Cybersecurity News from Across the Internet
Fake npm website used in phishing attack to steal maintainer token, leading to malware in popular JavaScript packages like eslint-config-prettier. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
The China-linked cyber espionage group tracked as APT41 has been attributed to a new campaign targeting government IT services in the African region. “The attackers used hardcoded names of internal services, IP addresses, and proxy servers embedded within their malware,” Kaspersky researchers Denis Kulik and Daniil Pogorelov said. “One of the C2s [command-and-control servers] was … Read More “China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure – The Hacker News” »
Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with the Iranian Ministry of Intelligence and Security (MOIS) and have been distributed to targets by masquerading as VPN apps and Starlink, a satellite internet connection service offered by SpaceX. Mobile security vendor Lookout said it discovered four samples of a surveillanceware tool … Read More “Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents – The Hacker News” »
New samples of DCHSpy, a spyware implant linked to Iranian APT group MuddyWater, were detected by Lookout one week after the start of the Israel-Iran conflict – Read More –
An attack on a US accounting firm delivered PureRAT via Ghost Crypt, involving social engineering and advanced obfuscation techniques – Read More –
An investigation has revealed novel scams using tools like MaisonReceipts, creating realistic fake receipts to resell stolen or counterfeit good – Read More –
Attackers are actively exploiting a critical zero-day vulnerability affecting on-premises Microsoft SharePoint servers, prompting industry heavyweights to sound the alarm over the weekend. Researchers discovered the active, ongoing attack spree Friday afternoon and warnings were issued en masse by Saturday evening. Microsoft released urgent guidance Saturday, advising on-premises SharePoint customers to turn on and properly … Read More “Mass attack spree hits Microsoft SharePoint zero-day defect – CyberScoop” »
Microsoft has released new security updates to fix two serious vulnerabilities affecting on-premises SharePoint servers, warning that attackers… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
The U.S. is stepping into a new cyber era, and it comes not a moment too soon. With the Trump administration’s sweeping $1 billion cyber initiative in the “Big Beautiful Bill” and growing congressional momentum under the 2026 National Defense Authorization Act (NDAA) to strengthen cyber deterrence, we’re seeing a shift in posture that many … Read More “Why it’s time for the US to go on offense in cyberspace – CyberScoop” »
Microsoft has released new security updates to fix two serious vulnerabilities affecting on-premises SharePoint servers, warning that attackers… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
CVE-2025-54309 could allow remote attackers to obtain admin access via HTTPS – Read More –
The hacking group NoName057(16) has been operating since 2022, launching cyber attacks on government organisations, media bodies, critical infrastructure, and private companies in Ukraine, America, Canada, and across Europe in a seeming attempt to silence voices that the group considers anti-Russian. Read more in my article on the Hot for Security blog. – Read More … Read More “Europol targets Kremlin-backed cybercrime gang NoName057(16) – Graham Cluley” »
By 2025, Zero Trust has evolved from a conceptual framework into an essential pillar of modern security. No longer merely theoretical, it’s now a requirement that organizations must adopt. A robust, defensible architecture built on Zero Trust principles does more than satisfy baseline regulatory mandates. It underpins cyber resilience, secures third-party partnerships, and ensures uninterrupted … Read More “Assessing the Role of AI in Zero Trust – The Hacker News” »
Even in well-secured environments, attackers are getting in—not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected. These attacks don’t depend on zero-days. They work by staying unnoticed—slipping through the cracks in what we monitor and what we assume is safe. What once looked suspicious now … Read More “⚡ Weekly Recap: SharePoint 0-Day, Chrome Exploit, macOS Spyware, NVIDIA Toolkit RCE and More – The Hacker News” »
Kaspersky’s SecureList reveals GhostContainer, a new, highly customized backdoor targeting government and high-tech organizations in Asia via Exchange server vulnerabilities. Learn how this APT malware operates and how to stay protected. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
A 72-hour sprint that produced working solutions for one of game development’s hardest problems: making it accessible to non-programmers. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
On-prem SharePoint customers have been told to assume compromise, with attackers observed to be exfiltrating data from victim servers across critical sectors – Read More –
Cybersecurity researchers have disclosed a novel attack technique that allows threat actors to bypass Fast IDentity Online (FIDO) key protections by deceiving users into approving authentication requests from spoofed company login portals. The activity, observed by Expel as part of a phishing campaign in the wild, has been attributed to a threat actor named PoisonSeed, … Read More “PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse – The Hacker News” »
