Nov 20, 2025Ravie LakshmananCyber Warfare / Threat Intelligence Threat actors with ties to Iran engaged in cyber warfare as part of efforts to facilitate and enhance physical, real-world attacks, a trend that Amazon has called cyber-enabled kinetic targeting. The development… Read More "Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt"
Nov 20, 2025Ravie LakshmananMalvertising / Artificial Intelligence Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed TamperedChef. The end goal of the attacks is to… Read More "TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign"
Nov 19, 2025Ravie LakshmananAI Security / SaaS Security Malicious actors can exploit default configurations in ServiceNow’s Now Assist generative artificial intelligence (AI) platform and leverage its agentic capabilities to conduct prompt injection attacks. The second-order prompt injection, according to AppOmni,… Read More "ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts"
The challenge facing security leaders is monumental: Securing environments where failure is not an option. Reliance on traditional security postures, such as Endpoint Detection and Response (EDR) to chase threats after they have already entered the network, is fundamentally risky… Read More "How to Use Ringfencing to Prevent the Weaponization of Trusted Software"
Nov 19, 2025Ravie LakshmananVulnerability / Threat Intelligence A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday. The vulnerability in question is… Read More "Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)"
Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named Eternidade Stealer as part of attacks targeting users in Brazil. “It uses Internet Message… Read More "Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices"
Nov 19, 2025Ravie LakshmananVulnerability / Threat Intelligence A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into a massive network. The router… Read More "WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide"
Nov 19, 2025Ravie LakshmananCyber Espionage / Malware The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle (AitM) attacks. EdgeStepper “redirects all DNS queries to an external, malicious hijacking… Read More "EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates"
Nov 19, 2025Ravie LakshmananVulnerability / Network Security Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild. The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of… Read More "Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild"
Nov 18, 2025Ravie LakshmananMalware / Web Security Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service called Adspect to differentiate between real victims and security researchers to ultimately… Read More "Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages"
