Google's August 2025 Android Security Bulletin fixes six system and third-party component vulnerabilities. Two of these are critical: CVE-2025-48530, a remote code execution flaw in the System component with no user interaction, and CVE-2025-21479 (and CVE-2025-27038, CVE-2025-21480), relating to use-after-free bugs in Qualcomm Adreno GPU drivers.
Threat actors are actively exploiting Microsoft 365's Direct Send feature to deliver phishing emails that appear to originate from within an organization.
A recent article in The Hacker News points out a far too common but critical misunderstanding in SaaS security: misconfigurations too often are inappropriately conflated with software vulnerabilities, but they differ.
Latest Infosecurity Magazine news reports an increase in cyber operations performed by pro-Iranian hacking groups that are well aligned with recent military attacks against Israel.
Researchers at Zscaler have uncovered several key updates made to Raspberry Robin, aka Roshtyak, a malicious downloader that has been around since 2021.
Several ransomware gangs have joined ongoing attacks on Microsoft SharePoint Servers, taking advantage of a series of high-severity vulnerabilities known as the "ToolShell" exploit chain.
Cleafy's Threat Intelligence team uncovered a global Malware-as-a-Service campaign that had been distributing the PlayPraetor remote access trojan (RAT) via fake impersonations of Google Play Store websites. It has infected over 11,000 Android devices worldwide, with particularly dense numbers found in Europe (Portugal, Spain, France), and observable spreads in Morocco, Peru, and Hong Kong.
Since July 2025, security firm Arctic Wolf has seen an increase in Akira ransomware activity targeting SonicWall firewall devices for initial access.
Wiz Research discovered a critical chain of vulnerabilities in NVIDIA Triton Inference Server for both Linux and Windows environments. It starts with a Python backend data leak and continues to unauthenticated remote code execution (RCE).
Between June and July 2025, the Cloudflare Email Security team identified a series of cybercriminal activity that exploited link wrapping features from security vendors Proofpoint and Intermedia.
There has been a large-scale ransomware operation active since early July 2025 that has been attacking users all over the world by impersonating popular platforms like Discord, Twitch, OnlyFans, and other social media platforms.
Microsoft has announced that it will start disabling external workbook links to blocked file types by default between October 2025 and July 2026.
Microsoft Threat Intelligence has released a report uncovering a cyberespionage campaign by the Russian state-sponsored actor Secret Blizzard, also known by aliases such as Turla, Waterbug, and Venomous Bear.
Researchers at Proofpoint have uncovered details of a phishing campaign using fake Microsoft OAuth applications to impersonate various enterprise services
Checkpoint Research provides a detailed retrospective examination of the activity attributed to Storm 2603, a sophisticated threat group with suspected connections to state-sponsored or financially motivated groups.
CVE-2025-8292 is a critical bug found C++ that targets Windows OS. C++. AcceptDismiss in the V8 JavaScript engine of Google Chrome. The problem is a use-after-free condition, which occurs when information is accessed after being freed.
New research by Sonatype outlines a sophisticated and persistent campaign by North Korean state-sponsored Lazarus Group, using the strategic weaponization of open-source ecosystems.
With the cybersecurity landscape still marked by escalating complexity, regulatory strain, and a persistent shortage of executive security experience, artificial intelligence is quietly but successfully revolutionizing the role of the virtual Chief Information Security Officer.
In July 2025, the DoJ indicted two Chinese hackers, Xu Zewei and Zhang Yu, for their work on behalf of China's Ministry of State Security, revealing new details about the PRC's contracting ecosystem.
Gen Digital researcher Ladislav Zezula recently released a decryptor for FunkSec ransomware, allowing victims to recover their files for free. FunkSec initiated operations towards the end of 2024 and to date has claimed 172 victims worldwide, with technology, government, and education being the top three sectors targeted.
In a frightening extension of their activities, the cybercrime group Scattered Spider has recently shifted its focus to the exfiltration of sensitive data from Snowflake data storage systems.
In an increasingly worrisome trend, the rate at which threat actors have been exploiting vulnerabilities has accelerated to record-breaking heights, further muddying the waters of cybersecurity.
Cyfirma's analysis reveals Raven Stealer as a rapidly spreading, lightweight information-stealing malware crafted in Delphi and C++ that targets Windows OS. It features a GUI that enables the user to generate a customized stub payload either in its original form or packed with UPX.
French telecoms conglomerate Orange was hit with a cyberattack on July 25, 2025, which resulted in widespread service disruptions on its IT platform.
A Microsoft SharePoint zero-day vulnerability exploit chain, dubbed “ToolShell,” is actively being leveraged in attacks in the wild, with 396 compromised systems being identified to date and still counting.
A high-severity vulnerability in PaperCut NG/MF print management software has been added to CISA's known Exploited Vulnerabilities Catalog.
