Cybercriminals have found a way to turn Velociraptor an open-source DFIR and endpoint monitoring tool into a stealthy persistence mechanism, deploying hidden backdoors on compromised systems. Security researchers warn that trusted forensic tools are increasingly being repurposed for post-exploitation control.
Federal authorities dismantled the ShinyHunters group’s Salesforce-branded extortion site, marking a major victory against cybercrime networks that traded in stolen corporate data and customer credentials.
Security researchers have identified a new StealIt malware campaign abusing the NodeJS SingleFile module to exfiltrate sensitive data from compromised environments. This JavaScript-based threat demonstrates how legitimate developer tools can be turned into effective espionage vectors within open-source ecosystems.
A new Cl0p ransomware breach has hit dozens of organizations across finance, energy, and logistics sectors. Analysts warn the campaign marks a resurgence of the group’s dark-web leak operations, signaling a return to large-scale, supply-chain-style extortion attacks.
The newly discovered ClayRat Android spyware represents one of 2025’s most sophisticated state-sponsored mobile espionage tools. Designed to collect device data, intercept communications, and monitor app activity, ClayRat’s discovery highlights how Android remains a prime target in global intelligence operations.
A critical vulnerability in the Service Finder Bookings plugin bundled with the Service Finder WordPress theme allows unauthenticated attackers to log in as administrators. The flaw, tracked as CVE-2025-5947, is actively exploited in the wild with a CVSS 9.8 rating. Users must patch immediately to prevent takeovers.
Security researchers have exposed a large-scale espionage campaign where Chinese hackers weaponized open-source tools to infiltrate critical infrastructure systems worldwide. The operation showcases a shift toward covert, community-blended tactics where public codebases become vectors for nation-state exploitation.
In 2025 alone, North Korean hacker groups have stolen over $2 billion in cryptocurrency funding state operations and deepening reliance on digital crime. They target exchanges, DeFi bridges, and individual holders, laundering via mixers and OTC channels. This escalation signals a bold shift in DPRK’s cyber financing, demanding vigilance from exchanges and regulators alike.
A misconfigured VTEX cloud bucket exposed personal data of over 6 million shoppers, revealing major gaps in vendor cloud security and breach response.
A Redis vulnerability (CVE-2025-23345) active for 13 years exposes servers to remote code execution. Rated CVSS 10.0, it affects millions of instances.