Monthly Archives: July 2025

Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies

The Russian nation-state threat actor known as Secret Blizzard has been observed orchestrating a new...

31
Jul
Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials

Cybersecurity researchers have disclosed details of a new phishing campaign that conceals malicious payloads by...

31
Jul
N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto

The North Korea-linked threat actor known as UNC4899 has been attributed to attacks targeting two...

31
Jul
Comment Now! NIST Internal Report 8536, Supply Chain Traceability: Manufacturing Meta-Framework (Second Public Draft)
July 31, 2025

The NIST National Cybersecurity Center of Excellence (NCCoE) has released a second public draft of...

AI-Driven Trends in Endpoint Security: What the 2025 Gartner® Magic Quadrant™ Reveals

Cyber threats and attacks like ransomware continue to increase in volume and complexity with the...

31
Jul
UNC2891 Breaches ATM Network via 4G Raspberry Pi, Tries CAKETAP Rootkit for Fraud

The financially motivated threat actor known as UNC2891 has been observed targeting Automatic Teller Machine...

31
Jul
Alert Fatigue, Data Overload, and the Fall of Traditional SIEMs

Security Operations Centers (SOCs) are stretched to their limits. Log volumes are surging, threat landscapes...

31
Jul
Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install

Threat actors are actively exploiting a critical security flaw in “Alone – Charity Multipurpose Non-profit...

31
Jul
Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps

Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps...

30
Jul
FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant

Cybersecurity experts have released a decryptor for a ransomware strain called FunkSec, allowing victims to...

30
Jul
Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits

Cybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras...

30
Jul
NIST Consortium and Draft Guidelines Aim to Improve Security in Software Development
July 30, 2025

NIST is soliciting comments from the public on the draft until Sept. 12, and the...

Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools

Chinese companies linked to the state-sponsored hacking group known as Silk Typhoon (aka Hafnium) have...

30
Jul
Product Walkthrough: A Look Inside Pillar’s AI Security Platform

In this article, we will provide a brief overview of Pillar Security’s platform to better...

30
Jul
Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome

Apple on Tuesday released security updates for its entire software portfolio, including a fix for...

30
Jul
Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero

Google has announced that it’s making a security feature called Device Bound Session Credentials (DBSC)...

30
Jul
Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware

Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the...

30
Jul
Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure

Google Cloud’s Mandiant Consulting has revealed that it has witnessed a drop in activity from...

30
Jul
Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44

Cybersecurity researchers have disclosed a now-patched critical security flaw in a popular vibe coding platform...

29
Jul
PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain

The maintainers of the Python Package Index (PyPI) repository have issued a warning about an...

29
Jul
Chaos RaaS Emerges After BlackSuit Takedown, Demanding $300K from U.S. Victims

A newly emerged ransomware-as-a-service (RaaS) gang called Chaos is likely made up of former members...

29
Jul
How the Browser Became the Main Cyber Battleground

Until recently, the cyber attacker methodology behind the biggest breaches of the last decade or...

29
Jul
Cybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asia’s Mobile Networks

Cybersecurity researchers have discovered a new, large-scale mobile malware campaign that’s targeting Android and iOS...

29
Jul
Why React Didn’t Kill XSS: The New JavaScript Injection Playbook

React conquered XSS? Think again. That’s the reality facing JavaScript developers in 2025, where attackers...

29
Jul
CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security vulnerability...

29
Jul
Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads

In what’s the latest instance of a software supply chain attack, unknown threat actors managed...

28
Jul
⚡ Weekly Recap — SharePoint Breach, Spyware, IoT Hijacks, DPRK Fraud, Crypto Drains and More

Some risks don’t breach the perimeter—they arrive through signed software, clean resumes, or sanctioned vendors...

28
Jul
Comment Now! NIST IR 8374, Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile
July 28, 2025

Earlier this year, the NIST National Cybersecurity Center of Excellence published an initial public draft...

Email Security Is Stuck in the Antivirus Era: Why It Needs a Modern Approach

Picture this: you’ve hardened every laptop in your fleet with real‑time telemetry, rapid isolation, and...

28
Jul
Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure

The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks...

28
Jul