Monthly Archives: July 2025

Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide

Cybersecurity researchers have discovered over a dozen security vulnerabilities impacting Tridium’s Niagara Framework that could...

28
Jul
U.S. Sanctions Firm Behind N. Korean IT Scheme; Arizona Woman Jailed for Running Laptop Farm

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned a North...

25
Jul
Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files

The threat actor known as Patchwork has been attributed to a new spear-phishing campaign targeting...

25
Jul
Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor

Russian aerospace and defense industries have become the target of a cyber espionage campaign that...

25
Jul
Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks

Threat hunters have disclosed two different malware campaigns that have targeted vulnerabilities and misconfigurations across...

25
Jul
Overcoming Risks from Chinese GenAI Tool Usage

A recent analysis of enterprise data suggests that generative AI tools developed in China are...

25
Jul
Critical Mitel Flaw Lets Hackers Bypass Login, Gain Full Access to MiVoice MX-ONE Systems

Mitel has released security updates to address a critical security flaw in MiVoice MX-ONE that...

24
Jul
Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments

Virtualization and networking infrastructure have been targeted by a threat actor codenamed Fire Ant as...

24
Jul
CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing

Cybersecurity researchers have shed light on a new versatile malware loader called CastleLoader that has...

24
Jul
Sophos and SonicWall Patch Critical RCE Flaws Affecting Firewalls and SMA 100 Devices

Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure...

24
Jul
Watch This Webinar to Uncover Hidden Flaws in Login, AI, and Digital Trust — and Fix Them

Is Managing Customer Logins and Data Giving You Headaches? You’re Not Alone! Today, we all...

24
Jul
Pentests once a year? Nope. It’s time to build an offensive SOC

You wouldn’t run your blue team once a year, so why accept this substandard schedule...

24
Jul
China-Based APTs Deploy Fake Dalai Lama Apps to Spy on Tibetan Community

The Tibetan community has been targeted by a China-nexus cyber espionage group as part of...

24
Jul
Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems

Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint...

24
Jul
Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cybercrime Marketplace

Europol on Monday announced the arrest of the suspected administrator of XSS.is (formerly DaMaGeLaB), a...

24
Jul
Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the “mu-plugins” directory in WordPress...

24
Jul
Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware

The threat actor behind the exploitation of vulnerable Craft Content Management System (CMS) instances has...

23
Jul
New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials

The Windows banking trojan known as Coyote has become the first known malware strain to...

23
Jul
Kerberoasting Detections: A New Approach to a Decade-Old Challenge

Security experts have been talking about Kerberoasting for over a decade, yet this attack continues...

23
Jul
Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages

Google has announced the launch of a new initiative called OSS Rebuild to bolster the...

23
Jul
CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws impacting SysAid IT...

23
Jul
CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft...

23
Jul
Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups

Microsoft has formally tied the exploitation of security flaws in internet-facing SharePoint Server instances to...

22
Jul
Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access

Cisco on Monday updated its advisory of a set of recently disclosed security flaws in...

22
Jul
The Anatomy of a Phishing Email

One of the most common tactics threat actors use to trick individuals into giving up...

22
Jul
Credential Theft and Remote Access Surge as AllaKore, PureRAT, and Hijack Loader Proliferate

Mexican organizations are still being targeted by threat actors to deliver a modified version of...

22
Jul
Draft SP 800-53 Controls on Secure and Reliable Patches Available for Comment
July 22, 2025

NIST has issued draft updates to Special Publication (SP) 800-53 to provide additional guidance on...

How to Advance from SOC Manager to CISO?

Making the move from managing a security operations center (SOC) to being a chief information...

22
Jul
Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

The recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July...

22
Jul
Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents

Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with the Iranian...

21
Jul