VulnHub

AI-Powered Cybersecurity Intelligence

Last Update Check:

Latest Intelligence

The Hacker News
Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign

Iran-linked hackers, identified as UNC2428, have been targeting Israel using a backdoor malware called MURKYTOUR through a job-themed social engineering campaign. This incident highlights ongoing cyber espionage efforts aligned with Iranian interests.


Impact: Not specified

In the Wild: Yes

Age: Discovered in October 2024

Remediation: None available

Google

Published:

SecurityWeek
Files Deleted From GitHub Repos Leak Valuable Secrets

A security researcher has uncovered numerous leaked secrets by recovering files that were deleted from GitHub repositories. This issue highlights the risks associated with improperly managing sensitive information in version control systems.


Impact: GitHub repositories

In the Wild: Unknown

Age: Recently disclosed

Remediation: Review and secure sensitive information in repositories, implement better access controls.

Published:

The Hacker News
Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices

Researchers have uncovered a malicious campaign targeting Russian military personnel, distributing Android spyware disguised as the Alpine Quest mapping application. This threat highlights the ongoing cybersecurity challenges faced by military organizations and the tactics employed by attackers to infiltrate their systems.


Impact: Alpine Quest mapping software, Android OS

In the Wild: Yes

Age: Recently disclosed

Remediation: Use official app stores for downloads, verify app authenticity.

Android

Published:

SecurityWeek
Miggo Security Banks $17M Series A for ADR Technology

Miggo Security, an Israeli runtime application security startup, has successfully secured $17 million in a Series A funding round to enhance its ADR technology. This investment, led by SYN Ventures and YL Ventures, underscores the growing importance of application security in the cybersecurity landscape.


Impact: Not specified

In the Wild: Unknown

Age: Recently disclosed

Remediation: None available

Published:

SecurityWeek
Picnic Corporation Rebrands to VanishID, Raises $10 Million

Picnic Corporation has undergone a rebranding to VanishID, coinciding with the introduction of a new privacy and security offering aimed at CEOs. This strategic move is significant as it reflects the company's focus on enhancing privacy solutions in the cybersecurity landscape.


Impact: Not specified

In the Wild: Unknown

Age: Recently disclosed

Remediation: None available

Published:

The Hacker News
Three Reasons Why the Browser is Best for Stopping Phishing Attacks

Phishing attacks are a growing threat in 2025, with attackers increasingly using identity-based techniques rather than software exploits. This shift highlights the need for effective browser-based solutions to combat these attacks and protect sensitive information.


Impact: Not specified

In the Wild: Unknown

Age: Current issue in 2025

Remediation: Implement browser-based security measures to enhance protection against phishing.

Phishing

Published:

The Hacker News
Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp

Russian hackers are aggressively targeting individuals and organizations linked to Ukraine, exploiting Microsoft OAuth to gain unauthorized access to Microsoft 365 accounts. This shift in tactics highlights an evolving threat landscape in cyber operations against human rights advocates.


Impact: Microsoft 365 accounts

In the Wild: Yes

Age: Discovered in early March 2025

Remediation: Implement security awareness training, monitor account activity, and strengthen authentication measures.

Microsoft Exploit

Published:

SecurityWeek
Kelly Benefits Data Breach Impacts 260,000 People

Kelly Benefits has reported a data breach affecting over 260,000 individuals, highlighting significant concerns regarding data security in payroll and benefits solutions. This incident raises awareness about the vulnerabilities that can impact personal information.


Impact: Not specified

In the Wild: Unknown

Age: Recently disclosed

Remediation: None available

Data Breach

Published:

SecurityWeek
Cyberattack Hits British Retailer Marks & Spencer

British retailer Marks & Spencer has suffered service disruptions due to a cyberattack, highlighting the increasing threat to retail businesses in the digital landscape. The incident underscores the need for robust cybersecurity measures in the industry.


Impact: Not specified

In the Wild: Unknown

Age: Unknown

Remediation: None available

Published:

SecurityWeek
Data Breach at Onsite Mammography Impacts 350,000

Onsite Mammography, a medical firm in Massachusetts, has reported a data breach affecting the personal information of approximately 350,000 patients. This incident raises significant concerns about patient privacy and data security in the healthcare sector.


Impact: Not specified

In the Wild: Unknown

Age: Recently disclosed

Remediation: None available

Data Breach

Published:

WeLiveSecurity
How fraudsters abuse Google Forms to spread scams

Fraudsters are increasingly using Google Forms as a tool for social engineering and to distribute malware, posing significant risks to users. Awareness and caution are essential to protect against these scams.


Impact: Google Forms

In the Wild: Yes

Age: Recently disclosed

Remediation: Stay vigilant, verify links, and avoid sharing personal information.

Google

Published:

The Hacker News
Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

The Ripple npm package xrpl.js has been compromised in a supply chain attack, allowing threat actors to steal users' private keys. This issue affects multiple versions of the package and has been addressed in the latest updates.


Impact: Ripple's xrpl.js npm package versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2

In the Wild: Unknown

Age: Recently disclosed

Remediation: Update to versions 4.2.5 and 2.14.3

Published:

darkreading
Zambia's Updated Cyber Laws Prompt Surveillance Warnings

Zambia's recently enacted Cyber Security Act and Cyber Crime Act have raised concerns among critics, including the US embassy, who argue that these laws may lead to the suppression of dissent and an excessive concentration of power. The implications of these laws could significantly impact civil liberties and freedom of expression in the country.


Impact: Not specified

In the Wild: Unknown

Age: Recently enacted

Remediation: None available

Published:

The Hacker News
Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito

Google has announced that it will discontinue the standalone prompt for third-party cookies in its Chrome browser as part of its Privacy Sandbox initiative. This decision emphasizes the company's commitment to user privacy while maintaining existing cookie management practices.


Impact: Google Chrome

In the Wild: No

Age: Recently disclosed

Remediation: None available

Google

Published:

darkreading
Verizon: Edge Bugs Soar, Ransoms Lag, SMBs Bedeviled

In 2024, the cybersecurity landscape saw unexpected trends with a rise in less prominent attack scenarios, while anticipated threats did not materialize as expected. This shift highlights the evolving nature of cybersecurity risks, particularly affecting small and medium-sized businesses (SMBs).


Impact: Not specified

In the Wild: Unknown

Age: 2024

Remediation: None available

Ransomware

Published: