Latest Intelligence
Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling
Cybersecurity researchers have reported a cyber attack where threat actors misused the Velociraptor forensic tool to download and execute Visual Studio Code, indicating a trend of legitimate software being exploited for malicious activities. This incident highlights the risks associated with the abuse of open-source tools in cyber attacks. Read Original »
WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices
WhatsApp has released an emergency update to address a significant security vulnerability in its messaging apps for iOS and macOS. This vulnerability, identified as CVE-2025-55177, may have been exploited in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks. Read Original »
Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution
Researchers have identified three critical vulnerabilities in the Sitecore Experience Platform that could lead to information disclosure and remote code execution. These vulnerabilities involve HTML cache poisoning and insecure deserialization, posing significant security risks to users. Read Original »
In Other News: Iranian Ships Hacked, Verified Android Developers, AI Used in Attacks
Recent reports indicate that communications of numerous Iranian ships have been disrupted, highlighting vulnerabilities in maritime cybersecurity. Additionally, Android devices will now only support applications from verified developers, aiming to enhance security. Furthermore, artificial intelligence is being utilized in various stages of cyberattacks, raising concerns about the evolving threat landscape. Read Original »
VerifTools Fake ID Operation Dismantled by Law Enforcement
Law enforcement has dismantled the VerifTools operation, which was involved in selling fake driver’s licenses and passports globally. This illegal activity allowed fraudsters to circumvent Know Your Customer (KYC) checks and gain unauthorized access to online accounts. Read Original »
An Audit Isn't a Speed Bump — It's Your Cloud Co-Pilot
The article emphasizes that auditing should be viewed as a tool to enhance trust rather than an obstacle to progress. It suggests that effective auditing can serve as a valuable co-pilot in cloud operations. Read Original »
Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authentication
Amazon has disrupted a watering hole campaign linked to APT29, which was aimed at gathering intelligence by redirecting users from compromised websites to malicious infrastructure. The attackers attempted to trick users into authorizing devices controlled by them through Microsoft's device code authentication. Read Original »
Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaign
An abandoned update server for Sogou Zhuyin IME software was exploited by threat actors in an espionage campaign, distributing various malware including C6DOOR and GTELAM. The attacks primarily targeted users in Eastern Asia through sophisticated methods like hijacked updates and fake cloud services. Read Original »
Proof-of-Concept in 15 Minutes? AI Turbocharges Exploitation
The article discusses how AI and large language models are significantly reducing the time required to generate exploits for software vulnerabilities. This rapid exploitation leaves security teams with limited time to implement patches, raising concerns about enterprise adaptability. Read Original »
Google Confirms Workspace Accounts Also Hit in Salesforce–Salesloft Drift Data Theft Campaign
Google has confirmed that a compromise of OAuth tokens allowed hackers to access a limited number of Workspace accounts through the Salesloft Drift integration, in addition to the theft of Salesforce data. This incident highlights vulnerabilities in OAuth token security and the potential for broader impacts across integrated platforms. Read Original »
TransUnion Data Breach Impacts 4.4 Million
TransUnion has reported a data breach affecting over 4.4 million individuals, with the incident occurring on July 28, 2025, and discovered shortly thereafter. The breach has resulted in the compromise of personal information of the affected individuals. Read Original »
Nevada Confirms Ransomware Attack Behind Statewide Service Disruptions
Nevada officials have confirmed that a ransomware attack has caused statewide service disruptions, including office closures and data theft. The state is collaborating with CISA and law enforcement to restore its critical systems. Read Original »
US Sanctions Russian National, Chinese Firm Aiding North Korean IT Workers
The US Treasury has imposed sanctions on a Russian national and a Chinese firm for their involvement in facilitating North Korean IT workers who utilized fake identities and technology to siphon funds back to Pyongyang. This action highlights the ongoing efforts to combat North Korea's illicit financial activities in the cyber realm. Read Original »
Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks
The ransomware group Storm-0501 has been exploiting vulnerabilities in hybrid cloud environments, specifically targeting Azure, to gain full control without using traditional file-encrypting malware. Instead, they are utilizing cloud-native capabilities for data exfiltration and deletion. Read Original »
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added the Sangoma FreePBX Authentication Bypass Vulnerability (CVE-2025-57819) to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. This vulnerability represents a significant risk to federal enterprises, prompting CISA to encourage all organizations to prioritize remediation efforts. Read Original »