Clorox is suing its IT services partner, Cognizant, alleging negligence led to a devastating $380 million ransomware attack in August 2023 that caused severe operational disruption.
Cybersecurity firm Darktrace has revealed the first documented case of attackers exploiting a critical SAP NetWeaver vulnerability (CVE-2025-31324) to deliver Auto-Color, a stealthy Linux-based remote access trojan.
The newly discovered Linux variant of Gunra ransomware marks a significant expansion in the group's capabilities and cross-platform ambitions. First observed in April 2025, targeting Windows systems with techniques reminiscent of Conti ransomware, Gunra has now shifted toward broader targets by introducing a powerful Linux variant.
Microsoft Threat Intelligence has uncovered a serious macOS vulnerability, dubbed "Sploitlight," that allows attackers to bypass Apple's Transparency, Consent, and Control protections to access highly sensitive data, including files in the Downloads, Pictures, and other restricted directories.
The OT-ISAC (Operational Technology) has issued a threat alert regarding an active and highly coordinated cyber-espionage campaign by the Chinese state-sponsored APT group UNC3886, which is targeting Singapore's critical infrastructure. UNC3886, active since at least 2021, exploits zero-day vulnerabilities in FortiOS, VMware, Juniper, and ESXi hypervisors.
Last week, the U.S Department of Justice announced the seizure of data extortion sites belonging to BlackSuit, a notorious ransomware gang that has breached the networks of dozens of organizations worldwide.
A high-severity vulnerability in PaperCut NG/MF print management software has been added to CISA's known Exploited Vulnerabilities Catalog. Tracked as CVE-2023-2533, the flaw pertains to a case of cross-site request forgery and can allow actors to alter security setting or execute arbitrary code upon exploitation.
Cybersecurity researchers at Nozomi Networks have uncovered over a dozen security vulnerabilities in Tridium's Niagara Framework, a platform used in building management, industrial automation, and smart infrastructure systems.
In mid-July 2025, Amazon faced a significant security incident when a hacker planted data-wiping code into its generative AI-powered Amazon Q Developer Extension for Visual Studio Code.
A recent phishing campaign identified by the Cofense Phishing Defense Center demonstrates how cybercriminals are leveraging familiar virtual meeting platforms and psychological manipulation to steal user credentials.
Cyble recently released a vulnerability intelligence report that illustrates an unsecured and proliferating threat landscape, with over 900 vulnerabilities tracked last week, nearly 200 of which already have public-facing Proof-of-Concepts (PoCs) available.
CloudSEK's TRIAD recently uncovered a Clickfix-themed malware delivery site associated with the Epsilon Red ransomware. Unlike previous Clickfix campaigns, this site directed victims to a secondary page instead of copying malicious commands to the clipboard after clicking on the “verify you are human” button.
In early 2025, Sygnia identified and investigated a sophisticated cyber-espionage campaign known as Fire Ant, which targeted VMware ESXi hosts, vCenter servers, and network appliances.
Aqua Nautilus has uncovered Koske, a sophisticated and likely AI-assisted Linux malware campaign that highlights the emerging convergence between artificial intelligence and cyber threats.
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has imposed new sanctions on three North Korean individuals, Kim Se Un, Jo Kyong Hun, and Myong Chol Min, and the Korea Sobaeksu Trading Company for their roles in supporting the Democratic People's Republic of Korea's (DPRK) illicit IT worker schemes.
The first half of 2025 saw a surge in new ransomware Dedicated Leak Sites (DLS), with the Gunra ransomware group notably emerging as a significant threat and launching a DLS in April.
NoName057(16) is a pro-Russian hacktivist group that emerged back in March 2022, right around the time the Russia-Ukraine conflict initiated. Since then, NoName057 has been actively launching DDoS attacks against targets of interest not only in Ukraine but also entities in European nations opposing Russia's invasion, such as France and Sweden.
CastleLoader is a sophisticated loader malware that emerged in early 2025, primarily used to distribute stealer malware and RATs through phishing techniques and fake GitHub repositories. Its most common delivery method leverages ClickFix phishing pages mimicking Cloudflare error screens, browser updates, or developer tools to convince victims to copy and execute PowerShell commands.
Cisco Talos Incident Response researchers have uncovered a new ransomware-as-a-service group known as Chaos, active since early 2025, engaging in high-impact, double extortion ransomware campaigns.
Microsoft has disclosed that the financially motivated threat actor Storm-2603, suspected to be China-based, is actively exploiting vulnerabilities in Microsoft SharePoint to deploy Warlock ransomware.
According to Netscout's 2H 2024 DDoS Threat Intelligence Report, Wireline networks were the most frequently targeted by DDoS attacks in the second half of 2024. Between July and December 2024, wired telecommunication carriers faced a total of 524,445 DDoS attacks, significantly higher than the 24,433 attacks against wireless telecommunications carriers during the same period.