A new attack campaign has compromised more than 3,500 websites worldwide with JavaScript cryptocurrency miners, marking the return of browser-based cryptojacking attacks once popularized by the likes of CoinHive. Although the service has since shuttered after browser makers took steps to ban miner-related apps and add-ons, researchers from the c/side said they found evidence of … Read More “3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics – The Hacker News” »
Hewlett-Packard Enterprise (HPE) has released security updates to address a critical security flaw affecting Instant On Access Points that could allow an attacker to bypass authentication and gain administrative access to susceptible systems. The vulnerability, tracked as CVE-2025-37103, carries a CVSS score of 9.8 out of a maximum of 10.0. “Hard-coded login credentials were found … Read More “Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access – The Hacker News” »
Microsoft on Sunday released security patches for an actively exploited security flaw in SharePoint and also released details of another vulnerability that it said has been addressed with “more robust protections.” The tech giant acknowledged it’s “aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security – … Read More “Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks – The Hacker News” »
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. See CISA’s Alert Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770) for more information and to apply the recommended mitigations. CVE-2025-53770: Microsoft SharePoint Server Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for … Read More “CISA Adds One Known Exploited Vulnerability, CVE-2025-53770 “ToolShell,” to Catalog – All CISA Advisories” »
Trellix exposes SquidLoader malware targeting Hong Kong, Singapore, and Australia’s financial service institutions. Learn about its advanced evasion tactics and stealthy attacks. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
CISA is aware of active exploitation of a new remote code execution (RCE) vulnerability enabling unauthorized access to on-premise SharePoint servers. While the scope and impact continue to be assessed, the new Common Vulnerabilities and Exposures (CVE), CVE-2025-53770, is a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations. This exploitation activity, publicly reported as … Read More “Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770) – All CISA Advisories” »
The financially motivated threat actor known as EncryptHub (aka LARVA-208 and Water Gamayun) has been attributed to a new campaign that’s targeting Web3 developers to infect them with information stealer malware. “LARVA-208 has evolved its tactics, using fake AI platforms (e.g., Norlax AI, mimicking Teampilot) to lure victims with job offers or portfolio review requests,” … Read More “EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware – The Hacker News” »
CloudSEK’s new report uncovers how Chinese cyber syndicates are laundering over $600 million annually in India. Learn about… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers’ npm tokens. The captured tokens were then used to publish malicious versions of the packages directly to the registry without any source code commits or pull requests on their respective … Read More “Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack – The Hacker News” »
A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an “active, large-scale” exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49706 (CVSS score: 6.3), a spoofing bug in Microsoft SharePoint Server that was addressed by the tech giant as part … Read More “Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations – The Hacker News” »
A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2025-54309, the vulnerability carries a CVSS score of 9.0. “CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain … Read More “Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers – The Hacker News” »
Posted by Gabriel Augusto Vaz de Lima via Fulldisclosure on Jul 19 =====[Tempest Security Intelligence]========================================== Multiple vulnerabilities in the web management interface of Intelbras routers Author: Gabriel Lima <gabriel lima () tempest com br > =====[Table of Contents]====================================================== 1. Overview 2. Detailed description 3. Other contexts & solutions 4. Acknowledgements 5. Timeline 6. References … Read More “Multiple vulnerabilities in the web management interface of Intelbras routers – Full Disclosure” »
Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure (ICS) appliances. According to a report published by JPCERT/CC today, the threat actors behind the exploitation of CVE-2025-0282 and CVE-2025-22457 in intrusions observed between December 2024 and July … Read More “Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks – The Hacker News” »
