Unmasking Akira The ransomware tactics you can’t afford to ignore

Akira is known to have very comparable links to the old Conti cybercrime organisation, including code similarities with the ransomware payload and templated attacks that follow a playbook of proced...

Sep 19, 2025 RESEARCH

Gamaredon X Turla collab

In February 2025, via ESET telemetry, we detected four different Gamaredon-Turla co-compromises in Ukraine. On those machines, Gamaredon deployed a wide range of tools, including PteroLNK, PteroSte...

Sep 19, 2025 MALWARE

2025-09-19 Daily Vulns

NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2023-49564 Nokia - CBIS,NCS ...

Sep 19, 2025 VULNERABILITIES

ShadowLeak Radware Uncovers Zero-Click Attack on ChatGPT

Researchers at Radware uncovered a server-side data theft attack targeting ChatGPT, called ShadowLeak. The experts discovered a zero-click vulnerability in ChatGPT’s Deep Research agent when connec...

Sep 18, 2025 SECURITY

Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware

In the case of LastPass, the fraudulent repositories redirected potential victims to a repository that downloads the Atomic infostealer malware. The threat actors are using Search Engine Optimizati...

Sep 18, 2025 SECURITY

Google Chrome 0-Day Vulnerability Actively Exploited in the Wild – Patch Now

The actively exploited vulnerability, CVE-2025-10585, is a Type Confusion flaw in the V8 JavaScript and WebAssembly engine. Type confusion bugs occur when a program allocates a resource or object ...

Sep 18, 2025 CYBER SECURITY

2025-09-18 Daily Vulns

NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-10604 PHPGurukul - Online Di...

Sep 18, 2025 VULNERABILITIES

Tech Note - BeaverTail variant distributed via malicious repositories and ClickFix lure

We’ve identified infrastructure used to distribute BeaverTail and InvisibleFerret malware variants since at least May 2025. BeaverTail and InvisibleFerret are malware families operated by North Kor...

Sep 17, 2025 APT

ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks

The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens. ShinyHunters told BleepingComputer tha...

Sep 17, 2025 SECURITY

RaccoonO365 Phishing Network Dismantled as Microsoft, Cloudflare Take Down 338 Domains

Microsoft’s Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially motivated threat group behind a phishing-as-a-service (...

Sep 17, 2025 ARREST

How a Plaintext File On Users’ Desktops Exposed Secrets Leads to Akira Ransomware Attacks

A threat actor who gained initial access through a SonicWall VPN device was able to escalate their attack by finding Huntress recovery codes saved in a plaintext file on a user’s desktop. This allo...

Sep 17, 2025 RESEARCH

FinWise Insider Breach Exposes 700K Customer Records to Former Employee

The incident, dubbed the FinWise insider breach, resulted in the exfiltration of sensitive customer records nearly 689,000 names, Social Security numbers, and other personal identifiers via direct ...

Sep 17, 2025 CYBER SECURITY

China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy

Throughout July and August 2025, TA415 conducted spearphishing campaigns targeting United States government, think tank, and academic organizations utilizing U.S.-China economic-themed lures. The r...

Sep 17, 2025 APT

BreachForums Owner Sent to Prison in Resentencing

Fitzpatrick was now resentenced to three years in prison for his role in operating BreachForums and for possessing child sexual abuse material. Launched in March 2022 and also known as Breached, B...

Sep 17, 2025 CYBERSECURITY

Apple backports fix for actively exploited CVE-2025-43300

In August 2025, Apple addressed the actively exploited zero-day CVE-2025-43300 in iOS, iPadOS, and macOS. The vulnerability is a zero-day out-of-bounds write issue that resides in the ImageIO frame...

Sep 17, 2025 SECURITY

2025-09-17 Daily Vulns

NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2024-12367 Vegagrup Software - Ve...

Sep 17, 2025 VULNERABILITIES

Going Underground China-aligned TA415 Conducts U.S.-China Economic Relations Targeting Using VS Code Remote Tunnels

Sep 16, 2025 THREAT INTELLIGENCE

EvilAI malware campaign exploits AI-generated code to breach global critical sectors

Trend Micro reports that EvilAI operators are leveraging AI-generated code and social engineering in a rapidly expanding campaign. The group disguises malware as legitimate applications to bypass s...

Sep 16, 2025 MALWARE

40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials

The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republish...

Sep 16, 2025 SECURITY

2025-09-16 Daily Vulns

NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-10405 itsourcecode - Baptism...

Sep 16, 2025 VULNERABILITIES