CISA, FBI, EPA, and DoE warn of cyberattacks on the U.S. Energy sector carried out by unsophisticated cyber actors targeting ICS/SCADA systems. The US cybersecurity agency CISA, the FBI, EPA, and the DoE issued a joint alert to warn of cyberattacks targeting US-based organizations in the oil and natural gas sector. Unsophisticated threat actors are […]
NSO Group must pay WhatsApp over $167M in damages for a 2019 hack targeting 1,400+ users, per U.S. jury ruling after a five-year legal battle. A U.S. jury ordered NSO Group to pay WhatsApp over $167M for using Pegasus spyware to target over 1,400 people, violating U.S. laws. After a five-year legal battle, a jury […]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FreeType flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a FreeType flaw, tracked as CVE-2025-27363 (CVSS score of 8.1), to its Known Exploited Vulnerabilities (KEV) catalog. In mid-March, Meta warned that the out-of-bounds write vulnerability CVE-2025-27363 may have been actively exploited in attacks. “An out […]
Threat actors launch second wave of attacks on SAP NetWeaver, exploiting webshells from a recent zero-day vulnerability. In April, ReliaQuest researchers warned that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver is potentially being exploited. Thousands of internet-facing applications are potentially at risk. The flaw in SAP NetWeaver Visual Composer Metadata Uploader […]
A new BYOI technique lets attackers bypass SentinelOne EDR, disable protection, and deploy Babuk ransomware by exploiting the agent upgrade process. Aon’s Stroz Friedberg discovered a new “Bring Your Own Installer” (BYOI) EDR bypass technique that exploits a flaw in SentinelOne’s upgrade process to bypass its anti-tamper protections, leaving endpoints unprotected. Stroz Friedberg researchers did […]
MintsLoader is a malware loader delivering the GhostWeaver RAT via a multi-stage chain using obfuscated JavaScript and PowerShell. Recorded Future researchers observed MintsLoader delivering payloads like GhostWeaver via obfuscated scripts, evading detection with sandbox/VM checks, and uses DGA and HTTP C2. MintsLoader is a malware loader that was first spotted in 2024, the loader has […]
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape io_uring Is Back, This Time as a Rootkit I StealC You: Tracking the Rapid Changes To StealC Interesting WordPress Malware Disguised as Legitimate Anti-Malware Plugin Using Trusted Protocols Against You: Gmail as a C2 Mechanism […]
The Rhysida Ransomware gang claims the hack of the Government of Peru, the gang breached Gob.pe, the Single Digital Platform of the Peruvian State. The Rhysida ransomware gang claims responsibility for hacking the Government of Peru, breaching Gob.pe, which is the country’s official digital platform. The group published the images of multiple documents allegedly stolen […]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Yii Framework and Commvault Command Center flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: […]
Microsoft announced that all new accounts will be “passwordless by default” to increase their level of security. Microsoft now makes all new accounts “passwordless by default,” enhancing protection against social engineering attacks, phishing, brute-force, and credential stuffing attacks. “As part of this simplified UX, we’re changing the default behavior for new accounts. Brand new Microsoft […]