📟 News
Date: 24/07/2025
Analysts at F6 discovered a network of domains used by the group NyashTeam, which distributes malware and provides hosting services to criminals. The group’s clients have attacked users in at least 50 countries worldwide, including Russia. More than 110 domains in the .ru zone used by NyashTeam have been blocked.
Read full article →📟 News
Date: 23/07/2025
Experts from the company Wiz have discovered a critical vulnerability in the Nvidia Container Toolkit. According to the researchers, the issue could pose a significant threat to managed cloud AI services.
Read full article →📟 News
Date: 23/07/2025
Experts from Kaspersky Lab have discovered a new backdoor, GhostContainer, which operates on open-source tools. Researchers believe that the emergence of this malware may be part of a sophisticated targeted campaign aimed at large organizations in Asia, including high-tech enterprises. The attackers are presumably focused on cyber espionage.
Read full article →📟 News
Date: 23/07/2025
Experts from Solar 4RAYS of the “Solar” Group discovered a new hacking group called Proxy Trickster, which engages in cryptocurrency mining and proxyjacking (hijacking control over servers for transformation and sale). Over the course of a year, the attackers targeted nearly 900 servers in 58 countries worldwide, including Russia.
Read full article →📟 News
Date: 22/07/2025
Operators of the phishing campaign PoisonSeed have found a method to bypass FIDO (in this case — FIDO2 with WebAuthn) by exploiting the authentication mechanism between devices implemented in WebAuthn. The attackers deceive victims into approving login requests that originate from fake corporate portals.
Read full article →📟 News
Date: 22/07/2025
Hewlett-Packard Enterprise (HPE) has warned that hardcoded credentials have been discovered in Aruba Instant On access points. These credentials allow bypassing standard device authentication to gain access to the web interface.
Read full article →📟 News
Date: 22/07/2025
The developers of CrushFTP warn about a zero-day vulnerability (CVE-2025-54309), which hackers are already exploiting. This issue allows for administrative access to vulnerable servers through the web interface.
Read full article →📟 News
Date: 22/07/2025
Developers of Arch Linux discovered three malicious packages in the Arch User Repository (AUR). These packages were used to install the Chaos remote access trojan (RAT) on Linux devices.
Read full article →📟 News
Date: 22/07/2025
Critical zero-day vulnerabilities in Microsoft SharePoint (CVE-2025-53770 and CVE-2025-53771) have been actively exploited since the end of last week, compromising at least 85 servers worldwide.
Read full article →📟 News
Date: 21/07/2025
Google has filed a lawsuit against the anonymous operators of the Android botnet BadBox 2.0, accusing them of orchestrating a global fraud scheme targeting the company’s advertising platforms.
Read full article →📟 News
Date: 21/07/2025
The new malware family LameHug utilizes LLM (Large Language Model) to generate commands that are executed on compromised systems running Windows.
Read full article →📟 News
Date: 21/07/2025
Experts at DomainTools discovered that hackers are hiding malicious payloads within DNS records. This simplifies the retrieval of malware binaries, as it eliminates the need to download them from suspicious sites or attach them to emails.
Read full article →📟 News
Date: 21/07/2025
The founder and lead developer of Curl, Daniel Stenberg, announced that due to an abundance of AI-generated junk, he is prepared to completely terminate the project’s bug bounty program. The issue is that he and other maintainers are overwhelmed with bug reports that people are creating with the help of AI.
Read full article →📟 News
Date: 21/07/2025
Google has released fixes for six vulnerabilities in the Chrome browser. One of these vulnerabilities was already being exploited in real attacks to bypass the browser’s sandbox.
Read full article →📟 News
Date: 21/07/2025
Experts have discovered a new variant of the Android malware Konfety with a distorted ZIP structure and other obfuscation techniques that allow it to evade analysis and detection.
Read full article →📟 News
Date: 18/07/2025
Law enforcement reported the dismantling of the Romanian ransomware hacker group Diskstation, which had previously successfully encrypted the systems of several companies in Italy, paralyzing their businesses.
Read full article →📟 News
Date: 18/07/2025
North Korean hackers have deployed 67 malicious packages on npm, through which a new malware loader called XORIndex was distributed. In total, the packages accounted for over 17,000 downloads.
Read full article →📟 News
Date: 18/07/2025
The UK’s National Crime Agency (NCA) arrested four individuals suspected of involvement in attacks on major retailers in the country, including Marks & Spencer, Co-op, and Harrods.
Read full article →📟 News
Date: 18/07/2025
Back in 2012, independent cybersecurity researcher Neil Smith reported to the U.S. government about a vulnerability in a communication standard used in trains. However, the issue has not yet been resolved, and the researcher’s concerns were dismissed for many years.
Read full article →📟 News
Date: 18/07/2025
The ransomware hacking group Interlock is distributing a Remote Access Trojan (RAT) through compromised websites. The hackers use FileFix attacks to deliver the malware.
Read full article →