The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely… Read More »ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains… Read More »Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild. The vulnerability (CVE-2026-22679, CVSS score: 9.8)… Read More »Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation (formerly Central) is a… Read More »Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
An active phishing campaign has been observed targeting multiple vectors since at least April 2025, with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote… Read More »Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open… Read More »⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers (MSPs) and hosting providers in the… Read More »Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
The China-based cybercrime group known as Silver Fox has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor. The activity involved… Read More »Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia
On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over… Read More »2026: The Year of AI-Assisted Attacks
A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans, resulting… Read More »Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M