Arma Reforger And DayZ DDOS Attack Continues, Devs "Making Progress"
Bohemia Interactive has issued a statement in response to the Arma Reforger and DayZ DDOS attack.
Kimsuky hackers use new custom RDP Wrapper for remote access
The North Korean hacking group known as Kimsuky was observed in recent attacks using a custom-built RDP Wrapper and proxy tools to directly access infected machines.
Hackers target Taliban databases
Habib Mohammadi reports: A group of unidentified hackers has breached the Taliban’s databases, leaking documents from 21 ministries and government agencies, some of which appear to be classified, according to reports circulating online. The leaked files reportedly include documents from the Taliban-controlled ministries of finance, justice, foreign affairs, information and culture, telecommunications, and mining, as well as the Supreme Court and the Ministry for the Promotion of Virtue and Prevention of Vice. The hackers have published hundreds of these documents on a website called “Talibleaks.”
Deloitte to provide Rhode Island $5M for ransomware recovery
After a ransomware attack on the state's health and social services system, Deloitte is giving Rhode Island $5 million to help cover expenses.
Code injection attacks using publicly disclosed ASP.NET machine keys
Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ASP.NET machine key to inject malicious code and deliver the Godzilla post-exploitation framework. In the course of investigating, remediating, and building protections against this activity, we observed an insecure practice whereby developers have incorporated various publicly disclosed ASP.NET machine keys from publicly accessible resources, such as code documentation and repositories, which threat actors have used to launch ViewState code injection attacks and perform malicious actions on target servers.
Critical Cisco ISE bug can let attackers run commands as root
Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root.
Spyware maker Paragon terminates contract with Italian government: media reports | TechCrunch
Following allegations of potential abuse, Paragon Solutions has cut off Italy from its spyware systems.
Law enforcement hammered cybercrime in 2024. Is it…
In 2024, authorities took aim at ransomware gangs, malware developers, cybercriminal infrastructure and cryptocurrency thieves. Here's a look at the…
Unpacking the BADBOX Botnet with Censys
Discover BADBOX, a new botnet pre-infecting Android devices—including TVs—via factory malware. Explore supply chain threats from one SSL certificate.
Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers
The Taiwanese hardware maker says it has no plans patch the flaws impacting legacy router models
Zyxel Telnet Vulnerabilities
VulnCheck and partner GreyNoise discovered Zyxel-related vulnerabilities being targeted in the wild. In this blog, VulnCheck describes the vulnerabilities CVE-2024-40891 and CVE-2025-0890.
SparkCat crypto stealer in Google Play and App Store
Kaspersky experts discover iOS and Android apps infected with the SparkCat crypto stealer in Google Play and the App Store. It steals crypto wallet data using an OCR model.
PoC Exploit Released for macOS Kernel Vulnerability CVE-2025-24118 (CVSS 9.8)
Uncover the details of CVE-2025-24118, a critical vulnerability in Apple's MacOS. Understand the risks and the patched versions.
macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed
DPRK 'Contagious Interview' campaign continues to target Mac users with new variants of FERRET malware and Github devs with repo spam.
How Switzerland is caught up in Russia’s propaganda machine
How Russian propaganda challenges Switzerland's neutrality, using disinformation to sway public opinion in the Ukraine war.
Recent Jailbreaks Demonstrate Emerging Threat to DeepSeek
Evaluation of three jailbreaking techniques on DeepSeek shows risks of generating prohibited content. Evaluation of three jailbreaking techniques on DeepSeek shows risks of generating prohibited content.
Live Chat Blog #2: Cisco Webex Connect - Access to millions of chats histories
In July 2024, we identified a vulnerability that resulted in access to millions of live customer support messages for organizations using Cisco Webex Connect.
Exposed SMB: The Hidden Risk Behind ‘WantToCry’ Ransomware Attacks
Learn how the WantToCry ransomware group is exploiting vulnerable SMB (Server Message Block) services to launch devastating attacks. Understand the risks of misconfigured SMB and discover best practices to protect your organization from ransomware.
Eradicating trivial vulnerabilities, at scale
A new NCSC research paper aims to reduce the presence of ‘unforgivable’ vulnerabilities.
DeepSeek’s Popular AI App Is Explicitly Sending US Data to China | WIRED
Amid ongoing fears over TikTok, Chinese generative AI platform DeepSeek says it’s sending heaps of US user data straight to its home country, potentially setting the stage for greater scrutiny.
Tbilisi public transport hacked, playing pro-European messages
Ticket machines for public transport in Georgia’s capital city of Tbilisi, including buses and mini-buses, were reportedly hacked on January 24, playing a series...
Tata Technologies says ransomware attack hit IT assets, investigation ongoing
India's Tata Technologies has disclosed a ransomware attack affecting its IT assets.
X Phishing | Campaign Targeting High Profile Accounts Returns, Promoting Crypto Scams
SentinelLABS has observed an active phishing campaign targeting high-profile X accounts to hijack and exploit them for fraudulent activity.
Swiss tax authority forced to buy Bahamas domain name after URL typo
What do you do if a web address you printed on a physical flyer contains a typo, and you send that flyer to more than 100,000 households? Well, if you're
South Africa’s government-run weather service knocked offline by cyberattack | The Record from Recorded Future News
A cyberattack has forced the government-run South African Weather Service (SAWS) offline, limiting access to a critical service used by the country’s airlines, farmers and allies. The website for SAWS has been down since Sunday evening, according to a statement posted to social media. SAWS has had to use Facebook, X and other sites to share daily information on thunderstorms, wildfires and other weather events.
Active Exploitation of Zero-day Zyxel CPE Vulnerability (CVE-2024-40891)
After identifying a significant overlap between IPs exploiting CVE-2024-40891 and those classified as Mirai, the team investigated a recent variant of Mirai and confirmed that the ability to exploit CVE-2024-40891 has been incorporated into some Mirai strains. GreyNoise is observing active exploitation attempts targeting a zero-day critical command injection vulnerability in Zyxel CPE Series devices tracked as CVE-2024-40891. At this time, the vulnerability is not patched, nor has it been publicly disclosed. Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration. At publication, Censys is reporting over 1,500 vulnerable devices online.
Norway seizes ship suspected of sabotage, says crew are Russian nationals
The Silver Dania is the third ship detained in recent weeks over concerns of intentional damage to subsea infrastructure in the Baltic Sea.
10,000 WordPress Websites Found Delivering MacOS and Windows Malware
Third-party scripts are a key part of the supply chain, giving 3rd party access to sensitive data or allowing malicious actions in the browser of your user. c/side helps you regain control over your website.
Hacker forums Cracked, Nulled and others, seized under FBI's 'Operation Talent'
Hacker forums Cracked[.]io, Nulled[.]to, MySellIX[.]io, and StarkRDP[.]io on Wednesday are seized by the FBI, Europol, and international law enforcement as part of ‘Operation Talent.’ A large ‘‘Operation Talent’ seizure poster was splashed across most of the shady websites by Wednesday afternoon.
Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz Blog
A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams with highly sensitive information.