Monthly Archives: May 2025

Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto

As many as 60 malicious npm packages have been discovered in the package registry with...

26
May
CISO’s Guide To Web Privacy Validation And Why It’s Important

Are your web privacy controls protecting your users, or just a box-ticking exercise? This CISO’s...

26
May
⚡ Weekly Recap: APT Campaigns, Browser Hijacks, AI Malware, Cloud Breaches and Critical CVEs

Cyber threats don’t show up one at a time anymore. They’re layered, planned, and often...

26
May
Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware

Cybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular...

25
May
Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique

The malware known as Latrodectus has become the latest to embrace the widely-used social engineering...

23
May
ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices

Cybersecurity researchers have disclosed that a threat actor codenamed ViciousTrap has compromised nearly 5,300 unique...

23
May
300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide

As part of the latest “season” of Operation Endgame, a coalition of law enforcement agencies...

23
May
SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection

From zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and...

23
May
U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation

The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure...

23
May
CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday revealed that Commvault is monitoring...

23
May
GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts

Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab’s artificial intelligence (AI) assistant...

23
May
Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks

A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a...

22
May
Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise

A privilege escalation flaw has been demonstrated in Windows Server 2025 that makes it possible...

22
May
Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks

A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has...

22
May
New ETSI standard protects AI systems from evolving cyber threats
May 22, 2025

The NCSC and DSIT work with ETSI to ‘set a benchmark for securing AI’....

Webinar: Learn How to Build a Reasonable and Legally Defensible Cybersecurity Program

It’s not enough to be secure. In today’s legal climate, you need to prove it....

22
May
Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise Host

Cybersecurity researchers have uncovered multiple critical security vulnerabilities impacting the Versa Concerto network security and...

22
May
Identity Security Has an Automation Problem—And It’s Bigger Than You Think

For many organizations, identity security appears to be under control. On paper, everything checks out....

22
May
FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million Infections

A sprawling operation undertaken by global law enforcement agencies and a consortium of private sector...

22
May
Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics

Russian cyber threat actors have been attributed to a state-sponsored campaign targeting Western logistics entities...

21
May
PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian Firms

Russian organizations have become the target of a phishing campaign that distributes malware called PureRAT,...

21
May
Fake Kling AI Facebook Ads Deliver RAT Malware to Over 22 Million Potential Victims

Counterfeit Facebook pages and sponsored ads on the social media platform are being employed to...

21
May
Facing the cyber threat behind the headlines
May 21, 2025

NCSC CEO urges all businesses to face the stark reality of the cyber threat they...

Securing CI/CD workflows with Wazuh

Continuous Integration and Continuous Delivery/Deployment (CI/CD) refers to practices that automate how code is developed...

21
May
How to Detect Phishing Attacks Faster: Tycoon2FA Example

It takes just one email to compromise an entire system. A single well-crafted message can...

21
May
Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps

Cybersecurity researchers have discovered a new campaign that employs malicious JavaScript injections to redirect site...

21
May
Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager

Google has announced a new feature in its Chrome browser that lets its built-in Password...

21
May
CSF 2.0 Webinar Series: Deep-Dive into the CSF 2.0 Govern Function to Improve Cybersecurity
May 20, 2025

One of the major updates to CSF 2.0 is the creation of the Govern Function,...

NIST NCCoE Cybersecurity and Privacy of Genomic Data Workshop
May 20, 2025

Event Location National Cybersecurity Center of Excellence (NCCoE), 9700 Great Seneca Highway, Rockville, MD 20850...

Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery

A threat actor known as Hazy Hawk has been observed hijacking abandoned cloud resources of...

20
May