Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign
Dec 16, 2025Ravie LakshmananMalware / Threat Detection An ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using...
targeting
Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails
Dec 05, 2025Ravie LakshmananEmail Security / Threat Research A new agentic browser attack targeting Perplexity's Comet browser that's capable of...
MuddyWater: Snakes by the riverbank
ESET researchers have identified new MuddyWater activity primarily targeting organizations in Israel, with one confirmed target in Egypt. MuddyWater, also...
Shai-Hulud 2.0: over 14,000 secrets exposed
TL;DR: A new wave of the Shai-Hulud supply chain attack targeting NPM packages, dubbed “The Second Coming” by the...
WhatsApp compromise leads to Astaroth deployment
Sophos analysts are investigating a persistent, multi-stage malware distribution campaign targeting WhatsApp users in Brazil. First observed on September 24,...
Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks
Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks Pierluigi Paganini November 20, 2025 Iran-linked actors mapped...
Iranian Hackers Launch ‘SpearSpecter’ Spy Operation on Defense & Government Targets
The Iranian state-sponsored threat actor known as APT42 has been observed targeting individuals and organizations that are of interest to...
Germany’s BSI issues guidelines to counter evasion attacks targeting LLMs
Germany’s BSI issues guidelines to counter evasion attacks targeting LLMs Pierluigi Paganini November 14, 2025 Germany’s BSI warns of rising...
Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware
Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers to ClickFix-style...
Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic
Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with...
From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools
A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to...
Is Unsupported OpenJDK for Universities Good Enough?
Summary Oracle has begun targeting universities for audits to enforce its employee-based Java licensing model. Those found non-compliant face...
Researchers Expose GhostCall and GhostHire: BlueNoroff’s New Malware Chains
Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns...
Chinese Threat Group ‘Jewelbug’ Quietly Infiltrated Russian IT Network for Months
A threat actor with ties to China has been attributed to a five-month-long intrusion targeting a Russian IT service provider,...
Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors
Malware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30...
