Tag: cyber
-
‘Not clear’ who was behind FCDO hack, says minister, amid reports of China link UK politics live
Chris Bryant confirms October cyber-attack as the Sun names Storm 1849, a Chinese hacker group, as being responsible Reform UK have held on to a seat on Cornwall council in a byelection after a turbulent time for the party in the county.The result shows support remains for Nigel Farage’s party in Cornwall despite a flurry…
-
New Linux Kernel Rust Vulnerability Triggers System Crashes
A critical race condition vulnerability has been discovered in the Linux kernel’s Rust Binder module, potentially causing system crashes and memory corruption. Assigned CVE-2025-68260, this issue affects the kernel’s inter-process communication mechanism and requires immediate attention from system administrators and kernel maintainers. The Vulnerability The vulnerability exists in the Rust Binder component’s death_list handling mechanism.…
-
New Linux Kernel Rust Vulnerability Triggers System Crashes
A critical race condition vulnerability has been discovered in the Linux kernel’s Rust Binder module, potentially causing system crashes and memory corruption. Assigned CVE-2025-68260, this issue affects the kernel’s inter-process communication mechanism and requires immediate attention from system administrators and kernel maintainers. The Vulnerability The vulnerability exists in the Rust Binder component’s death_list handling mechanism.…
-
New Linux Kernel Rust Vulnerability Triggers System Crashes
A critical race condition vulnerability has been discovered in the Linux kernel’s Rust Binder module, potentially causing system crashes and memory corruption. Assigned CVE-2025-68260, this issue affects the kernel’s inter-process communication mechanism and requires immediate attention from system administrators and kernel maintainers. The Vulnerability The vulnerability exists in the Rust Binder component’s death_list handling mechanism.…
-
Microsoft Patches MSMQ Flaw That Affects IIS Web Servers
Microsoft has released an out-of-band security update to address a significant vulnerability in Message Queuing (MSMQ) functionality that impacts Windows 10 systems running IIS web servers and enterprise environments. The flaw, discovered and documented in the December 9, 2025 update (KB5071546), affects Windows 10 version 22H2 and version 21H2. The Vulnerability The MSMQ bug causes…
-
Roundcube Flaws Let Attackers Execute Malicious Scripts
Roundcube, the widely used open-source webmail software, has officially released critical security updates to address two significant vulnerabilities in its 1.6 and 1.5 LTS (Long-Term Support) versions. These flaws could allow attackers to execute malicious scripts or expose sensitive information, posing a risk to organizations and individuals relying on the platform for email communication. The…
-
Amazon Identified North Korean IT Worker by Tracking Keystroke Activity
Amazon has uncovered a North Korean imposter posing as a U.S.-based systems administrator. The discovery was made not through traditional background checks but by analyzing the subtle timing of the worker’s typing. According to a report from Bloomberg, Amazon security specialists flagged the employee due to suspicious >>keystroke input lag.
-
Clop Ransomware Group Targets Gladinet CentreStack Servers to Exfiltrate Data
Tags: attack, corporate, cyber, data, exploit, extortion, group, intelligence, Internet, ransomware, vulnerabilityThe notorious Clop ransomware group has launched a new data extortion campaign targeting internet-facing Gladinet CentreStack file servers, exploiting an unknown vulnerability to steal sensitive corporate information. Incident responders from the Curated Intelligence community first identified this campaign, which marks the latest in a series of Clop attacks targeting enterprise file transfer and storage solutions.…
-
WatchGuard Zero-Day Actively Exploited to Seize Control of Firewalls
WatchGuard has issued an urgent warning regarding a critical zero-day vulnerability in its Firebox firewall appliances that is currently being exploited in the wild. The flaw, tracked as CVE-2025-14733, allows remote attackers to seize control of affected devices without needing any authentication. Technical Details and Impact The vulnerability is an Out-of-Bounds Write flaw located in the iked process, which handles…
-
North Korean Hackers Set Record with $2 Billion Crypto Heist in 2025
