July 26, 2025
Largest Bitcoin exchange MtGox shut down after it had announced to have suffered technical issues that forced the exchange to suspend withdrawals for a week. The world’s largest Bitcoin exchange ...
Apple released a security update to iOS that restores some certificate-validation checks that had apparently been missing for an unspecified amount of time. Last week Apple released a security updat ...
iBanking is a new mobile banking Trojan available for sale in the underground for $5,000 according the RSA's FraudAction Group. The source code for iBanking banking trojan has been leaked onli ...
The South Korea government is working to the development of a cyber weapon to hit North Korean nuclear facilities. It's Information warfare. The tension between North Korea and South Korea is alway ...
A new stealth backdoor has been discovered in the WordPress mu-plugins folder, granting attackers persistent access and control over compromised sites. Sucuri researchers found a stealthy backdoor ...
U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CrushFTP, Google ...
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds two Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security ...
Sophos addressed five Sophos Firewall vulnerabilities that could allow remote attackers to execute arbitrary code. Sophos has fixed five vulnerabilities (CVE-2025-6704, CVE-2025-7624, CVE-2025-738 ...
U.S. U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure ...
Critical vulnerability in Post SMTP plugin risks full site takeover, over 400k sites use it, and nearly half remain unpatched. A critical vulnerability, tracked as CVE-2025-24000 (CVSS of 8.8) in ...
Scattered Spider targets VMware ESXi in North America using social engineering, mainly fake IT help desk calls instead of software exploits. The cybercrime group Scattered Spider (aka 0ktapus, Mud ...
China-linked group Fire Ant exploits VMware and F5 flaws to stealthily breach secure systems, reports cybersecurity firm Sygnia. China-linked cyberespionage group Fire Ant is exploiting VMware and ...
Allianz Life data breach exposed data of most of 1.4M customers via third-party CRM hack using social engineering. Allianz Life confirmed a data breach exposing personal information of most of its ...
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Lookout Discovers Iranian APT MuddyWater ...
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...
An international law enforcement operation seized the dark web data leak site of the BlackSuit ransomware group. A banner on the BlackSuit ransomware group’s TOR data leak sites informs visitors ...
Arizona woman gets 8 years for helping North Korea-linked threat actors to infiltrate 309 U.S. firms with fake IT jobs. Christina Marie Chapman (50) from Arizona, was sentenced to 102 months in pr ...
Operation CargoTalon targets Russia’s aerospace and defense sectors with EAGLET malware, using TTN documents to exfiltrate data. SEQRITE Labs researchers uncovered a cyber-espionage campaign, d ...
Hundreds of LG LNV5110R cameras are affected by an unpatched auth bypass flaw that allows hackers to gain admin access. US Cybersecurity and Infrastructure Security Agency warns that hundreds of L ...
Koske is a new Linux malware designed for cryptomining, likely developed with the help of artificial intelligence. Koske is a new Linux AI-generated malware that was developed for cryptomining act ...
Mitel addressed a critical MiVoice MX-ONE flaw that could allow an unauthenticated attacker to conduct an authentication bypass attack. A critical authentication bypass flaw (CVSS score of 9.4) in ...
New Coyote malware uses Windows UI Automation to steal banking credentials, targeting Brazilian users across 75 banks and crypto platforms. Coyote malware is now the first to exploit Microsoft’s ...
SonicWall addressed a critical vulnerability, tracked as CVE-2025-40599 (CVSS score of 9.1), in SMA 100 appliances SonicWall addressed a critical vulnerability, tracked as CVE-2025-40599 (CVSS sc ...
The DSPM market hit around $1.2 billion in 2024 and should grow to $4.5 billion by 2033 (≈16.5% CAGR). The AI sector is projected to swell from $189 billion in 2023 to $4.8 trillion ...
A new stealth backdoor has been discovered in the WordPress mu-plugins folder, granting attackers persistent access and control over compromised sites. Sucuri researchers found a stealthy backdoor ...
U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CrushFTP, Google ...
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds two Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security ...
Sophos addressed five Sophos Firewall vulnerabilities that could allow remote attackers to execute arbitrary code. Sophos has fixed five vulnerabilities (CVE-2025-6704, CVE-2025-7624, CVE-2025-738 ...
U.S. U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure ...
Critical vulnerability in Post SMTP plugin risks full site takeover, over 400k sites use it, and nearly half remain unpatched. A critical vulnerability, tracked as CVE-2025-24000 (CVSS of 8.8) in ...
Scattered Spider targets VMware ESXi in North America using social engineering, mainly fake IT help desk calls instead of software exploits. The cybercrime group Scattered Spider (aka 0ktapus, Mud ...
China-linked group Fire Ant exploits VMware and F5 flaws to stealthily breach secure systems, reports cybersecurity firm Sygnia. China-linked cyberespionage group Fire Ant is exploiting VMware and ...
Allianz Life data breach exposed data of most of 1.4M customers via third-party CRM hack using social engineering. Allianz Life confirmed a data breach exposing personal information of most of its ...
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Lookout Discovers Iranian APT MuddyWater ...
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...
An international law enforcement operation seized the dark web data leak site of the BlackSuit ransomware group. A banner on the BlackSuit ransomware group’s TOR data leak sites informs visitors ...
Arizona woman gets 8 years for helping North Korea-linked threat actors to infiltrate 309 U.S. firms with fake IT jobs. Christina Marie Chapman (50) from Arizona, was sentenced to 102 months in pr ...
Operation CargoTalon targets Russia’s aerospace and defense sectors with EAGLET malware, using TTN documents to exfiltrate data. SEQRITE Labs researchers uncovered a cyber-espionage campaign, d ...
Hundreds of LG LNV5110R cameras are affected by an unpatched auth bypass flaw that allows hackers to gain admin access. US Cybersecurity and Infrastructure Security Agency warns that hundreds of L ...
Koske is a new Linux malware designed for cryptomining, likely developed with the help of artificial intelligence. Koske is a new Linux AI-generated malware that was developed for cryptomining act ...
Mitel addressed a critical MiVoice MX-ONE flaw that could allow an unauthenticated attacker to conduct an authentication bypass attack. A critical authentication bypass flaw (CVSS score of 9.4) in ...
New Coyote malware uses Windows UI Automation to steal banking credentials, targeting Brazilian users across 75 banks and crypto platforms. Coyote malware is now the first to exploit Microsoft’s ...
SonicWall addressed a critical vulnerability, tracked as CVE-2025-40599 (CVSS score of 9.1), in SMA 100 appliances SonicWall addressed a critical vulnerability, tracked as CVE-2025-40599 (CVSS sc ...
The DSPM market hit around $1.2 billion in 2024 and should grow to $4.5 billion by 2033 (≈16.5% CAGR). The AI sector is projected to swell from $189 billion in 2023 to $4.8 trillion ...
A new stealth backdoor has been discovered in the WordPress mu-plugins folder, granting attackers persistent access and control over compromised sites. Sucuri researchers found a stealthy backdoor ...
U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CrushFTP, Google ...
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds two Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security ...
Sophos addressed five Sophos Firewall vulnerabilities that could allow remote attackers to execute arbitrary code. Sophos has fixed five vulnerabilities (CVE-2025-6704, CVE-2025-7624, CVE-2025-738 ...