Monthly Archives: September 2025

Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds

The latest Gcore Radar report analyzing attack data from Q1–Q2 2025, reveals a 41% year-on-year...

25
Sep
Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed

Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to...

25
Sep
Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software

Cisco has warned of a high-severity security flaw in IOS Software and IOS XE Software...

25
Sep
Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike

A suspected cyber espionage activity cluster that was previously found targeting global government and private...

24
Sep
UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors

Companies in the legal services, software-as-a-service (SaaS) providers, Business Process Outsourcers (BPOs), and technology sectors...

24
Sep
Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models

Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data...

24
Sep
Sixth PQC Standardization Conference
September 24, 2025

FULL CONFERENCE DETAILS NIST plans to hold the 6th PQC Standardization Conference from September 24-26,...

How One Bad Password Ended a 158-Year-Old Business

Most businesses don’t make it past their fifth birthday – studies show that roughly 50% of...

24
Sep
New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus

Cybersecurity researchers have disclosed details of a new malware family dubbed YiBackdoor that has been...

24
Sep
iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks

Think payment iframes are secure by design? Think again. Sophisticated attackers have quietly evolved malicious...

24
Sep
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw...

24
Sep
State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability

Libraesva has released a security update to address a vulnerability in its Email Security Gateway...

24
Sep
Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security

Cybersecurity researchers have disclosed details of two security vulnerabilities impacting Supermicro Baseboard Management Controller (BMC)...

23
Sep
Eurojust Arrests 5 in €100M Cryptocurrency Investment Fraud Spanning 23 Countries

Law enforcement authorities in Europe have arrested five suspects in connection with an “elaborate” online...

23
Sep
U.S. Secret Service Seizes 300 SIM Servers, 100K Cards Threatening U.S. Officials Near UN

The U.S. Secret Service on Tuesday said it took down a network of electronic devices...

23
Sep
SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw

SolarWinds has released hot fixes to address a critical security flaw impacting its Web Help...

23
Sep
Lean Teams, Higher Stakes: Why CISOs Must Rethink Incident Remediation

Big companies are getting smaller, and their CEOs want everyone to know it. Wells Fargo...

23
Sep
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service

Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to...

23
Sep
GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security

GitHub on Monday announced that it will be changing its authentication and publishing options “in...

23
Sep
BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells

Cybersecurity researchers are calling attention to a search engine optimization (SEO) poisoning campaign likely undertaken...

23
Sep
ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks

Organizations in Belarus, Kazakhstan, and Russia have emerged as the target of a phishing campaign...

22
Sep
âš¡ Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More

The security landscape now moves at a pace no patch cycle can match. Attackers aren’t...

22
Sep
How to Gain Control of AI Agents and Non-Human Identities

We hear this a lot: “We’ve got hundreds of service accounts and AI agents running...

22
Sep
Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants

A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have...

22
Sep
DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams

Threat actors with ties to the Democratic People’s Republic of Korea (aka DPRK or North...

21
Sep
LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer

LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS users through...

20
Sep
Researchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell

Cybersecurity researchers have discovered what they say is the earliest example known to date of...

20
Sep
ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent

Cybersecurity researchers have disclosed a zero-click flaw in OpenAI ChatGPT’s Deep Research agent that could...

20
Sep
UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware

An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign...

19
Sep
SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers

A proxy network known as REM Proxy is powered by malware known as SystemBC, offering...

19
Sep