North Korean cybercriminals shattered previous records in 2025, stealing at least $2.02 billion in cryptocurrency through a sophisticated campaign that represents the most successful year ever for state-sponsored digital theft despite fewer confirmed attacks. This unprecedented haul marks a 51% increase year-over-year. It brings the regime’s cumulative cryptocurrency theft to a staggering $6.75 billion, cementing…
-
UK Foreign Office victim of cyber-attack in October, says Chris Bryant
Minister says ‘any individual’ at low risk from hack, while Sun reports Chinese cyber gang responsible for breach The UK’s Foreign, Commonwealth and Development Office was hacked in October, the minister Chris Bryant has said.Bryant, a trade minister in Keir Starmer’s government, told Sky News there was a low risk to “any individual” from the…
-
UK Foreign Office victim of cyber-attack in October, says Chris Bryant
Minister says ‘any individual’ at low risk from hack, while Sun reports Chinese cyber gang responsible for breach The UK’s Foreign, Commonwealth and Development Office was hacked in October, the minister Chris Bryant has said.Bryant, a trade minister in Keir Starmer’s government, told Sky News there was a low risk to “any individual” from the…
-
Beyond Rules and Alerts: How Behavioral Threat Analytics Redefines Modern Cyber Defense
Executive Summary Modern cyber adversaries no longer depend on loud malware, obvious exploits, or easily identifiable indicators of compromise. Instead, they leverage legitimate credentials, trusted tools, and native system functions to operate silently within enterprise environments. These attacks are deliberately designed to resemble normal business activity, rendering traditional detection methods ineffective. Behavioral Threat Analytics (BTA)…
-
NuGet Malware Mimic: .NET Integration Library Steals Crypto Wallets and OAuth Tokens
ReversingLabs (RL) researchers have uncovered a sophisticated malware campaign targeting the .NET developer ecosystem via the NuGet package manager. The campaign, which began in July 2025, involves 14 malicious packages designed to mimic legitimate cryptocurrency libraries. These packages are engineered to steal crypto wallets, redirect funds, and exfiltrate Google Ads OAuth tokens, marking a significant…
-
Your car’s web browser may be on the road to cyber ruin
Tags: cyberStudy finds built-in browsers across gadgets often ship years out of date First seen on theregister.com Jump to article: www.theregister.com/2025/12/18/web_browsers_in_devices_security_vulnerabilities/
-
GachiLoader Deploys Payloads Using Obfuscated Node.js Malware
Check Point Research has uncovered a sophisticated malware distribution campaign leveraging the YouTube Ghost Network to deploy GachiLoader, a novel, heavily obfuscated Node.js-based loader designed to deliver the Rhadamanthys infostealer to unsuspecting victims. The campaign, which commenced in December 2024, represents a significant evolution in malware delivery tactics and demonstrates how threat actors continue to…
-
Your car’s web browser may be on the road to cyber ruin
Tags: cyberStudy finds built-in browsers across gadgets often ship years out of date First seen on theregister.com Jump to article: www.theregister.com/2025/12/18/web_browsers_in_devices_security_vulnerabilities/
-
GachiLoader Deploys Payloads Using Obfuscated Node.js Malware
Check Point Research has uncovered a sophisticated malware distribution campaign leveraging the YouTube Ghost Network to deploy GachiLoader, a novel, heavily obfuscated Node.js-based loader designed to deliver the Rhadamanthys infostealer to unsuspecting victims. The campaign, which commenced in December 2024, represents a significant evolution in malware delivery tactics and demonstrates how threat actors continue to…
-
RansomHouse RaaS Enhances Double Extortion with Data Theft and Encryption
RansomHouse, a ransomware-as-a-service (RaaS) operation managed by the threat group Jolly Scorpius, has significantly enhanced its encryption capabilities, marking a critical escalation in the threat landscape. Recent analysis of RansomHouse binaries reveals a sophisticated upgrade from basic linear encryption to a complex multi-layered encryption methodology, demonstrating how ransomware operators continue to evolve their technical sophistication…
-
New Lazarus and Kimsuky Infrastructure Discovered with Active Tools and Tunneling Nodes
