Latest Intelligence
New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code
A new variant of the Konfety malware has been identified, which uses the evil twin technique to facilitate ad fraud. This method involves creating a malicious app that shares the same package name as a legitimate app found on the Google Play Store. Read Original »
Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act
Google's AI framework, Big Sleep, identified a critical memory corruption vulnerability in the SQLite database engine before it could be exploited by attackers. The flaw, tracked as CVE-2025-6965, affects all versions of SQLite prior to 3.50.2. Read Original »
Altered Telegram App Steals Chinese Users' Android Data
Attackers are using over 600 domains to lure Chinese-speaking victims into downloading a compromised version of the Telegram app, which is particularly difficult to detect on older Android devices. This poses a significant risk to the personal data of users who install the vulnerable app. Read Original »
Lessons Learned From McDonald's Big AI Flub
McDonald's hiring platform faced a significant cybersecurity issue by using default credentials, which led to the exposure of sensitive information belonging to potentially millions of job applicants. This incident highlights the importance of securing access credentials to protect personal data. Read Original »
AI Is Reshaping How Attorneys Practice Law
The article discusses the growing influence of AI in the legal field, emphasizing the need for attorneys to enhance their AI literacy and understand the ethical implications of AI usage. It also highlights the importance of implementing verification protocols to ensure credibility in courtrooms affected by AI technologies. Read Original »
AsyncRAT Spawns Concerning Labyrinth of Forks
AsyncRAT, which emerged on GitHub in 2019, exemplifies the rise of open source malware that has made cybercrime more accessible. Its numerous variants create a complex landscape for cybersecurity efforts. Read Original »
Attackers Abuse AWS Cloud to Target Southeast Asian Governments
A cyber campaign targeting Southeast Asian governments has been identified, utilizing a new backdoor named HazyBeacon. This campaign leverages legitimate cloud communication channels for command-and-control and data exfiltration, obscuring its malicious activities. Read Original »
Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors
Cloudflare reported a significant increase in hyper-volumetric DDoS attacks, reaching a record high of 7.3 million mitigated attacks in Q2 2025, down from 20.5 million in the previous quarter. The company blocked over 6,500 hyper-volumetric DDoS attacks during this period. Read Original »
Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools
GLOBAL GROUP is a newly emerged ransomware-as-a-service operation that has been active since June 2025, targeting various sectors across multiple countries including Australia, Brazil, Europe, and the United States. The operation is promoted by a threat actor known as '$$$' on the Ramp4u forum. Read Original »
How Criminal Networks Exploit Insider Vulnerabilities
Criminal networks are evolving rapidly, taking advantage of insider vulnerabilities within companies. The article emphasizes the need for organizations to enhance their defenses to counteract these threats. Read Original »
MITRE Launches AADAPT Framework for Financial Systems
MITRE has introduced the AADAPT framework, which is designed to enhance the detection and response to cyberattacks targeting cryptocurrency assets and financial systems. This new framework is modeled after the existing MITRE ATT&CK framework. Read Original »
Hitachi Energy Asset Suite
The article discusses multiple vulnerabilities in Hitachi Energy's Asset Suite, which could allow attackers to gain unauthorized access, execute remote code, or escalate privileges. Key vulnerabilities include incomplete input validation, plaintext password storage, and out-of-bounds writes affecting various components of the software. Read Original »
LITEON IC48A and IC80A EV Chargers
The LITEON IC48A and IC80A EV chargers have a vulnerability that allows plaintext storage of FTP server access credentials in system logs, potentially exposing sensitive information. Firmware updates are available to mitigate this issue. Read Original »
ABB RMC-100
The ABB RMC-100 has multiple vulnerabilities related to hard-coded cryptographic keys and stack-based buffer overflows, which can lead to unauthorized access to MQTT configuration data and denial-of-service conditions. These vulnerabilities are only present when the REST interface is enabled, which is disabled by default. Read Original »
CISA Releases Six Industrial Control Systems Advisories
CISA has released six advisories related to vulnerabilities in various Industrial Control Systems (ICS) as of July 15, 2025. These advisories aim to inform users and administrators about current security issues and provide guidance on mitigations. Read Original »