ICYMI: 2025-09-24
Latest Headlines
Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike
UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors
Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models
New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus
iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials
State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability
European Airport Cyberattack Linked to Obscure Ransomware, Suspect Arrested
GitHub Boosting Security in Response to NPM Supply Chain Attacks
SonicWall Updates SMA 100 Appliances to Remove Overstep Malware
Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers
Malicious SVGs in Phishing Campaigns: How to Detect Hidden Redirects and Payloads
Cisco IOS 0-Day RCE Vulnerability Actively Exploited in the Wild
RainyDay, Turian and Naikon Malwares Abuse DLL Search Order to Execute Malicious Loaders
New North Korean IT Worker With Innocent Job Application Get Access to Organization’s Network
Hackers Can Compromise Chromium Browsers in Windows by Loading Arbitrary Extensions
UK Police Arrested Man Linked to Ransomware Attack That Crippeled European Airports
Hackers Can Bypass EDR by Downloading a Malicious File as an In-Memory PE Loader
Weaponized Malwarebytes, LastPass, Citibank, SentinelOne, and Others on GitHub Deliver Malware
OnePlus OxygenOS Vulnerability Allows Any App to Read SMS Data Without Permission
Salesforce CLI Installer Vulnerability Let Attackers Execute Code and Gain SYSTEM-Level Access
Kali Linux 2025.3 released with 10 new tools, wifi enhancements
Cisco warns of IOS zero-day vulnerability exploited in attacks
Unpatched flaw in OnePlus phones lets rogue apps text messages
Police seizes $439 million stolen by cybercrime rings worldwide
Google: Brickstorm malware used to steal U.S. orgs’ data for over a year
UK arrests suspect for RTX ransomware attack causing airport disruptions
PyPI urges users to reset credentials after new phishing attacks
GitHub notifications abused to impersonate Y Combinator for crypto theft
– MTZ