Executive summary Akamai researchers previously outlined the potential for malicious use of UI automation (UIA). Now, Akamai researchers have analyzed a new variant of the Coyote malware that is t...

Key Takeaways Clickfix abuses trust: The campaign bypasses malware downloads by using fake security prompts to trick users into running terminal commands. AppleScript payloads steal user data: The ...

Key takeaways Not long after its takedown in May, Lumma Stealer is back. From June to July, the number of targeted accounts began resurging. Now, the malware is distributed with more discreet chan...

Varonis Threat Labs is shining a spotlight on a decade-old vulnerability that opens the door to URL spoofing. By exploiting how browsers handle Right-to-Left (RTL) and Left-to-Right (LTR) scripts,...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-30746 Oracle Corporation - O...

Introduction Some time ago, Kaspersky MDR analysts detected a targeted attack against government IT services in the African region. The attackers used hardcoded names of internal services, IP addr...

Intro Cyber-security now ranks among the energy sector’s most acute business risks. Unlike financial scandals such as Wirecard, a single unpatched flaw in operational technology can cascade from da...

Key findings Request for Quote scammers are using vendor supplied financing to steal physical goods. They utilize email and legitimate online quote request forms to reach potential victims. Sophist...

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch c...

Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict DCHSpy is an Android surveillanceware family that Lookout customers have been protected from since 2024. It i...

A critical vulnerability discovered in Livewire, a popular full-stack framework for Laravel applications, exposes millions of web properties to unauthenticated remote command execution attacks. Tr...

Four new samples of Android spyware linked to the Iranian Ministry of Intelligence and Security (MOIS) that collects WhatsApp data, records audio and video, and hunts for files by name, surfaced sh...

A newly rebranded extortion gang known as “World Leaks” breached one of Dell’s product demonstration platforms earlier this month and is now trying to extort the company into paying a ransom. Dell...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-54309 CrushFTP - CrushFTP ...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-54309 CrushFTP - CrushFTP ...

GCHQ’s National Cyber Security Centre reveals Russian military intelligence are behind the use of sophisticated malware dubbed AUTHENTIC ANTICS. Formal attribution comes as the UK Government sancti...

JPCERT/CC Eyes previously introduced the malware SPAWNCHIMERA and DslogdRAT, which were deployed by exploiting vulnerabilities in Ivanti Connect Secure. At JPCERT/CC, we have continued to observe a...

In the summer of 2005, Tan Dailin was a 20-year-old grad student at Sichuan University of Science and Engineering when he came to the attention of the People’s Liberation Army of China. Tan was pa...

A financially-motivated threat actor, active since early 2021, has been targeting Mexican organizations with custom packaged installers that deliver a modified version of AllaKore RAT. Arctic Wolf ...

So far, we’ve seen the Crux ransomware being deployed in three separate incidents. Encrypted files end in the .crux file extension, and ransom notes follow the naming convention crux_readme_[random...