Threat

Fortinet FortiGate Under Active Attack via SAML SSO Authentication Bypass

Cybersecurity researchers have confirmed active attacks on Fortinet FortiGate devices exploiting two recently disclosed authentication vulnerabilities, less than a week after they were made public. Arctic Wolf, a cybersecurity firm, reported observing malicious single sign-on (SSO) login attempts on FortiGate appliances on December 12, 2025. The attacks target two critical authentication bypass flaws, tracked as […]

Fortinet FortiGate Under Active Attack via SAML SSO Authentication Bypass Read More »

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

Cybersecurity researchers have confirmed active exploitation of a critical security flaw known as React2Shell, with threat actors using it to deploy multiple Linux based backdoors, including KSwapDoor and ZnDoor. The findings come from independent investigations conducted by Palo Alto Networks Unit 42 and NTT Security. According to Unit 42, KSwapDoor is a highly sophisticated remote

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors Read More »

Amazon Exposes Years Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure

Amazon has released new threat intelligence findings detailing a years long cyber campaign linked to a Russian state sponsored actor that targeted Western critical infrastructure between 2021 and 2025. The activity primarily affected energy sector organizations, critical infrastructure providers in North America and Europe, and companies operating cloud hosted network environments. According to Amazon, the

Amazon Exposes Years Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure Read More »

Phantom Stealer Spreads via ISO Phishing Emails Targeting Russian Finance Sector

Cybersecurity researchers have revealed an active phishing operation targeting multiple sectors across Russia, with a strong focus on finance and accounting organizations. The campaign distributes Phantom Stealer through malicious ISO optical disc images attached to phishing emails. The activity, tracked as Operation MoneyMount ISO, was uncovered by analysts at Seqrite Labs. While finance and accounting

Phantom Stealer Spreads via ISO Phishing Emails Targeting Russian Finance Sector Read More »

Fake OSINT and GPT Utility GitHub Repositories Spread PyStoreRAT Malware Payloads

Cybersecurity researchers have uncovered a new malware distribution campaign that abuses GitHub hosted Python repositories to spread a previously undocumented JavaScript based Remote Access Trojan named PyStoreRAT. The operation relies on fake development tools, OSINT utilities, and GPT related projects to trick analysts and developers into executing malicious loader code. GitHub Repositories Hide Multi Stage

Fake OSINT and GPT Utility GitHub Repositories Spread PyStoreRAT Malware Payloads Read More »

New Advanced Phishing Kits Use AI and MFA Bypass Techniques to Steal Credentials at Scale

Cybersecurity researchers are warning about a new wave of highly advanced phishing kits that are enabling large scale credential theft by combining automation, artificial intelligence, and multi factor authentication bypass techniques. The newly observed toolkits, known as BlackForce, GhostFrame, InboxPrime AI, and Spiderman, represent a growing shift toward industrialized phishing operations. BlackForce Targets MFA Using

New Advanced Phishing Kits Use AI and MFA Bypass Techniques to Steal Credentials at Scale Read More »

React2Shell Exploitation Escalates into Large Scale Global Attacks, Triggering Emergency Mitigation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive to federal agencies, calling for immediate patching of a critical React vulnerability amid escalating global exploitation. Agencies have now been instructed to apply fixes by December 12, 2025, underscoring the growing severity of the threat. The flaw, tracked as CVE-2025-55182 with a

React2Shell Exploitation Escalates into Large Scale Global Attacks, Triggering Emergency Mitigation Read More »

NANOREMOTE Malware Abuses Google Drive API for Stealthy Control of Windows Systems

Cybersecurity researchers have revealed a sophisticated Windows backdoor called NANOREMOTE that leverages the Google Drive API for command-and-control (C2) operations. Elastic Security Labs reported that the malware shows code similarities with FINALDRAFT (aka Squidoor), another implant using Microsoft Graph API for C2, attributed to the suspected Chinese threat cluster REF7707 (also known as CL-STA-0049, Earth

NANOREMOTE Malware Abuses Google Drive API for Stealthy Control of Windows Systems Read More »

React2Shell Exploitation Spreads Crypto Miners and New Malware Across Multiple Sectors

Security researchers are reporting sustained and widespread abuse of the React2Shell vulnerability, with attackers exploiting a maximum severity flaw in React Server Components to deploy cryptocurrency miners and several previously undocumented malware strains. According to new findings released by Huntress, threat actors are actively leveraging CVE-2025-55182, a critical unauthenticated remote code execution vulnerability in React

React2Shell Exploitation Spreads Crypto Miners and New Malware Across Multiple Sectors Read More »

WinRAR Vulnerability CVE-2025-6218 Actively Targeted by Multiple Threat Groups

A newly disclosed security flaw in WinRAR has been added to the U S Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog after investigators confirmed that threat actors are actively abusing it. The flaw, tracked as CVE-2025-6218 with a severity score of 7 point 8, is a path traversal issue that can

WinRAR Vulnerability CVE-2025-6218 Actively Targeted by Multiple Threat Groups Read More »