The latest Cybersecurity and Infrastructure Security Agency (CISA) advisory reveals that PRC-linked hackers use a backdoor called BRICKSTORM to gain long-term access to VMware vSphere and Windows environments, affecting government and IT networks. This article unpacks the attack chain, impacted sectors and critical defensive steps organizations should take now.
JPCERT confirms that attackers now actively exploit command injection flaws in Zyxel NAS326 and NAS542 devices. These end-of-life NAS units allow threat actors to run arbitrary commands, maintain persistence, and infiltrate internal networks, prompting urgent calls for device isolation and replacement.
The Iran-linked APT MuddyWater has resurfaced with a new, stealthy malware loader disguised as a retro Snake-style game. The loader delivers a memory-only backdoor to Israeli targets. This shift shows how APTs increasingly combine social-engineering and covert execution to bypass defenses.
A critical vulnerability known as React2Shell allows unauthenticated attackers to achieve full remote code execution on React and Next.js servers. This flaw affects default RSC implementations and requires immediate patching to prevent severe compromise across modern web infrastructures.
The Tor network is replacing its legacy relay encryption with Counter Galois Onion (CGO), a research-backed design that hardens Tor against tagging attacks, tampering and modern cryptanalytic threats. This analysis explains how Tor Galois onion encryption works, what changes for users and relay operators, and why it matters for long-term anonymity.
The JSONFormatter compromise shows how “harmless” online code tools quietly leaked passwords, API keys and cloud credentials for years. This article breaks down what happened, why Recent Links became a goldmine for attackers, and how security teams should lock down developer workflows before the next leak.
A cyberattack on Crisis24’s OnSolve CodeRED platform disrupted emergency alerts for cities, counties, police and fire agencies across the U.S. The INC Ransom group claims responsibility, with stolen resident data, clear-text passwords and a rollback to older backups now forcing agencies to rebuild their notification capabilities and review credential hygiene.
The JackFix attack marks the latest evolution of the ClickFix technique. By luring victims through fake adult sites into a full-screen Windows update screen, encoding Run-dialog commands, gating its payload URL, and dropping multiple infostealers through an obfuscated PowerShell script, JackFix sidesteps many earlier ClickFix mitigations and forces defenders to rethink how they handle browser-driven social engineering.
Everest claims it breached Money Mart and stole more than 80,000 internal files from a “National Money Mart Company DataBase,” turning the attack into a major consumer financial data breach. This analysis explains how the Money Mart ransomware attack unfolded, why a payday-loan provider makes an attractive target, and what the incident means for customers and other financial-services firms.
A misconfigured default in the HashiCorp Vault Terraform Provider created a HashiCorp Vault bypass vulnerability in LDAP-backed environments, allowing attackers to authenticate without valid credentials. This analysis explains CVE-2025-13357, real-world impact, and concrete hardening steps for Vault and Terraform.