The Warlock ransomware campaign, linked to Chinese threat actors, exploits the ToolShell zero-day vulnerability in Microsoft SharePoint (CVE-2025-53770). This shift towards direct financial cybercrime marks a significant change in tactics among these groups.
Security flaws in Microsoft's Azure ecosystem enable cybercriminals to create deceptive applications that imitate official services like the Azure Portal. Varonis discovered that attackers can bypass safeguards using invisible Unicode characters, leading to potential phishing attacks.
The Russian state-sponsored APT known as Star Blizzard has transitioned to using a new backdoor, MaybeRobot, following the public disclosure of its LostKeys malware. This change comes as the group continues to employ sophisticated infection techniques to target civil society members in Russia.
Over 250 attacks have been reported in just 24 hours targeting Adobe Commerce and Magento due to a critical flaw tracked as CVE-2025-54236. This vulnerability allows for customer account takeovers via the REST API, with only 38% of stores currently patched.
GlassWorm malware is exploiting the OpenVSX marketplace to target developers, highlighting the risks associated with third-party software repositories. Developers are urged to exercise caution when downloading extensions.
Cybersecurity experts have raised concerns about OpenAI's new browser, ChatGPT Atlas, which may be susceptible to attacks that could compromise user data. The browser's features, including 'browser memories' and 'agent mode,' could potentially be exploited through prompt injection attacks, leading to unauthorized access to sensitive information.
Researchers have uncovered a large-scale phishing operation known as Smishing Triad, which utilizes text messages to deceive victims. The campaign involves thousands of malicious actors and has registered approximately 195,000 domains since January 2024, primarily targeting sensitive personal information.
In Q3 2025, Cisco Talos observed a significant rise in ToolShell attacks, primarily targeting public-facing applications, with a notable increase in post-exploitation phishing campaigns. The report emphasizes the importance of network segmentation and rapid patching to mitigate these threats.
%20(1).webp)
A critical path traversal vulnerability in Smithery.ai has exposed over 3,000 hosted AI servers and compromised thousands of API keys. The flaw, stemming from a configuration bug, allows attackers to access sensitive files and execute arbitrary code on the servers.
A serious vulnerability, dubbed TARmageddon (CVE-2025-62518), has been discovered in the async-tar Rust library and its forks, including tokio-tar. This critical flaw could allow attackers to execute arbitrary code through file overwriting attacks, posing significant risks to Rust-based applications.
Threat actors are exploiting X’s generative AI bot Grok to disseminate phishing links, according to ESET researchers. By tricking Grok into providing links in its responses, attackers are circumventing restrictions on promoted posts.
As AI becomes integral to various sectors, the need for robust governance frameworks is critical. California's SB 53 is a pioneering step towards regulating AI, but organizations must proactively implement oversight and accountability measures to manage risks effectively.
The Bitter APT group is leveraging an old vulnerability in WinRAR to deploy new backdoor attacks. This highlights the ongoing threat posed by advanced persistent threats (APTs) that exploit outdated software vulnerabilities.
During the second day of the Pwn2Own Ireland 2025 hacking competition, researchers exploited 56 unique zero-day vulnerabilities, earning $792,750 in cash. Notable exploits included a chain of five security flaws in the Samsung Galaxy S25 and multiple vulnerabilities in various NAS devices and printers.
A vulnerability tracked as CVE-2025-6515 in the Oat++ MCP implementation allows threat actors with HTTP server access to hijack AI agent sessions. This flaw can lead to accelerated session creation and destruction, enabling attackers to exploit session IDs for malicious purposes.
