A critical flaw has been uncovered in BIND 9 resolvers, which could allow attackers to poison DNS caches and redirect users to malicious domains. The vulnerability, tracked as CVE-2025-40778, affects more than 706,000 publicly exposed instances worldwide, according to data from internet scanning company Censys. With a CVSS score of 8.6, the bug arises from […]
Microsoft has released an urgent out-of-band security update to address a critical vulnerability in Windows Server Update Services (WSUS). This flaw, identified as CVE-2025-59287, has a high CVSS score of 9.8 and is being actively exploited, with a publicly available proof-of-concept (PoC) already circulating. The vulnerability is a remote code execution (RCE) issue affecting WSUS
Newly Patched Critical Microsoft WSUS Vulnerability Actively Exploited Read More »
A major ongoing smishing campaign has been traced to over 194,000 malicious domains since January 1, 2024, targeting a wide variety of services around the world, according to recent research from Palo Alto Networks Unit 42. Although many of these domains are registered through a Hong Kong-based registrar and utilize Chinese nameservers, the bulk of
Smishing Triad Connected to 194,000 Malicious Domains in Worldwide Phishing Campaign Read More »
A Pakistan-linked threat actor, identified as Transparent Tribe (APT36), has been observed launching spear-phishing attacks against Indian government entities using a Golang-based remote access trojan (RAT) called DeskRAT. The campaign, active during August and September 2025, continues a series of operations first highlighted by CYFIRMA in August 2025 and now monitored by Sekoia. Attack MethodologyThe
APT36 Targets Indian Government Using Golang-Based DeskRAT Malware Read More »
A large, persistent malicious operation has been abusing YouTube to distribute malware, publishing more than 3,000 deceptive videos since 2021. Check Point researchers call it the YouTube Ghost Network, and the volume of these videos has tripled this year. Google has removed a majority of the offending videos, but the campaign highlights how attackers weaponize
Over 3,000 YouTube Videos Used as Malware Traps in Massive Ghost Network Operation Read More »
A fast-moving supply-chain worm, dubbed GlassWorm by Koi Security, has been found hiding inside multiple Visual Studio Code extensions on the Open VSX Registry and the Microsoft Extension Marketplace. The campaign highlights how developers, and their tooling, are now prime targets for large scale compromise, because extensions can auto-update and run code on developer machines.
A persistent North Korean cyber campaign, known as Operation Dream Job, has resurfaced with a focused wave of attacks against European companies in the defense and aerospace sectors. ESET researchers Peter Kálnai and Alexis Rapin report the activity appears aimed at harvesting proprietary data and manufacturing know-how, especially tied to unmanned aerial vehicle, UAV, development.
Cybersecurity researchers have exposed a cybercriminal group, known as Jingle Thief, that targets cloud systems used by retailers and consumer service companies, to carry out large scale gift card fraud. The group focuses on stealing credentials through phishing and smishing, then uses those credentials to access cloud-based gift card issuance workflows, issue high value cards,
Jingle Thief Gang Exploits Cloud Infrastructure to Steal Millions in Gift Cards Read More »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog. According to the agency, the flaw has been actively exploited in the wild, posing a significant risk to organizations using unpatched versions. Identified as CVE-2025-61932 and rated 9.3 (CVSS
CISA Confirms Active Exploitation of Critical Lanscope Endpoint Manager Vulnerability Read More »
Cybersecurity researchers have revealed a new supply chain attack that targets the NuGet package manager using a malicious typosquat of Nethereum, a well-known Ethereum .NET integration library. The main goal of this attack is to steal crypto wallet keys from unsuspecting developers and users. Malicious Package Discovered The harmful package, named Netherеum.All, was discovered to
Homoglyph Attack in Fake Nethereum NuGet Package Steals Crypto Wallet Keys Read More »