Daily Cyber News

From HealthKick to GOVERSHELL: Tracking the Evolution of UTA0388 Espionage Malware

A China aligned threat actor tracked as UTA0388 has run multiple spear phishing campaigns across North America, Asia, and Europe, with the main aim of delivering a Go based implant known as GOVERSHELL. Volexity reported these operations on Wednesday, noting that initial messages impersonated senior researchers and analysts from fabricated organizations, to trick recipients into […]

From HealthKick to GOVERSHELL: Tracking the Evolution of UTA0388 Espionage Malware Read More »

ThreatsDay Bulletin: MS Teams Breach, MFA Hijacking, $2B Crypto Theft, Apple Siri Investigation & More

Cybersecurity threats are advancing faster than ever, with attackers increasingly combining social engineering, AI-driven manipulation, and cloud exploitation to target systems once deemed secure. From communication platforms to smart devices, every technological convenience simultaneously expands the potential attack surface. This edition of ThreatsDay Bulletin highlights these overlapping risks and the necessary measures to maintain trust in

ThreatsDay Bulletin: MS Teams Breach, MFA Hijacking, $2B Crypto Theft, Apple Siri Investigation & More Read More »

Hackers Breach SonicWall Cloud Firewall Backups, Prompting Urgent Security Reviews

SonicWall revealed on Wednesday that an unauthorized party gained access to firewall configuration backup files of customers using its cloud backup service. The compromised files contain encrypted credentials and configuration data. While the encryption remains active, possession of these files may increase the risk of targeted attacks The company is actively notifying all affected partners

Hackers Breach SonicWall Cloud Firewall Backups, Prompting Urgent Security Reviews Read More »

Mustang Panda Employs New DLL Side Loading Technique to Deploy Malware

Security researchers have observed a renewed Mustang Panda campaign that uses a fresh DLL side-loading method to deliver malicious payloads, targeting Tibetan advocacy groups with politically themed lures. The operation first appeared in June, 2025, and combines archive-based phishing, hidden library files, dynamic API resolution, and periodic task scheduling to maintain persistence and execute stolen

Mustang Panda Employs New DLL Side Loading Technique to Deploy Malware Read More »

Lapsus$ Hunters Launch New Leak Site to Publish Data Stolen from Salesforce

The cybercriminal collective known as Scattered Lapsus$ Hunters has intensified their extortion efforts by launching a dedicated leak portal aimed at publishing stolen Salesforce data. This alliance, which includes prominent threat actors such as ShinyHunters, Scattered Spider, and Lapsus$, represents a new level of sophistication in ransomware-as-a-service operations, specifically targeting one of the most widely

Lapsus$ Hunters Launch New Leak Site to Publish Data Stolen from Salesforce Read More »

Hackers Abuse Legitimate Database Commands to Actively Compromise Databases

A new wave of sophisticated ransomware attacks is targeting organizations worldwide by abusing legitimate database commands, bypassing traditional security tools through “malware-free” operations. Unlike typical ransomware that relies on malicious binaries to encrypt files, attackers are exploiting exposed database services, using standard database functionality to steal, erase, and demand ransom for critical information. This technique

Hackers Abuse Legitimate Database Commands to Actively Compromise Databases Read More »

Crimson Collective Uses AWS Services to Exfiltrate Sensitive Data

A newly surfaced threat actor, calling itself Crimson Collective, has been observed targeting Amazon Web Services, AWS, environments to steal valuable data and pressure organizations with extortion. Recent claims by the group allege they breached Red Hat, taking private repositories from Red Hat’s GitLab instance. This activity signals a worrying shift toward cloud-centric attacks, and

Crimson Collective Uses AWS Services to Exfiltrate Sensitive Data Read More »

FreePBX SQL Injection Flaw Exploited to Alter Database Records

A critical, unauthenticated SQL injection vulnerability in FreePBX is being actively exploited, posing a severe risk to VoIP infrastructures worldwide. Attackers are abusing a web endpoint to inject database entries, create scheduled tasks, and ultimately run arbitrary code on compromised systems. What is affected, and why it matters FreePBX, the web-based administrative interface commonly used

FreePBX SQL Injection Flaw Exploited to Alter Database Records Read More »

CrowdStrike Falcon Windows Sensor Vulnerability Allows Remote Code Execution, File Deletion on Host

CrowdStrike has disclosed two medium-severity vulnerabilities in its Falcon sensor for Windows that could allow attackers, who already have code execution capabilities on a system, to delete arbitrary files. These flaws have been patched in the latest sensor versions, and no evidence of active exploitation has been found so far. Details of the Vulnerabilities The

CrowdStrike Falcon Windows Sensor Vulnerability Allows Remote Code Execution, File Deletion on Host Read More »

Hackers Abuse CSS Properties, Use Hidden-Text Salting to Inject Malicious Code

A rising email evasion technique, called hidden-text salting, is becoming a serious problem for email security, enabling attackers to hide large amounts of irrelevant or misleading content inside otherwise malicious messages. By abusing CSS properties and HTML structure, adversaries keep this content invisible to human recipients while confusing automated detection engines, including signature-based systems and

Hackers Abuse CSS Properties, Use Hidden-Text Salting to Inject Malicious Code Read More »