Monthly Archives: July 2025

China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure

The China-linked cyber espionage group tracked as APT41 has been attributed to a new campaign...

21
Jul
⚡ Weekly Recap: SharePoint 0-Day, Chrome Exploit, macOS Spyware, NVIDIA Toolkit RCE and More

Even in well-secured environments, attackers are getting in—not with flashy exploits, but by quietly taking...

21
Jul
Assessing the Role of AI in Zero Trust

By 2025, Zero Trust has evolved from a conceptual framework into an essential pillar of...

21
Jul
PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse

Cybersecurity researchers have disclosed a novel attack technique that allows threat actors to bypass Fast...

21
Jul
Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks

Microsoft on Sunday released security patches for an actively exploited security flaw in SharePoint and...

21
Jul
Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access

Hewlett-Packard Enterprise (HPE) has released security updates to address a critical security flaw affecting Instant...

21
Jul
3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics

A new attack campaign has compromised more than 3,500 websites worldwide with JavaScript cryptocurrency miners,...

21
Jul
EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware

The financially motivated threat actor known as EncryptHub (aka LARVA-208 and Water Gamayun) has been...

20
Jul
Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations

A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an...

20
Jul
Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack

Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages...

20
Jul
Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers

A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the...

20
Jul
China’s Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones

Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that’s used by...

18
Jul
UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns

Multiple sectors in China, Hong Kong, and Pakistan have become the target of a threat...

18
Jul
Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks

Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed...

18
Jul
CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a phishing campaign...

18
Jul
Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices

Google on Thursday revealed it’s pursuing legal action in New York federal court against 25...

18
Jul
Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services

Cybersecurity researchers have disclosed a critical container escape vulnerability in the NVIDIA Container Toolkit that...

18
Jul
From Backup to Cyber Resilience: Why IT Leaders Must Rethink Backup in the Age of Ransomware

With IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing...

18
Jul
Hackers Use GitHub Repositories to Host Amadey Malware and Data Stealers, Bypassing Filters

Threat actors are leveraging public GitHub repositories to host malicious payloads and distribute them via...

17
Jul
Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner

Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache...

17
Jul
Europol Disrupts NoName057(16) Hacktivist Group Linked to DDoS Attacks Against Ukraine

An international operation coordinated by Europol has disrupted the infrastructure of a pro-Russian hacktivist group...

17
Jul
CTEM vs ASM vs Vulnerability Management: What Security Leaders Need to Know in 2025

The modern-day threat landscape requires enterprise security teams to think and act beyond traditional cybersecurity...

17
Jul
Chinese Hackers Target Taiwan’s Semiconductor Sector with Cobalt Strike, Custom Backdoors

The Taiwanese semiconductor industry has become the target of spear-phishing campaigns undertaken by three Chinese...

17
Jul
Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code

Cisco has disclosed a new maximum-severity security vulnerability impacting Identity Services Engine (ISE) and Cisco...

17
Jul
Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms

Cybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that...

16
Jul
UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access (SMA)...

16
Jul
Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access

Cybersecurity researchers have disclosed what they say is a “critical design flaw” in delegated Managed...

16
Jul
AI Agents Act Like Employees With Root Access—Here’s How to Regain Control

The AI gold rush is on. But without identity-first security, every deployment becomes an open...

16
Jul
New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code

Cybersecurity researchers have discovered a new, sophisticated variant of a known Android malware referred to...

16
Jul
Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild

Google on Tuesday rolled out fixes for six security issues in its Chrome web browser,...

16
Jul