Monthly Archives: May 2025

Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team

Organizations across industries are experiencing significant escalations in cyberattacks, particularly targeting critical infrastructure providers and...

14
May
Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails

Cybersecurity researchers have discovered a new phishing campaign that’s being used to distribute malware called...

14
May
Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server

Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its...

14
May
Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems

Fortinet has patched a critical security flaw that it said has been exploited as a...

14
May
Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks

Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM)...

14
May
China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide

A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus...

13
May
Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that...

13
May
Deepfake Defense in the Age of AI

The cybersecurity landscape has been dramatically reshaped by the advent of generative AI. Attackers now...

13
May
North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress

The North Korea-linked threat actor known as Konni APT has been attributed to a phishing...

13
May
Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency

Moldovan law enforcement authorities have arrested a 45-year-old foreign man suspected of involvement in a...

13
May
Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers

A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform...

13
May
ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files

ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully...

12
May
⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams

What do a source code editor, a smart billboard, and a web server have in...

12
May
The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That

Detecting leaked credentials is only half the battle. The real challenge—and often the neglected half...

12
May
Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures

Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to...

12
May
Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection

Google has agreed to pay the U.S. state of Texas nearly $1.4 billion to settle...

10
May
Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data

Germany’s Federal Criminal Police Office (aka Bundeskriminalamt or BKA) has seized the online infrastructure and...

10
May
BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation

A joint law enforcement operation undertaken by Dutch and U.S. authorities has dismantled a criminal...

09
May
OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities

The North Korean threat actors behind the Contagious Interview campaign have been observed using updated...

09
May
Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials

Cybersecurity researchers are warning of a new campaign that’s targeting Portuguese-speaking users in Brazil with...

09
May
Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business

AI agents are changing the way businesses work. They can answer questions, automate tasks, and...

09
May
Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials

Cybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple...

09
May
Beyond Vulnerability Management – Can You CVE What I CVE?

The Vulnerability Treadmill The reactive nature of vulnerability management, combined with delays from policy and...

09
May
Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android

Google on Thursday announced it’s rolling out new artificial intelligence (AI)-powered countermeasures to combat scams...

09
May
Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell

A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security...

09
May
38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases

Cybersecurity researchers have exposed what they say is an “industrial-scale, global cryptocurrency phishing operation” engineered...

08
May
Security Tools Alone Don’t Protect You — Control Effectiveness Does

61% of security leaders reported suffering a breach due to failed or misconfigured controls over...

08
May
SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access...

08
May
Qilin Ransomware Ranked Highest in April 2025 with 72 Data Leak Disclosures

Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader...

08
May
Ransomware: ‘WannaCry’ guidance for enterprise administrators
May 8, 2025

Guidance for enterprise administrators who want to reduce the likelihood of being held to ransom...