Threat actors associated with the Democratic People’s Republic of Korea, also known as North Korea, have emerged as the leading force behind global cryptocurrency theft in 2025. According to a new report released by blockchain intelligence firm Chainalysis, North Korea linked groups are responsible for stealing at least 2.02 billion dollars out of more than […]
A previously undocumented China-aligned threat cluster, tracked as LongNosedGoblin, has been linked to a series of cyber espionage operations targeting government organizations in Southeast Asia and Japan. The activity, uncovered by Slovak cybersecurity firm ESET, has been assessed to be active since at least September 2023, with intelligence collection identified as the primary objective. According
China Aligned Threat Group Abuses Windows Group Policy to Deploy Espionage Malware Read More »
Hewlett Packard Enterprise (HPE) has addressed a critical security vulnerability in its OneView software that, if exploited, could allow remote code execution without authentication. The flaw, tracked as CVE-2025-37164, carries a maximum CVSS score of 10.0, highlighting its severity. HPE OneView is an IT infrastructure management platform that provides centralized control over systems and operations
HPE OneView Flaw CVSS 10.0 Enables Unauthenticated Remote Code Execution Read More »
A new Android malware campaign linked to the North Korean threat actor Kimsuky has been uncovered, using QR code based phishing techniques to distribute an updated variant of malware known as DocSwap. The activity was analyzed by South Korean cybersecurity firm ENKI, which reported that the attackers are impersonating a major logistics provider in South
Kimsuky Spreads DocSwap Android Malware Through QR Phishing Posing as Delivery App Read More »
The United States Cybersecurity and Infrastructure Security Agency has added a critical security flaw affecting ASUS Live Update to its Known Exploited Vulnerabilities (KEV) catalog, citing confirmed evidence of active exploitation. The alert highlights renewed concerns around a long standing supply chain issue tied to the ASUS software ecosystem. The vulnerability, tracked as CVE-2025-59374 with a
CISA Flags Critical ASUS Live Update Flaw Following Evidence of Active Exploitation Read More »
SonicWall has released security updates to address an actively exploited vulnerability affecting its Secure Mobile Access SMA 100 series appliances. The company confirmed that the flaw has been observed in real world attacks, prompting an urgent call for customers to apply the available fixes. The issue, tracked as CVE-2025-40602 with a CVSS score of 6.6,
SonicWall Patches Actively Exploited CVE-2025-40602 in SMA 100 Appliances Read More »
Cybersecurity researchers have uncovered a large scale distributed denial of service botnet named Kimwolf that has compromised approximately 1.8 million Android based devices, including smart TVs, set top boxes, and tablets. The findings were published by researchers at QiAnXin XLab, who noted possible links between Kimwolf and another notorious botnet known as AISURU. According to
Kimwolf Botnet Hijacks 1.8 Million Android TVs to Launch Massive DDoS Attacks Read More »
The Russian state sponsored cyber threat actor widely known as APT28 has been linked to a long running credential harvesting campaign aimed at users of UKR[.]net, a popular Ukrainian webmail and news service. The activity was uncovered by the Insikt Group, the threat intelligence division of Recorded Future, and was observed between June 2024 and
APT28 Targets Ukrainian UKR net Users in Long Running Credential Phishing Campaign Read More »
A new wave of phishing attacks linked to Operation ForumTroll has been observed targeting academic professionals in Russia, according to cybersecurity researchers at Kaspersky. The activity was detected in October 2025, marking a shift in the threat actor’s focus from organizations to individual scholars. Security analysts noted that the campaign primarily targets experts in political
New ForumTroll Phishing Attacks Target Russian Scholars via Fake eLibrary Emails Read More »
A newly identified malware campaign named GhostPoster has been uncovered abusing logo image files embedded within browser extensions to deliver malicious JavaScript code. The operation targeted users of Mozilla Firefox through at least 17 compromised add-ons that collectively recorded more than 50,000 downloads before being removed. The findings were disclosed by Koi Security, which identified
GhostPoster Malware Discovered in 17 Firefox Add ons with Over 50,000 Downloads Read More »