362/68 Wednesday, September 24, 2025 The Steam gaming platform has once again become a vector for cyberattacks after it was discovered that the verified game BlockBlasters was secretly embedding cryptodrainer malware designed to steal digital assets. Attackers employed a strategy of releasing what appeared to be a safe game with positive reviews at first, only […]
361/68 Wednesday, September 24, 2025 Cybersecurity firm Silent Push has revealed the discovery of a new malware strain named CountLoader, deployed by Russian cybercriminal groups linked to LockBit, BlackBasta, and Qilin. CountLoader functions as a malware loader, a program designed to serve as an initial access point for installing other types of malware – including […]
360/68 Wednesday, September 24, 2025 Cyber threats have entered a new era driven by artificial intelligence (AI), pushing the Zero Trust security model – built on the principle of “never trust, always verify” – to face critical challenges. While Zero Trust remains a strong framework for preventing unauthorized access and minimizing damage through network segmentation, […]
359/68 Tuesday, September 23, 2025 Security researchers have discovered that North Korean hackers (DPRK) are leveraging the ClickFix technique to trick job seekers in marketing and cryptocurrency trading roles into installing the BeaverTail and InvisibleFerret malware. The campaign, part of the Contagious Interview operation (also tracked as Gwisin Gang) under the Lazarus Group, began in […]
358/68 Tuesday, September 23, 2025 Fortra, the developer of Managed File Transfer (MFT) solutions, has released a patch to address a critical vulnerability (CVSS Score 10.0) in its GoAnywhere MFT software, tracked as CVE-2025-10035. The flaw is a deserialization vulnerability within the License Servlet, which allows attackers to craft a malicious License Response Signature and […]
357/68 Tuesday, September 23, 2025 Cybersecurity experts have issued a warning about the widespread use of Phishing-as-a-Service (PhaaS) platforms named Lighthouse and Lucid, which are being leveraged as tools to conduct online phishing attacks. These services have been used to target more than 316 well-known global brands across 74 countries. The platforms allow threat actors […]
356/68 Monday, September 22, 2025 Researchers from Radware have disclosed a zero-click vulnerability in ChatGPT’s Deep Research function, named ShadowLeak, which allowed attackers to extract data from Gmail inboxes simply by sending an email containing hidden malicious instructions – without requiring any clicks or interaction from the victim. The attack leveraged text that was almost […]
355/68 Monday, September 22, 2025 Collins Aerospace, a U.S.-based aviation technology company under RTX (formerly Raytheon Technologies), has suffered a cyberattack that disrupted the check-in and boarding systems at several major European airports, including London Heathrow, Brussels, and Berlin. The incident caused widespread delays and cancellations, leaving thousands of passengers facing long queues and hours […]
354/68 Monday, September 22, 2025 LastPass has issued a warning to its users about a malicious campaign in which cybercriminals are creating fake repositories on GitHub to distribute malware disguised as popular software. The attacks specifically target macOS users, tricking them into installing a malware strain called Atomic Infostealer, which is designed to steal sensitive […]
353/68 Friday, September 19, 2025 SonicWall has issued an advisory urging customers to reset their passwords and authentication tokens after discovering that firewall configuration backup files for some MySonicWall accounts were accessed without authorization. The incident raises concerns that attackers could exploit sensitive information, such as passwords, API keys, and tokens, to compromise firewall systems. […]