Tags: control, credentials, cyber, group, infrastructure, lazarus, network, north-korea, theft, threat, toolSecurity researchers from Hunt.io and Acronis Threat Research Unit have uncovered a sophisticated network of operational infrastructure controlled by North Korean state-sponsored threat actors Lazarus and Kimsuky. The collaborative investigation revealed previously undocumented connections between these groups’ campaigns, exposing active command-and-control servers, credential-theft environments, tunneling nodes, and certificate-linked infrastructure that had remained hidden from public…
-
Beware of Malicious Scripts in Weaponized PDF Purchase Orders
A sophisticated phishing campaign utilizing a weaponized PDF document named “NEW Purchase Order # 52177236.pdf” has been identified, employing legitimate cloud infrastructure and encrypted messaging apps to steal corporate credentials. The attack vector was brought to light after security researchers analyzed a blocked link reported by a customer, revealing a complex chain of obfuscation designed…
-
APT35 Leak Reveals Spreadsheets Containing Domains, Payments, and Server Information
Iranian cyber unit Charming Kitten, officially designated APT35, has long been dismissed as a noisy but relatively unsophisticated threat actor a politically motivated collective known for recycled phishing templates and credential-harvesting pages. Episode 4, the latest intelligence dump, fundamentally rewrites that assessment. What emerges is not a hacker collective but a government department, complete with…
-
HPE OneView Vulnerability Allows Remote Code Execution Attacks
Tags: attack, cloud, cve, cvss, cyber, data, flaw, infrastructure, remote-code-execution, risk, software, vulnerabilityA severe security vulnerability has been discovered in Hewlett Packard Enterprise OneView software, threatening enterprise infrastructure across data centers and hybrid cloud environments. The flaw, tracked as CVE-2025-37164, carries a maximum CVSS 3.1 severity score of 10.0, indicating critical risk requiring immediate remediation. The vulnerability permits unauthenticated remote attackers to execute arbitrary code on affected…
-
New Lazarus and Kimsuky Infrastructure Discovered with Active Tools and Tunneling Nodes
Tags: control, credentials, cyber, group, infrastructure, lazarus, network, north-korea, theft, threat, toolSecurity researchers from Hunt.io and Acronis Threat Research Unit have uncovered a sophisticated network of operational infrastructure controlled by North Korean state-sponsored threat actors Lazarus and Kimsuky. The collaborative investigation revealed previously undocumented connections between these groups’ campaigns, exposing active command-and-control servers, credential-theft environments, tunneling nodes, and certificate-linked infrastructure that had remained hidden from public…
-
FBI Shuts Down Crypto Exchange Linked to Criminal Money Laundering Operations
The United States Attorney’s Office for the Eastern District of Michigan announced a coordinated international enforcement action targeting E-Note, a cryptocurrency exchange allegedly used by transnational cybercriminals to launder money stolen from U.S. healthcare providers and critical infrastructure operators. The operation, conducted with Michigan State Police and international partners, dismantled the online infrastructure supporting the…
-
Beware of Malicious Scripts in Weaponized PDF Purchase Orders
A sophisticated phishing campaign utilizing a weaponized PDF document named “NEW Purchase Order # 52177236.pdf” has been identified, employing legitimate cloud infrastructure and encrypted messaging apps to steal corporate credentials. The attack vector was brought to light after security researchers analyzed a blocked link reported by a customer, revealing a complex chain of obfuscation designed…
-
NuGet Malware Mimic: .NET Integration Library Steals Crypto Wallets and OAuth Tokens
ReversingLabs (RL) researchers have uncovered a sophisticated malware campaign targeting the .NET developer ecosystem via the NuGet package manager. The campaign, which began in July 2025, involves 14 malicious packages designed to mimic legitimate cryptocurrency libraries. These packages are engineered to steal crypto wallets, redirect funds, and exfiltrate Google Ads OAuth tokens, marking a significant…
-
GachiLoader Deploys Payloads Using Obfuscated Node.js Malware
Check Point Research has uncovered a sophisticated malware distribution campaign leveraging the YouTube Ghost Network to deploy GachiLoader, a novel, heavily obfuscated Node.js-based loader designed to deliver the Rhadamanthys infostealer to unsuspecting victims. The campaign, which commenced in December 2024, represents a significant evolution in malware delivery tactics and demonstrates how threat actors continue to…