Real-time threat intelligence from trusted sources
Securelist
The report investigates the employment and recruitment practices on the dark web, highlighting a significant and concerning trend in illicit job postings. With over 2,000 job-related posts analyzed, the findings suggest a growing underground economy that poses serious implications for cybersecurity and law enforcement.
CTM360 has uncovered a global campaign, HackOnChat, that is hijacking WhatsApp accounts through deceptive authentication portals and social engineering tactics. This rapidly expanding threat poses a significant risk to users worldwide, as it exploits familiar web interfaces to compromise accounts.
The Sturnus Android banking trojan poses a significant threat by enabling credential theft and complete device takeover for financial fraud. Its unique capability to bypass encrypted messaging by capturing decrypted content directly from the device screen raises serious concerns about user privacy and security.
Kaspersky GReAT experts have identified the Tsundere botnet, which utilizes Node.js-based bots to exploit web3 smart contracts. The campaign poses a significant cybersecurity threat as it spreads through MSI installers and PowerShell scripts, indicating a sophisticated method of propagation.
Iran-linked hackers have been involved in cyber warfare to support real-world missile strikes, highlighting the dangerous convergence of cyber attacks and kinetic warfare. This trend indicates a growing need for new frameworks to address the evolving nature of warfare, as traditional boundaries between cyber and physical attacks become increasingly blurred.
The TamperedChef malware campaign exploits fake software installers to distribute JavaScript malware, enabling remote access and control of infected systems. This ongoing global threat poses significant risks to users who may unknowingly install these malicious applications.
Fortinet is facing significant challenges as a second zero-day vulnerability in its web application firewall (WAF) has been discovered and is under attack. This situation raises concerns about the vendor's disclosure practices and the overall security of their products.
The article discusses the challenges faced by international corporations in navigating conflicting cyber laws from various countries, which can lead to fragmented systems that are more susceptible to cyber risks. This fragmentation poses significant security vulnerabilities for large organizations, highlighting the need for cohesive regulatory frameworks.
The article highlights the vulnerabilities of agentic AI to hijacking, which can lead to the subversion of an agent's goals. This raises significant concerns about the potential for compromised interactions to affect entire networks, indicating a serious cybersecurity threat.
The NHS England Digital has issued a warning regarding a security vulnerability in 7-Zip, identified as CVE-2025-11001, which allows for remote code execution through symbolic links. Although no active exploitation has been observed, a public proof-of-concept exploit exists, raising concerns about potential future threats.
Cloudflare experienced a significant outage that was initially suspected to be a DDoS attack. However, it was later determined to be caused by an internal configuration error related to a routine change in permissions, leading to widespread software failure.
A new cyber campaign has emerged in Brazil, utilizing social engineering and WhatsApp hijacking to spread a banking trojan called Eternidade Stealer. This threat is significant due to its ability to dynamically retrieve command-and-control addresses, indicating a sophisticated level of exploitation targeting Brazilian users.
The article highlights a serious vulnerability in railway braking systems that can be exploited using inexpensive materials and gadgets, posing a significant risk to safety. This tampering could lead to dangerous situations for train conductors and passengers alike.
The Hacker News
Operation WrtHug has compromised tens of thousands of outdated ASUS routers globally, primarily affecting users in Taiwan, the U.S., and Russia. The severity of this campaign highlights the risks associated with using end-of-life devices, as they can be easily hijacked to form a large botnet.
All CISA Advisories
The Cybersecurity and Infrastructure Security Agency (CISA) has released a guide to help Internet Service Providers (ISPs) mitigate risks associated with Bulletproof Hosting (BPH) providers that facilitate cybercriminal activities like ransomware and phishing. The guide emphasizes the importance of collaboration and proactive measures to reduce the effectiveness of BPH infrastructure, which poses significant threats to critical systems and services.