Elusive Iranian APT Phishes Influential US Policy Wonks
Iran is spying on American foreign policy influencers. But exactly which of its government’s APTs is responsible remains a mystery.
-
-
CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below – CVE-2025-11371 (CVSS score: 7.5) – A vulnerability in files or directories…
-
Kimsuky Debuts HTTPTroy Backdoor Against South Korea Users
The well-known North Korean threat group continues to improve the obfuscation and anti-analysis features of its attack toolchain.
-
AI App Spending Report: Where Are the Security Tools?
An analysis of startup firm’s spending on AI applications finds the top categories to be productivity and content-generation. Security? Not so much.
-
Pro-Russian Hackers Use Linux VMs to Hide in Windows
A threat actor known as “Curly COMrades” is using Linux VMs to remain undetected in Windows environments while conducting Russia-aligned activities.
-
Europe Sees Increase in Ransomware, Extortion Attacks
European organizations face an escalating cyber threat landscape as attackers leverage geopolitical tensions and AI-enhanced social engineering for attacks.
-
A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces
The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, 2025. “Since its debut, the group’s Telegram channels have been removed and recreated at least 16 times under varying iterations of the original name – a recurring cycle reflecting platform…
-
Europol and Eurojust Dismantle €600 Million Crypto Fraud Network in Global Sweep
Nine people have been arrested in connection with a coordinated law enforcement operation that targeted a cryptocurrency money laundering network that defrauded victims of €600 million (~$688 million). According to a statement released by Eurojust today, the action took place between October 27 and 29 across Cyprus, Spain, and Germany, with the suspects arrested on…
-
SesameOp Backdoor Uses OpenAI API for Covert C2
Malware used in a months-long attack demonstrates how bad actors are misusing generative AI services in unique and stealthy ways.
-
Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks
Details have emerged about a now-patched critical security flaw in the popular “@react-native-community/cli” npm package that could be potentially exploited to run malicious operating system (OS) commands under certain conditions. “The vulnerability allows remote unauthenticated attackers to easily trigger arbitrary OS command execution on the machine running react-native-community/cli’s