...

27
May
AI Agents and the Non‑Human Identity Crisis: How to Deploy AI More Securely at Scale

Artificial intelligence is driving a massive shift in enterprise productivity, from GitHub Copilot’s code completions to...

27
May
Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers

Threat hunters have exposed a novel campaign that makes use of search engine optimization (SEO)...

27
May
Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth’s Stealth Phishing Campaign

The U.S. Federal Bureau of Investigation (FBI) has warned of social engineering attacks mounted by...

27
May
Russia-Linked Hackers Target Tajikistan Government with Weaponized Word Documents

The Russia-aligned threat actor known as TAG-110 has been observed conducting a spear-phishing campaign targeting...

27
May