CISA is warning that state-linked threat actors are actively using commercial spyware and remote access trojans to hijack Signal and WhatsApp accounts, weaponize linked devices and deploy zero-click exploits. This article breaks down the campaigns, the tools involved and the specific hardening steps high-value targets should take immediately.
A cyberattack on real-estate finance vendor SitusAMC has raised the risk that documents tied to major banks, including JPMorgan and Citi, may have been exposed. This analysis explains what we know so far, how attackers leverage third-party providers, and what banks and customers should do next.
Between 2024 and 2025, China-linked APT31 conducted a stealthy espionage campaign targeting Russian IT contractors and government integrators. The group masked its command-and-control using legitimate cloud services such as Yandex Cloud and OneDrive, deployed loaders like CloudyLoader via DLL side-loading, and maintained long dwell times within compromised networks. This article decodes APT31’s tool-kit, tactics and persistence model, and offers detection and response guidance for defenders.
Salesforce has flagged a significant incident where applications published by Gainsight enabled unauthorized access to customer data via OAuth tokens. This article breaks down what happened, why third-party integrations are the new attack surface, and how defenders can respond immediately.
Researchers uncovered serious AI bugs across Meta, Nvidia, Microsoft and open-source inference frameworks after tracking a ShadowMQ deserialization pattern built on ZeroMQ and Python pickle. At the same time, new research shows how Cursor’s AI IDE can be hijacked via rogue MCP servers, turning developer workstations into high-value malware delivery platforms if teams ignore AI supply-chain security.
The Washington Post reports a staff data breach tied to an Oracle E-Business Suite zero-day. Nearly 10,000 employees and contractors receive notices as responders verify scope and guide credit protection.
Apache OpenOffice 4.1.16 fixes seven vulnerabilities that allowed silent external content loading and possible memory corruption during CSV import. Update immediately, restrict DDE and Calc external data sources, and replace templates that embed remote URLs. Verify the new prompts and monitor document-triggered network fetches
Rhadamanthys suffered a coordinated disruption as “customers” lost access to panels and servers. With certificate-only logins and Tor sites offline, credential theft pipelines broke. Use the lull to rotate passwords, revoke tokens, scrub loaders, and harden identity before operators relaunch under a new brand.
A new attack variant against Cisco Secure Firewall ASA/FTD can force unexpected reloads, dropping VPNs and disrupting edge traffic. Reduce exposure, apply fixed releases, and harden management access. Validate HA under load and stream telemetry off-box to preserve evidence while you monitor for recurrence.
Seven fresh techniques let attackers leak ChatGPT data through everyday workflows: poisoned search, “q=” one-click links, allowlisted ad redirects, conversation injection, markdown hiding, and memory poisoning. Because exposure rides on normal browsing and memory behavior, prevention requires policy plus proof: sanitize URLs, block bing.com/ck/a, disable Saved Memory for high-risk roles, and validate controls continuously with OWASP LLM Top 10 and MITRE ATLAS as your benchmarks.