With the launch of its Cyberspace Force, China has elevated the digital domain to a theatre of war. The Cyberspace Force of the People’s Liberation Army (PLA) is China’s newest military branch, lau...

Last month, we encountered a particularly interesting and complex malware case that stood out from the usual infections we see in compromised WordPress websites. At first glance, the site looked cl...

Regional APT Threat Situation In May 2025, the global threat hunting system of Fuying Lab discovered a total of 44 APT attack activities. These activities are mainly distributed in South Asia, Eas...

Hawaiian Airlines has been hit by a cybersecurity incident, impacting some of its IT systems. The US airline disclosed the “cybersecurity event” in two updates posted on its website on June 26. T...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released two industrial control systems (ICS) advisories highlighting hardware vulnerabilities in Mitsubishi Electric an...

A serious security vulnerability in many Bluetooth headphones allows attackers to read data from the devices remotely and take over connections. This was discovered by researchers from the German s...

On June 25, 2025, French authorities announced that four members of the ShinyHunters (also known as ShinyCorp) cybercriminal group were arrested in multiple French regions for cybercrime activities...

A security incident at a fourth-party supplier earlier this month has led to online service disruption and potential customer data theft, Glasgow City Council has warned. On June 19, the council’s...

Executive Summary The CYFIRMA research team has uncovered multiple websites employing Clickfix tactics to deliver malicious AppleScripts (osascripts). These scripts contain commands designed to st...

Recently, NSFOCUS CERT detected that Gogs issued a security bulletin and fixed the Gogs remote command execution vulnerability (CVE-2024-56731); due to the incomplete CVE-2024-39931 fix, an authent...

Analysis of early files from February 2025 suggests that the GIFTEDCROOK project began as a demo during that period. It subsequently matured and was put into production in March 2025, with new capa...

Overview Imagine that you’re looking at a potential issue that shows up in a Zeek log file. Instead of attaching the entire log file to a response ticket it might make sense to extract just the lin...

Summary Netskope Threat Labs has discovered a campaign using fake installers to deliver the Sainbox RAT and a Hidden rootkit. During our threat hunting activities, we encountered multiple installer...

Source: Cisco Talos Excerpt: Armory Crate and AI Suite are applications used to manage and monitor ASUS motherboards and related components such as the processor, RAM or the increasingly popular ...

Nature of the Vulnerabilities The vulnerabilities, tracked as CVE-2025-20281 and CVE-2025-20282, target specific APIs within Cisco ISE and ISE-PIC. Both can be exploited without any valid credent...

Spammy posts and pages being placed on WordPress websites is one of the most common infections that we come across. The reason being is that the attack is very low-level in terms of sophistication:...

GreyNoise has identified a notable surge in scanning activity targeting MOVEit Transfer systems, beginning on May 27, 2025. Prior to this date, scanning was minimal—typically fewer than 10 IPs obse...

A critical vulnerability in Realtek’s Bluetooth Low Energy (BLE) implementation enables attackers to launch denial-of-service (DoS) attacks during device pairing. The flaw (CVE-2024-48290) affects...

Since November 2024, Blind Eagle actors have been conducting an ongoing campaign targeting Colombian organizations. In this campaign, threat actors have been observed using phishing emails to deliv...

Key findings Amid ongoing tensions between Iran and Israel, the Iranian threat group Educated Manticore, associated with the Islamic Revolutionary Guard Corps, has launched spear-phishing campaign...