Daily Cyber News

add a heading (7)

Colt Admits Customer Data Theft Following Ransomware Attack

Colt Technology Services, a leading telecommunications provider, has confirmed that a ransomware attack on August 12, 2025, resulted in the theft of sensitive customer data. The company revealed that attackers gained access to confidential files containing customer information. Soon after, the document titles were leaked on dark web forums, forcing Colt to take urgent containment […]

Colt Admits Customer Data Theft Following Ransomware Attack Read More »

add a heading (5)

South Asian APTs Exploit Novel Tools to Target Military-Adjacent Phones

A highly capable South Asian Advanced Persistent Threat (APT) group has launched a coordinated cyber-espionage campaign aimed at military personnel and defense organizations across Sri Lanka, Bangladesh, Pakistan, and Turkey. The attackers are using a multi-layered strategy that combines targeted phishing with custom Android malware to compromise the smartphones of individuals connected to military institutions.

South Asian APTs Exploit Novel Tools to Target Military-Adjacent Phones Read More »

add a heading (4)

Malicious Go Module Acts as SSH Brute Forcer, Steals Passwords via Telegram

A new and sophisticated supply chain attack has been uncovered, targeting developers through a malicious Go module package. This package disguises itself as a legitimate SSH brute force tool but secretly collects and transmits stolen credentials to cybercriminal operators. Disguised Package with Hidden Malicious Intent The malicious package, named “golang-random-ip-ssh-bruteforce,” promotes itself as a fast

Malicious Go Module Acts as SSH Brute Forcer, Steals Passwords via Telegram Read More »

add a heading (3)

Cryptojacking Attack Exploits Redis Servers to Deploy Miners, Disable Security

A highly advanced cryptojacking campaign has been uncovered, where misconfigured Redis servers are being exploited across multiple regions. The attackers deploy cryptocurrency miners while simultaneously disabling key security defenses, turning exposed systems into long-term profit engines. TA-NATALSTATUS Threat Actor The group behind this operation, tracked as TA-NATALSTATUS, has been active since 2020. However, in 2025

Cryptojacking Attack Exploits Redis Servers to Deploy Miners, Disable Security Read More »

add a heading (2)

Chinese MURKY PANDA Targets Government and Professional Services

A China-linked advanced threat actor, tracked as MURKY PANDA, has become a major concern in global cybersecurity. Since late 2024, the group has been actively targeting government agencies, legal firms, professional services, technology providers, and academic institutions across North America. Advanced Capabilities in Cyber Operations MURKY PANDA is recognized for its ability to exploit cloud

Chinese MURKY PANDA Targets Government and Professional Services Read More »

add a heading

Chinese Hackers Murky, Genesis, Glacial Panda Intensify Cloud and Telecom Espionage

Cybersecurity researchers have raised alarms over increasing cyber-espionage activity linked to China-based threat groups. Among them, Murky Panda, Genesis Panda, and Glacial Panda have been spotlighted for aggressively targeting cloud infrastructures and telecommunications networks to harvest sensitive intelligence. Murky Panda Exploiting Cloud Relationships A recent CrowdStrike report highlights that Murky Panda, also known as Silk

Chinese Hackers Murky, Genesis, Glacial Panda Intensify Cloud and Telecom Espionage Read More »

flaws

Commvault Pre-Auth Exploit Chains Could Allow Remote Code Execution

Commvault has issued critical security updates to patch four vulnerabilities that could allow attackers to execute remote code on vulnerable systems. Affected Versions The flaws exist in Commvault versions prior to 11.36.60. The vulnerabilities are: Discovery and Fixes The vulnerabilities were discovered by Sonny Macdonald and Piotr Bazydlo from watchTowr Labs in April 2025. Commvault

Commvault Pre-Auth Exploit Chains Could Allow Remote Code Execution Read More »

add a heading (1)

Cybercriminals Use CORNFLAKE.V3 Backdoor with ClickFix and Fake CAPTCHA

Threat actors are increasingly using a deceptive method known as ClickFix to spread a powerful backdoor called CORNFLAKE.V3. How ClickFix Works According to Google-owned Mandiant, the campaign is operated by UNC5518, an access-as-a-service group. Attackers lure victims to fake CAPTCHA pages, tricking them into following instructions that ultimately provide attackers with access to their systems.

Cybercriminals Use CORNFLAKE.V3 Backdoor with ClickFix and Fake CAPTCHA Read More »

add a heading (11)

‘QuirkyLoader’ Malware Distributes Infostealers and RATs

A sophisticated malware loader known as QuirkyLoader has emerged as a serious cyber threat, actively spreading prominent infostealers and remote access trojans (RATs) since November 2024. This malware stands out due to its ability to deliver multiple types of malicious payloads, including Agent Tesla, AsyncRAT, FormBook, MassLogger, Remcos, Rhadamanthys, and Snake Keylogger, making it a

‘QuirkyLoader’ Malware Distributes Infostealers and RATs Read More »

Blue Report 2025: Weak Passwords and Compromised Accounts Findings

Security professionals often focus on countering the latest sophisticated attack methods. However, the most damaging breaches frequently stem not from cutting-edge exploits, but from compromised accounts and cracked credentials. Despite widespread awareness, Picus Security’s Blue Report 2025 reveals that many organizations still struggle to prevent password attacks and detect malicious activity using stolen credentials. A

Blue Report 2025: Weak Passwords and Compromised Accounts Findings Read More »