Cavalry Werewolf Targets Government Institutions
A highly capable threat actor known as Cavalry Werewolf has launched a complex cyber-espionage campaign against Russian government agencies and industrial organisations. What the Campaign Involves The group uses spear-phishing emails disguised as official communications from the Kyrgyz government, often via compromised or spoofed government-email accounts. Initial access is achieved through password-protected archive attachments hosting […]
NGate Malware Enables ATM Cash Withdrawals
Security researchers from CERT Polska have identified a sophisticated Android-based malware campaign – NGate – that allows criminals to withdraw cash from ATMs using victims’ payment cards without physically taking the card. This attack demonstrates how mobile devices and near-field communication (NFC) capabilities are being weaponised to facilitate highly targeted financial fraud across banking systems. […]
Insider Threats Soar
An unsettling incident has emerged: three U.S. professionals previously working in cybersecurity roles are now indicted for orchestrating a ransomware campaign in partnership with the ALPHV BlackCat ransomware group. What we know The defendants include Ryan Clifford Goldberg (former incident-response manager at Sygnia) and Kevin Tyler Martin (former ransomware negotiator at DigitalMint). Both are charged […]
Misconfigured Jupyter Notebook Deployments
Recent security research has revealed a serious risk in many installations of Jupyter Notebook environments: misconfiguration-not a software bug-can allow attackers to gain root-level privileges on the host system. The vulnerability stems from notebook servers running as root with the terminal API enabled and without authentication, exposing a direct path from notebook access to full […]
AMD Zen 5 RDSEED Vulnerability
A newly disclosed vulnerability in AMD’s latest Zen 5 architecture has raised serious concerns about the reliability of hardware-based random number generation – a cornerstone of modern cryptography and secure computing. The Vulnerability: CVE-2025-62626 (AMD-SB-7055) Researchers have identified a flaw in the RDSEED instruction, a critical component responsible for generating cryptographically secure random numbers in […]
Rhysida Uses Fake PuTTY and Teams Ads
A large-scale malvertising campaign is weaponizing sponsored search results to push a stealthy loader called OysterLoader, also tracked as Broomstick and CleanUpLoader. Attackers place convincing ads on Bing that appear in search results and even inside the Windows 11 Start menu, pointing victims to fake download pages that impersonate legitimate tools such as PuTTY, Microsoft […]
WSUS Flaw Demands Your Immediate Attention
A critical remote code-execution vulnerability (CVE‑2025‑59287) in WSUS has moved from theory to reality: attackers are actively exploiting it in the wild. The flaw allows unauthenticated adversaries to run code with SYSTEM-level privileges on affected servers-opening the door to full network compromise, poisoned updates and lateral attacks. Attack-Chain Summary Researchers observed exploitation starting as early […]
Open-Source Breach
The Akira ransomware group has claimed responsibility for breaching the infrastructure of the open-source productivity suite Apache OpenOffice, reportedly exfiltrating approximately 23 gigabytes of sensitive operational data. The data alleged to have been stolen includes employee records (addresses, phone numbers, dates of birth, driver’s license numbers, Social Security numbers), financial information, and internal documentation covering […]
126 Malicious npm Packages Discovered
A new supply-chain attack dubbed PhantomRaven is putting developers and enterprises alike at serious risk. Security researchers have identified 126 malicious npm packages, collectively downloaded more than 86,000 times, that are actively stealing npm tokens, GitHub credentials and CI/CD pipeline secrets. What makes this campaign particularly dangerous: the packages appear benign in the npm registry […]
Urgent Advisory from Cybersecurity
The CISA and NSA, alongside international partners from Australia and Canada, have issued an urgent security advisory addressing high-risk vulnerabilities tied to on-premises Windows Server Update Services (WSUS) and Microsoft Exchange Server installations. The alert specifically cites exploitation of CVE‑2025‑59287 which allows remote code execution via WSUS, as well as configuration gaps in Exchange that […]