Skip to content
data breach Page 14

data breach

Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations

Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations

Jul 20, 2025Ravie LakshmananZero-Day / Vulnerability A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an “active, large-scale” exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has… 

Read More »Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations
Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack

Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack

Jul 20, 2025Ravie LakshmananDevOps / Threat Intelligence Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers’ npm tokens. The… 

Read More »Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack
Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers

Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers

Jul 20, 2025Ravie LakshmananVulnerability / Threat Intelligence A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2025-54309, the vulnerability carries a CVSS score of… 

Read More »Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers
China’s Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones

China’s Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones

Jul 18, 2025Ravie LakshmananSurveillance / Mobile Security Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that’s used by law enforcement authorities in China to gather information from seized mobile devices. The… 

Read More »China’s Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones
UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns

UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns

Jul 18, 2025Ravie LakshmananCyber Espionage / Malware Multiple sectors in China, Hong Kong, and Pakistan have become the target of a threat activity cluster tracked as UNG0002 (aka Unknown Group 0002) as part of a… 

Read More »UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns
Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks

Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks

Jul 18, 2025Ravie LakshmananMalware / Vulnerability Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure (ICS) appliances.… 

Read More »Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks
CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign

CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign

Jul 18, 2025Ravie LakshmananCyber Attack / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a phishing campaign that’s designed to deliver a malware codenamed LAMEHUG. “An obvious feature of LAMEHUG… 

Read More »CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign
Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices

Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices

Jul 18, 2025Ravie LakshmananBotnet / Network Security Google on Thursday revealed it’s pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX 2.0 botnet and… 

Read More »Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices
Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services

Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services

Jul 18, 2025Ravie LakshmananCloud Security / AI Security Cybersecurity researchers have disclosed a critical container escape vulnerability in the NVIDIA Container Toolkit that could pose a severe threat to managed AI cloud services. The vulnerability,… 

Read More »Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services