Researchers have identified a new self-propagating malware campaign dubbed SORVEPOTEL, primarily targeting users in Brazil through the messaging app WhatsApp. This malware spreads via phishing messages that contain malicious ZIP file attachments, which when opened on a desktop, hijack the compromised WhatsApp account to send copies of the malware to the victim’s contacts. The attack is characterized by its focus on rapid propagation rather than data theft or ransomware, indicating a potential shift in cybercriminal tactics aimed more at creating widespread disruption. Most infections have been…
Read More

A cybersecurity threat actor known as Cavalry Werewolf has been targeting Russian state agencies, energy, mining, and manufacturing sectors using malware families like FoalShell and StallionRAT. These attacks were initiated through phishing emails disguised as correspondence from Kyrgyz officials, allowing intruders to execute commands and exfiltrate data via a Telegram bot. Russian cybersecurity vendor BI.ZONE reported that over the past year, at least 500 companies in Russia have been compromised, highlighting a significant vulnerability in the country’s cybersecurity landscape. This inciden…
Read More

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity vulnerability, CVE-2025-4008, affecting Smartbedded Meteobridge to its Known Exploited Vulnerabilities catalog, noting active exploitation risks. This command injection flaw allows unauthenticated attackers to execute arbitrary code due to insecure CGI script handling in a public directory. The vulnerability was first reported by ONEKEY in February 2025 and has been addressed in a software update released on May 13, 2025. This incident underscores the critical need for robust cybersecurity measures, as s…
Read More

Cybersecurity is set to take center stage at the India Mobile Congress (IMC) 2025, reflecting India’s growing digital economy and the rising tide of cyber threats. Valued at USD 9.8 billion in 2024, the cybersecurity market is projected to reach USD 36.8 billion by 2033, driven by increased adoption of 5G, IoT, and cloud services. The IMC, scheduled for October 8-11 in New Delhi, will feature a dedicated Cybersecurity Summit, gathering over 50 senior officials and industry leaders to address key issues such as nationwide threat intelligence and AI-enabled security. This initiative underscores…
Read More

The Indian Computer Emergency Response Team (CERT-In) has issued a warning regarding high-risk security vulnerabilities in Google Chrome that could allow hackers to execute arbitrary code or gain control over affected devices. These vulnerabilities, identified in versions prior to 140.0.7339.207 for Windows, macOS, and Linux, pose a significant threat to user data and system integrity. CERT-In has advised all users, organizations, and businesses to promptly update their browsers to mitigate potential risks of unauthorized access and data theft. This incident underscores the importance of cyber…
Read More

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has announced the conclusion of its funding agreement with the Center for Internet Security (CIS) by September 2025, marking the end of a $27 million annual investment crucial for state and local cybersecurity efforts. This shift is part of CISA’s new model for cybersecurity support that includes grant funding and tools but raises concerns among officials about maintaining threat intelligence-sharing networks amid dwindling resources. The recent cuts to multiple cybersecurity programs highlight a troubling trend that may weaken t…
Read More

A recently patched high-severity vulnerability in VMware, tracked as CVE-2025-41244 with a CVSS score of 7.8, has reportedly been exploited by a Chinese state-sponsored threat actor known as UNC5174 since October 2024. This flaw affects both VMware Aria Operations and VMware Tools, allowing attackers to escalate privileges to root on virtual machines, potentially enabling them to execute code at elevated levels. Despite Broadcom, VMware’s parent company, issuing patches, it faced criticism for not disclosing the in-the-wild exploitation of this zero-day vulnerability in its advisories, which t…
Read More

A recent report by the European Union Agency for Cybersecurity (ENISA) highlights a significant rise in cyber espionage, linking multiple incidents to state-sponsored actors, primarily from China and Russia. Notably, the hacking campaign “Salt Typhoon,” linked to China’s Ministry of State Security, has affected several European nations. The report also identified ransomware as the most pressing threat across the EU, overshadowing the state-backed espionage issue, with distributed denial-of-service (DDoS) attacks being the most frequent type of cyber incident. This trend underscores the urgent…
Read More

Google has launched an AI-powered ransomware detection feature for its Drive for desktop utility, designed to protect users from potential data corruption caused by ransomware attacks. The feature, now in beta for commercial customers, utilizes an AI model trained on millions of ransomware samples to identify signs of malicious file modifications. When an attack is detected, the system automatically pauses file syncing, alerts users, and allows for the restoration of files to a previous state. This proactive approach aims to mitigate the costly disruption that ransomware incidents can cause to…
Read More