Multiple sectors in China, Hong Kong, and Pakistan have become the target of a threat activity cluster tracked as UNG0002 (aka Unknown Group 0002) as part of a broader cyber espionage campaign. “This threat entity demonstrates a strong preference for using shortcut files (LNK), VBScript, and post-exploitation tools such as Cobalt Strike and Metasploit, while … Read More “UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns – The Hacker News” »
Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that’s used by law enforcement authorities in China to gather information from seized mobile devices. The hacking tool, believed to be a successor of MFSocket, is developed by a Chinese company named SDIC Intelligence Xiamen Information Co., Ltd., which was formerly known as … Read More “China’s Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones – The Hacker News” »
PoisonSeed group tricks users into bypassing FIDO Keys by misusing QR code logins, highlighting new social engineering risk to secure MFA. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-25257 Fortinet FortiWeb SQL Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known … Read More “CISA Adds One Known Exploited Vulnerability to Catalog – All CISA Advisories” »
The US CISA has issued advisories for Industrial Control Systems vulnerabilities affecting multiple vendors including Johnson Controls, ABB, Hitachi Energy, and Schneider Electric – Read More –
As the U.S. government contemplates additional sanctions on Moscow, the United Kingdom went ahead and levied its own Friday against what it said was a group of Russia’s hackers and spies. The sanctions target 18 military intelligence officers and three divisions of the Russian military unit known as the GRU. Cyber operations in support of … Read More “UK sanctions Russian hackers, spies as US weighs its own punishments for Russia – CyberScoop” »
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a phishing campaign that’s designed to deliver a malware codenamed LAMEHUG. “An obvious feature of LAMEHUG is the use of LLM (large language model), used to generate commands based on their textual representation (description),” CERT-UA said in a Thursday advisory. The activity has … Read More “CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign – The Hacker News” »
Russian military intelligence-linked hackers are using a new malware called “Authentic Antics” to secretly access Microsoft cloud email accounts, the UK’s NCSC reports – Read More –
The future of cybersecurity awareness might just be… gluten-based. – Read More – Graham Cluley
Ukraine’s CERT-UA has identified a new AI-powered malware, dubbed “LameHug,” which executes commands on compromised Windows systems in cyber-attacks, targeting the nation’s security and defense sector – Read More –
Cryptominer campaign runs for years using legit sites to spread malware, targeting Linux systems through known bugs and avoiding detection. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
With IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing up data to maintaining operations during an incident. One of the key drivers behind this shift is the growing threat of ransomware, which continues to evolve in both frequency and complexity. Ransomware-as-a-Service (RaaS) platforms have made it possible for even … Read More “From Backup to Cyber Resilience: Why IT Leaders Must Rethink Backup in the Age of Ransomware – The Hacker News” »
Cybersecurity researchers have disclosed a critical container escape vulnerability in the NVIDIA Container Toolkit that could pose a severe threat to managed AI cloud services. The vulnerability, tracked as CVE-2025-23266, carries a CVSS score of 9.0 out of 10.0. It has been codenamed NVIDIAScape by Google-owned cloud security company Wiz. “NVIDIA Container Toolkit for all … Read More “Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services – The Hacker News” »
Google on Thursday revealed it’s pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX 2.0 botnet and residential proxy infrastructure. “The BADBOX 2.0 botnet compromised over 10 million uncertified devices running Android’s open-source software (Android Open Source Project), which lacks Google’s security protections,” – … Read More “Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices – The Hacker News” »
Comparitech found that healthcare ransomware attacks rose 4% in H1 2025, a significantly lower rate than the cross-sector average of 50% – Read More –
A cryptomining botnet active since 2019 has incorporated likely AI-generated Lcryx ransomware into its operations – Read More –
Hackers are exploiting a new TeleMessage SGNL flaw that exposes sensitive data. CISA warns agencies to patch or stop using it by July 22. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
United Natural Foods said the cyberattack that prompted the food distributor and wholesaler to completely shut down its network last month resulted in lost sales of up to $400 million. Executives, during a business update call Wednesday with analysts and investors, said the financial impact from the attack is largely contained to the current quarter, … Read More “United Natural Foods loses up to $400M in sales after cyberattack – CyberScoop” »
Texas adoption agency suffers major data leak, exposing over 1.1M sensitive records including case notes, contact info, and internal communications to public without any security authentication or password. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
