Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict DCHSpy is an Android surveillanceware family that Lookout customers have been protected from since 2024. It i...
A critical vulnerability discovered in Livewire, a popular full-stack framework for Laravel applications, exposes millions of web properties to unauthenticated remote command execution attacks. Tr...
Four new samples of Android spyware linked to the Iranian Ministry of Intelligence and Security (MOIS) that collects WhatsApp data, records audio and video, and hunts for files by name, surfaced sh...
A newly rebranded extortion gang known as “World Leaks” breached one of Dell’s product demonstration platforms earlier this month and is now trying to extort the company into paying a ransom. Dell...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-54309 CrushFTP - CrushFTP ...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-54309 CrushFTP - CrushFTP ...
GCHQ’s National Cyber Security Centre reveals Russian military intelligence are behind the use of sophisticated malware dubbed AUTHENTIC ANTICS. Formal attribution comes as the UK Government sancti...
JPCERT/CC Eyes previously introduced the malware SPAWNCHIMERA and DslogdRAT, which were deployed by exploiting vulnerabilities in Ivanti Connect Secure. At JPCERT/CC, we have continued to observe a...
In the summer of 2005, Tan Dailin was a 20-year-old grad student at Sichuan University of Science and Engineering when he came to the attention of the People’s Liberation Army of China. Tan was pa...
A financially-motivated threat actor, active since early 2021, has been targeting Mexican organizations with custom packaged installers that deliver a modified version of AllaKore RAT. Arctic Wolf ...
So far, we’ve seen the Crux ransomware being deployed in three separate incidents. Encrypted files end in the .crux file extension, and ransom notes follow the naming convention crux_readme_[random...
On July 16, 2025, Cisco updated its advisory—originally published in late June—to include a third maximum-severity vulnerability affecting Cisco Identity Services Engine (ISE) and ISE-Passive Ident...
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a phishing campaign that’s designed to deliver a malware codenamed LAMEHUG. An obvious feature of LAMEHUG is the ...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2024-13972 Sophos - Sophos Interc...
Last month, a customer contacted us after noticing their WordPress website was unexpectedly redirecting to a spam domain. The redirection occurred approximately 4-5 seconds after a user landed on t...
Threat hunting case study: Lumma infostealer Source: Intel471 Information stealers, or infostealers, are malware applications that hoover enormous amounts of information from machines including lo...
Key Takeaways The Linuxsys cryptominer has been part of a long-running campaign exploiting multiple vulnerabilities with a consistent attacker methodology since at least 2021. The attacker levera...
Wiz Research discovered a critical container escape vulnerability in the NVIDIA Container Toolkit (NCT), which we’ve dubbed #NVIDIAScape. This toolkit powers many AI services offered by cloud and S...
The application is believed to be the successor of MFSocket, a tool that was analyzed in 2019, and which was used by the country’s police for the same purposes. Both applications require physical ...
In April 2025, Cisco Talos identified a Malware-as-a-Service (MaaS) operation that utilized Amadey to deliver payloads. The MaaS operators used fake GitHub accounts to host payloads, tools and Amad...