Old Miner, New Tricks H2miner Resurfaces with Lcrypt0rx Ransomware

The FortiCNAPP team, part of FortiGuard Labs, recently investigated a cluster of virtual private servers (VPS) used for Monero mining. The identified samples are associated with prior H2miner campa...

Jul 16, 2025 MALWARE

Global operation targets NoName057(16) pro-Russian cybercrime network

Between 14 and 17 July, a joint international operation, known as Eastwood and coordinated by Europol and Eurojust, targeted the cybercrime network NoName057(16). Law enforcement and judicial autho...

Jul 16, 2025 ARREST

From a Teams Call to a Ransomware Threat Matanbuchus 3.0 MaaS Levels Up

In one of the most recent cases (July 2025), a Morphisec customer was targeted through external Microsoft Teams calls impersonating an IT helpdesk. During this engagement, Quick Assist was activate...

Jul 16, 2025 CYBERSECURITY

2025-07-16 Daily Vulns

NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2024-42650 n/a - n/a NanoMQ...

Jul 16, 2025 VULNERABILITIES

Zyxel security advisory for path traversal vulnerability in APs

Zyxel has released patches to address a path traversal vulnerability in the file_upload-cgi CGI program of certain access point (AP) firmware versions. Users are advised to install these patches fo...

Jul 15, 2025 VULNERABILITY ADVISORY

Ukrainian Hackers Wipe 47TB of Data from Top Russian Military Drone Supplier

Cyber specialists from Ukraine’s Defense Intelligence Directorate (HUR), with support from the “Ukrainian Cyber Alliance” and the hacker group “BO Team,” have carried out a cyberattack on the netwo...

Jul 15, 2025 CYBERSECURITY

Tracking Protestware Spread 28 npm Packages Affected by Payload Targeting Russian-Language Users

Socket’s Threat Research Team recently reported on two npm packages with hidden functionality for Russian-language users visiting Russian domains in a browser. In the last few weeks, the team has f...

Jul 15, 2025 SECURITY

Threat Actors Exploit SVG Files in Stealthy JavaScript Redirects

A new phishing campaign leveraging SVG files to deliver JavaScript-based redirect attacks has been uncovered by cybersecurity researchers. The attack utilizes seemingly benign image files to conce...

Jul 15, 2025 SECURITY

On the Move Fast Flux in the Modern Threat Landscape

Executive summary This report details an investigation into a Fast Flux network observed in 2024. It covers the technical details of the network, its observable infrastructure, the malware associa...

Jul 15, 2025 RESEARCH

Konfety Returns Classic Mobile Threat with New Evasion Techniques

As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team has been actively tracking a new, sophisticated variant of a well-known malware previously reported by...

Jul 15, 2025 MOBILE SECURITY

Hyper-volumetric DDoS attacks skyrocket Cloudflare’s 2025 Q2 DDoS threat report

Key DDoS Insights DDoS attacks continue to break records. During 2025 Q2, Cloudflare automatically blocked the largest ever reported DDoS attacks, peaking at 7.3 terabits per second (Tbps) and 4.8...

Jul 15, 2025 DDOS

2025-07-15 Daily Vulns

NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2020-36847 eemitch - Simple File ...

Jul 15, 2025 VULNERABILITIES

eSIM Vulnerability in Kigen's eUICC Cards Exposes Billions of IoT Devices to Malicious Attacks

Cybersecurity researchers have discovered a new hacking technique that exploits weaknesses in the eSIM technology used in modern smartphones, exposing users to severe risks. The issues impact the ...

Jul 14, 2025 VULNS

The Good, the Bad, and the Encoding An SS7 Bypass Attack

There are two kinds of SS7 commands, my friend: the harmless ones… and the ones that can blow things up… … Okay, that may be an exaggeration, however just like the characters in Spaghetti Westerns...

Jul 14, 2025 SECURITY

KongTuke FileFix Leads to New Interlock RAT Variant

Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT). This new malware, a shi...

Jul 14, 2025 MALWARE

Google Gemini Tricked Into Showing Phishing Message Hidden in Email

The weakness was found by Marco Figueroa and reported through Mozilla’s 0Din bug bounty program, which focuses on gen-AI vulnerabilities. The researcher’s hack involves sending the targeted user a...

Jul 14, 2025 SECURITY

Global Louis Vuitton data breach impacts UK, South Korea, and Turkey

Customers of French luxury retailer Louis Vuitton are being notified of a data breach affecting multiple countries, including the UK, South Korea, and Turkey. The security breach was discovered on...

Jul 14, 2025 DATA BREACH

GLOBAL GROUP Emerging Ransomware-as-a-Service, Supporting AI Driven Negotiation and Mobile Control Panel for Their Affiliates

On June 2, 2025, EclecticIQ analysts observed the emergence of GLOBAL GROUP, a new Ransomware-as-a-Service (RaaS) brand promoted on the Ramp4u forum by the threat actor known as “$$$”. The same act...

Jul 14, 2025 RESEARCH

Forensic journey Breaking down the UserAssist artifact structure

Introduction As members of the Global Emergency Response Team (GERT), we work with forensic artifacts on a daily basis to conduct investigations, and one of the most valuable artifacts is UserAssi...

Jul 14, 2025 TIPS

DOGE Denizen Marko Elez Leaked API Key for xAI

Marko Elez, a 25-year-old employee at Elon Musk’s Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury...