CYBER ATTACK

Go 1.25.6 and 1.24.12 are emergency point releases that the Go programming language team released to fix six serious security vulnerabilities This article explores release go1. . These upd

Key AWS-owned GitHub repositories, including the popular AWS JavaScript SDK that powers the AWS Console itself, were taken over by unauthenticated attackers due to a crucial misconfigurati

The first two publications in the National Security Agency's Zero Trust Implementation Guidelines series, which offer helpful advice to assist organizations in implementing Zero Trust secu

Project Zero has revealed a complex zero-click exploit chain that targets the Pixel 9 smartphone, proving that extremely sophisticated attacks are still feasible even in the face of contem

For versions 1.25.6 and 1.24.12, the Go programming language team has released security updates that fix six serious flaws, including denial-of-service attacks, memory exhaustion, and arbi

UAT-8837 is a suspected China-nexus advanced persistent threat (APT) group that the researcher has identified This article explores exploited uat 8837. . Its primary goal is to obtain init

A sophisticated keylogger attack that targeted the employee store of one of the biggest banks in America has been discovered by cybersecurity researchers, putting over 200,000 employees at

Researchers have discovered CodeBreach, a serious flaw that allows the full takeover of important AWS GitHub repositories, endangering the AWS Console supply chain This article explores sd

Attackers with local administrator access were able to circumvent authentication procedures and obtain unauthorized access to any machine within the same Azure tenant due to a critical vul

The National Computer Virus Emergency Response Center (CVERC) of China has strengthened its assertion that Volt Typhoon, a threat actor, is a hoax. The agency then accused the United States o

A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) The malware makes use of obfuscated JavaScript to slip past security g

For C2 communications, Zloader

In June, Trend Micro and the KnownSec 404 Team published campaigns that distributed Winos

It is estimated that a campaign abusing the recently revealed security flaws compromised up to 2,000 Palo Alto Networks devices. The vulnerabilities in question are a combination of privilege

A Chinese cybersecurity firm and a cyber actor based in Shanghai have been subject to sanctions by the U.S. Treasury Department's Office of Foreign Assets Control. Yin Kecheng, who is associa

Iranian state-sponsored or affiliated threat actors may launch cyberattacks, according to U.S. cybersecurity and intelligence agencies. According to the agencies, there is currently no proof

A new espionage campaign has been revealed by the Security Service of Ukraine (SBU or SSU). It entails enlisting young Ukrainians for illegal activities under the pretense of "quest games." A

All advisory committee memberships have been terminated by the Department of Homeland Security. Members of the Cybersecurity and Infrastructure Security Agency's (CISA) Cyber Safety Review Bo

A common malware called Lumma is made to steal private data. Since 2022, it has been freely offered for sale on the Dark Web. A malicious program called XWorm allows hackers to take remote co

Since early January 2025, threat actors have been using the ClickFix technique to spread the NetSupport RAT remote access trojan. An updated version of the Lumma Stealer malware that uses the

Approximately 2,200 attacks are launched by hackers each day, meaning that someone is attempting to compromise a system every 39 seconds. These days, artificial intelligence (AI) systems are

There is more to this week's cybersecurity news than just headlines and hackers. It's about how we may not even be aware of how digital risks affect our lives. Hackers are positioning themsel

The FBI is urgently requesting public support for a worldwide investigation into sophisticated cyberattacks that target businesses and governmental organizations. Hacking groups supported by

Cyberattacks that targeted UK retailers Marks & Spencer and Co-op in April 2025 were categorized as a "single combined cyber event" Due to a lack of sufficient information regarding the cause

Gamaredon and Turla, two Russian hacking groups, are working together to target and co-compete with Ukrainian entities. Both organizations are thought to be connected to the Russian Federal S

An ongoing campaign that distributes a Windows spyware that has never been documented has targeted Russian organizations. According to cybersecurity vendor Kaspersky, the activity began in Ju

Earlier this year, a major U.S. organization was the target of a suspected Chinese threat actor. The malicious activity was first discovered on April 11, 2024, and it persisted until August.

RedDelta has targeted Vietnam, Cambodia, Taiwan, Mongolia, and Myanmar. A customized version of the PlugX backdoor is allegedly delivered by the China-nexus threat actor. The Communist Party

Online, thousands of personal records purportedly connected to athletes and Saudi Games attendees have been made public. According to cybersecurity firm Resecurity, database dumps from the br

Chinese-speaking areas like Hong Kong, Taiwan, and Mainland China have been the target of numerous cyberattacks. The ValleyRAT payload is delivered by the attacks using a multi-stage loader k