A sophisticated transnational scheme was uncovered involving a criminal ring operating from Madrid and Latvia. The fraud campaign was structured and disguised as a legitimate investment platform, l...
A series of critical vulnerabilities have been discovered in MICROSENS NMP Web+, a widely used network management platform for industrial and critical manufacturing environments, putting thousands ...
TL;DR Investigated IDEs: Visual Studio Code (VSCode), Visual Studio, IntelliJ IDEA, and Cursor Flaw: Ability to create files that maintain verified symbols while adding malicious functionality Expl...
Online criminal forums, both on the public internet and on the “dark web” of Tor .onion sites, are a rich resource for threat intelligence researchers. The Sophos Counter Threat Unit (CTU) has a te...
A major Mexican drug cartel insider grassed on his fellow drug-peddlers back in 2018, telling the FBI that a cartel “hacker” was tracking a federal official and using their deep-rooted access to th...
Since 2024, Microsoft Threat Intelligence has observed remote information technology (IT) workers deployed by North Korea leveraging AI to improve the scale and sophistication of their operations, ...
Key takeaways TA829 conducts a mixture of espionage and cybercriminal operations, which rely on services sourced from the criminal underground, and a regularly updated suite of tools built upon the...
Trustwave SpiderLabs, which has been tracking Proton66 for the last several months, was able to make this connection by pivoting from Proton66-linked assets, which led to the identification of anot...
With the launch of its Cyberspace Force, China has elevated the digital domain to a theatre of war. The Cyberspace Force of the People’s Liberation Army (PLA) is China’s newest military branch, lau...
Last month, we encountered a particularly interesting and complex malware case that stood out from the usual infections we see in compromised WordPress websites. At first glance, the site looked cl...
Regional APT Threat Situation In May 2025, the global threat hunting system of Fuying Lab discovered a total of 44 APT attack activities. These activities are mainly distributed in South Asia, Eas...
Hawaiian Airlines has been hit by a cybersecurity incident, impacting some of its IT systems. The US airline disclosed the “cybersecurity event” in two updates posted on its website on June 26. T...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released two industrial control systems (ICS) advisories highlighting hardware vulnerabilities in Mitsubishi Electric an...
A serious security vulnerability in many Bluetooth headphones allows attackers to read data from the devices remotely and take over connections. This was discovered by researchers from the German s...
On June 25, 2025, French authorities announced that four members of the ShinyHunters (also known as ShinyCorp) cybercriminal group were arrested in multiple French regions for cybercrime activities...
A security incident at a fourth-party supplier earlier this month has led to online service disruption and potential customer data theft, Glasgow City Council has warned. On June 19, the council’s...
Executive Summary The CYFIRMA research team has uncovered multiple websites employing Clickfix tactics to deliver malicious AppleScripts (osascripts). These scripts contain commands designed to st...
Recently, NSFOCUS CERT detected that Gogs issued a security bulletin and fixed the Gogs remote command execution vulnerability (CVE-2024-56731); due to the incomplete CVE-2024-39931 fix, an authent...
Analysis of early files from February 2025 suggests that the GIFTEDCROOK project began as a demo during that period. It subsequently matured and was put into production in March 2025, with new capa...
Overview Imagine that you’re looking at a potential issue that shows up in a Zeek log file. Instead of attaching the entire log file to a response ticket it might make sense to extract just the lin...