The ToolShell bugs are being exploited by cybercriminals and APT groups alike, with the US on the receiving end of 13 percent of all attacks 25 Jul 2025 The ESET research team has released their findings about exploitation of CVE-2025-53770… Read More "ToolShell attacks hit organizations worldwide"
Jul 25, 2025The Hacker NewsArtificial Intelligence / Data Privacy A recent analysis of enterprise data suggests that generative AI tools developed in China are being used extensively by employees in the US and UK, often without oversight or approval from… Read More "Overcoming Risks from Chinese GenAI Tool Usage"
Jul 25, 2025Ravie LakshmananMalware / Threat Intelligence The threat actor known as Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic intelligence. “The campaign employs a five-stage execution chain delivered… Read More "Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files"
Jul 25, 2025Ravie LakshmananCybercrime / Insider Threat The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned a North Korean front company and three associated individuals for their involvement in the fraudulent remote information technology (IT) worker… Read More "U.S. Sanctions Firm Behind N. Korean IT Scheme; Arizona Woman Jailed for Running Laptop Farm"
Bei dem Cyberangriff auf die LUP-Kliniken sind auch Patientendaten abgeflossen. khunkornStudio – shutterstock.com Im Februar 2025 wurden die LUP-Kliniken in Hagenow und Ludwigslust Ziel einer Cyberattacke. Die forensische Ermittlungen haben nun ergeben, dass personenbezogene Daten abgeflossen und im Darknet veröffentlicht… Read More "LUP-Kliniken: Patientendaten nach Cyberangriff im Darknet entdeckt"
Before rushing to prove that you’re not a robot, be wary of deceptive human verification pages as an increasingly popular vector for delivering malware 24 Jul 2025 • , 4 min. read Bots have got a lot to answer for.… Read More "Look out for phony verification pages spreading malware"
BlackSuit’s dark web data leak site and private negotiation panels have been taken offline in what appears to be a large-scale law enforcement operation. On July 24, the ransomware group’s leading site, usually accessible via The Onion Router (TOR), displayed… Read More "BlackSuit Ransomware Group’s Dark Web Sites Seized"
Jul 25, 2025Ravie LakshmananCyber Espionage / Malware Russian aerospace and defense industries have become the target of a cyber espionage campaign that delivers a backdoor called EAGLET to facilitate data exfiltration. The activity, dubbed Operation CargoTalon, has been assigned to… Read More "Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor"
The malware registers itself as a background service, sets up recurring scheduled tasks, and evades detection by concealing its processes from standard monitoring tools. Its adaptive logic, including proxy-checking routines, an intelligent selection among 18 cryptocurrency miners, and fallback behaviors,… Read More "AI-forged panda images hide persistent cryptomining malware ‘Koske’"
ESET Research has been monitoring attacks involving the recently discovered ToolShell zero-day vulnerabilities 24 Jul 2025 • , 5 min. read On July 19th, 2025, Microsoft confirmed that a set of zero-day vulnerabilities in SharePoint Server called ToolShell is being… Read More "An all-you-can-eat buffet for threat actors"
