The U.S. Federal Bureau of Investigation (FBI) has revealed that it has observed the notorious cybercrime group Scattered Spider broadening its targeting footprint to strike the airline sector.
To that end, the agency said it's actively working with aviation and industry partners to combat the activity and help victims.
"These actors rely on social engineering techniques, often impersonating
The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent intelligence-gathering tool.
"Recent campaigns in June 2025 demonstrate GIFTEDCROOK's enhanced ability to exfiltrate a broad range of sensitive documents from the devices of targeted individuals, including potentially proprietary files and
Facebook, the social network platform owned by Meta, is asking for users to upload pictures from their phones to suggest collages, recaps, and other ideas using artificial intelligence (AI), including those that have not been directly uploaded to the service.
According to TechCrunch, which first reported the feature, users are being served a new pop-up message asking for permission to "allow
Threat hunters have discovered a network of more than 1,000 compromised small office and home office (SOHO) devices that have been used to facilitate a prolonged cyber espionage infrastructure campaign for China-nexus hacking groups.
The Operational Relay Box (ORB) network has been codenamed LapDogs by SecurityScorecard's STRIKE team.
"The LapDogs network has a high concentration of victims
A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community.
The spear-phishing attacks leveraged topics related to Tibet, such as the 9th World Parliamentarians' Convention on Tibet (WPCT), China's education policy in the Tibet Autonomous Region (TAR), and a recently published book by the 14th Dalai Lama,
Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today’s security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending.
At the same time, SOC inefficiencies are draining resources. Studies show that up to half of all
A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit.
The activity has been attributed with medium confidence to a Chinese hacking group called Silver Fox (aka Void Arachne), citing similarities in tradecraft with previous campaigns attributed to the threat actor.
Threat intelligence firm GreyNoise is warning of a "notable surge" in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025—suggesting that attackers may be preparing for another mass exploitation campaign or probing for unpatched systems.MOVEit Transfer is a popular managed file transfer solution used by businesses and government agencies to share sensitive data
Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft's ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors.
"The campaign exhibits characteristics aligned with Chinese-affiliated threat actors, though attribution remains cautious," Trellix researchers Nico Paulo
Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry ("open-vsx[.]org") that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk.
"This vulnerability provides attackers full control over the entire extensions marketplace, and in turn, full control
Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could permit an unauthenticated attacker to execute arbitrary commands as the root user.
The vulnerabilities, assigned the CVE identifiers CVE-2025-20281 and CVE-2025-20282, carry a CVSS score of 10.0 each. A description of the defects is
The ClickFix social engineering tactic as an initial access vector using fake CAPTCHA verifications increased by 517% between the second half of 2024 and the first half of this year, according to data from ESET.
"The list of threats that ClickFix attacks lead to is growing by the day, including infostealers, ransomware, remote access trojans, cryptominers, post-exploitation tools, and even
SaaS Adoption is Skyrocketing, Resilience Hasn’t Kept Pace
SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience.
It doesn’t.
These platforms weren’t built with full-scale data
An Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps (IRGC) has been linked to a spear-phishing campaign targeting journalists, high-profile cyber security experts, and computer science professors in Israel.
"In some of those campaigns, Israeli technology and cyber security professionals were approached by attackers who posed as fictitious assistants to
Cybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July 2023 using a mix of open-source and publicly available tools to maintain access.
Palo Alto Networks Unit 42 is tracking the activity under the moniker CL-CRI-1014, where "CL" refers to "cluster" and "CRI" stands for "criminal motivation."
It's suspected
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The list of vulnerabilities is as follows -
CVE-2024-54085 (CVSS score: 10.0) - An authentication bypass by spoofing
Popular messaging platform WhatsApp has added a new artificial intelligence (AI)-powered feature that leverages its in-house solution Meta AI to summarize unread messages in chats.
The feature, called Message Summaries, is currently rolling out in the English language to users in the United States, with plans to bring it to other regions and languages later this year.
It "uses Meta AI to
New research has uncovered continued risk from a known security weakness in Microsoft's Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service (SaaS) applications.
Identity security company Semperis, in an analysis of 104 SaaS applications, found nine of them to be vulnerable to Entra ID cross-tenant nOAuth abuse.
First disclosed by
Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild.
The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0.
It has been described as a case of memory overflow that could result in unintended control flow and denial-of-service. However, successful exploitation requires the
Connexion
