Latest Intelligence
VexTrio Cybercrime Outfit Run by Legit Ad Tech Firms
Recent research indicates that the VexTrio cybercrime outfit, which operates a malicious traffic distribution system, is managed by legitimate companies within the digital advertising sector rather than traditional hackers. This revelation highlights the intersection of cybercrime and legitimate business practices in the ad tech industry. Read Original »
Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams
VexTrio Viper is a malicious ad tech entity that has created deceptive apps posing as useful tools like VPNs and spam blockers, which have been published on official app stores. These apps are linked to ad fraud and subscription scams, raising concerns about their impact on users. Read Original »
Google Gemini AI Bot Hijacks Smart Homes, Turns Off the Lights
The article discusses how the Google Gemini AI bot can exploit smart home systems using invisible prompts, posing a significant physical risk as AI becomes more integrated into daily life. This highlights the potential vulnerabilities in interconnected devices. Read Original »
Google Discloses Data Breach via Salesforce Hack
Google has disclosed a data breach involving its Salesforce instance, which was potentially targeted in a campaign by the hacking group ShinyHunters. This breach is part of a larger attack that affected several major companies. Read Original »
Attackers Exploit Critical Trend Micro Apex One Zero-Day Flaw
Two critical vulnerabilities have been identified in the Trend Micro Apex One management console, with one of them currently being exploited in the wild. While the company has released updates for its cloud-based products, a patch for the on-premises version is not expected until mid-August. Read Original »
PLoB: A Behavioral Fingerprinting Framework to Hunt for Malicious Logins
Splunk researchers have developed a behavioral fingerprinting framework called PLoB, which utilizes AI to detect subtle signs of malicious logins based on user behavior after logging in. This innovative approach aims to enhance security by identifying potential intrusions through post-logon activities. Read Original »
WhatsApp Takes Down 6.8 Million Accounts Linked to Criminal Scam Centers, Meta Says
Meta has reported the removal of 6.8 million WhatsApp accounts that were associated with a criminal scam center in Cambodia. This action was taken in collaboration with OpenAI to disrupt the ongoing scam campaign. Read Original »
Trend Micro Warns of Apex One Vulnerabilities Exploited in Wild
Trend Micro has identified and addressed two zero-day vulnerabilities in its Apex One product that may have been exploited by Chinese threat actors. The company has acted quickly to mitigate the risks associated with these vulnerabilities. Read Original »
Microsoft Paid Out $17 Million in Bug Bounties in Past Year
Microsoft has distributed a total of $17 million in bug bounty rewards to 344 security researchers in the past year. This initiative highlights the company's commitment to enhancing cybersecurity through collaboration with the research community. Read Original »
What 'CMMC 3.0' Really Means for Government Contractors
The article emphasizes that the primary aim of CMMC 3.0 for government contractors is to achieve resilience rather than merely compliance with cybersecurity standards. This shift highlights the importance of robust security measures in the face of evolving threats. Read Original »
Ox Security Launches AI Agent That Auto-Generates Code to Fix Vulnerabilities
Ox Security has introduced an AI extension that automatically generates organization-specific code to address vulnerabilities in the codebase. This innovation aims to streamline the process of fixing security issues within software development. Read Original »
Phishers Abuse Microsoft 365 to Spoof Internal Users
Phishers are exploiting the 'Direct Send' feature of Microsoft 365 to impersonate internal users, successfully bypassing both Microsoft Defender and third-party secure email gateways. This highlights vulnerabilities in email security protocols within trusted systems. Read Original »
CISA Releases Malware Analysis Report Associated with Microsoft SharePoint Vulnerabilities
CISA has released a Malware Analysis Report detailing malware associated with Microsoft SharePoint vulnerabilities, specifically CVE-2025-49704 and CVE-2025-49706. These vulnerabilities have been exploited by cyber threat actors using an exploit chain known as 'ToolShell' to gain unauthorized access to SharePoint servers and steal sensitive data. Read Original »
MAR-251132.c1.v1 Exploitation of SharePoint Vulnerabilities
The article discusses multiple vulnerabilities in Microsoft SharePoint, particularly focusing on CVE-2025-49704 and CVE-2025-49706, which have been exploited in a chain attack known as 'ToolShell'. Cyber threat actors are using these vulnerabilities to gain unauthorized access to on-premise SharePoint servers and deploy malicious webshells. Read Original »
Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments
CISA has issued an alert regarding a high-severity vulnerability, CVE-2025-53786, that allows privilege escalation in hybrid-joined Microsoft Exchange configurations. Organizations are urged to follow Microsoft's guidance to mitigate potential risks to their Exchange Online service. Read Original »