Ajeenkya DY Patil University (ADYPU) in Pune has signed a Memorandum of Understanding (MoU) with the Indian Air Force (IAF) to foster collaboration in research, innovation, and technology application in defense. The partnership, attended by senior IAF officials, aims to blend academic excellence with practical defense needs, allowing students to engage with real-world challenges and develop solutions aligned with the IAF’s operational requirements. Faculty and students will work on innovative projects, participate in Air Force innovation challenges, and access incubation facilities for proto…
Read More

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical vulnerability (CVE-2025-32463) in the Linux sudo package, which is being actively exploited in real-world attacks. This flaw allows local attackers to escalate privileges and execute commands with root access even without being listed in the sudoers file, affecting versions 1.9.14 to 1.9.17. CISA has mandated that federal agencies apply mitigations by October 20 or cease using sudo altogether. The vulnerability, disclosed on June 30, has raised significant concerns within the cybersecurit…
Read More

Cybersecurity researchers have identified a new Android banking trojan named Datzbro, which targets elderly individuals by using AI-generated content to promote fraudulent travel events on Facebook. This malware can conduct device takeover attacks, steal credentials, and execute financial fraud through various malicious operations, including keylogging and remote control. Researchers believe the threat is linked to a Chinese-speaking criminal group, as indicated by the malware’s design and command-and-control infrastructure. The emergence of such sophisticated threats underscores the urgent ne…
Read More

Japanese beverage giant Asahi Group Holdings has halted production at its domestic factories following a cyber attack on September 29, which led to significant operational disruptions, including order processing and shipping. With 30 plants across Japan, the company is currently investigating the extent of the production stoppage, although no personal data breaches have been reported. The lack of clarity on when operations will resume raises concerns about the vulnerability of critical infrastructure to cyber threats, highlighting the need for enhanced cybersecurity measures across industries…
Read More

Jaguar Land Rover (JLR), the luxury car division of Tata Motors, is set to resume manufacturing following a phased restart after a recent cyber attack that disrupted operations. The company emphasized its commitment to customer service and production continuity as it navigates recovery efforts. This development is significant not only for JLR’s operational resilience but also reflects the broader challenges faced by the automotive sector in safeguarding against cyber threats, which are increasingly impacting global supply chains. As JLR reintegrates its manufacturing processes, it underscores…
Read More

Cybersecurity experts have raised alarms over the increasing exploitation of Dynamic DNS providers by cybercriminals to establish resilient command and control networks, posing significant risks to corporate security frameworks. Originally designed for legitimate hosting, these services, characterized by minimal oversight and lax regulations, have become tools for malicious actors, allowing them to deploy infrastructure with little fear of detection. Recent analyses reveal that approximately 70,000 domains are being misused, with state-sponsored groups like APT28 and APT29 leveraging these pla…
Read More

The U.S. National Institute of Standards and Technology (NIST) has released the Cybersecurity Framework Version 2.0 Manufacturing Profile, aimed at enhancing risk management in the manufacturing sector amidst rising cyber threats. This profile provides a structured, voluntary approach to bolster cybersecurity measures while aligning with existing standards and industry practices. It emphasizes the importance of managing both operational technology and information technology within interconnected systems to mitigate unique risks associated with manufacturing operations. The broader significance…
Read More

A zero-day local privilege escalation vulnerability, tracked as CVE-2025-41244, affecting VMware Tools and VMware Aria Operations has been actively exploited, allowing unprivileged local attackers to execute code with root privileges. Discovered by Broadcom and reported by NVISO, the flaw stems from an untrusted search path in the get-versions.sh script used for service discovery on virtual machines. The vulnerability has been linked to the threat actor UNC5174, possibly state-sponsored by China, raising concerns about cybersecurity risks associated with virtualized environments. Organizations…
Read More

Bernardo Quintero, previously leading Google’s cybersecurity team, has returned to a hands-on role in a basement lab in Malaga with a youthful team focused on developing “Omnia”, an AI-driven platform for cybersecurity aimed at both experts and the general public. The project automates tasks traditionally performed by cybersecurity analysts and is already being tested by over 800 professionals. Quintero emphasizes the collaborative spirit and innovation within the team, reminiscent of the early days of VirusTotal. This initiative not only promises to enhance cybersecurity practices but also…
Read More

In a concerning incident, BBC Cyber correspondent Joe Tidy was approached by a criminal gang, Medusa, who offered him a significant share of ransom payments for facilitating a hack on the BBC’s IT systems. They promised large financial gains in exchange for insider access, emphasizing the ease with which they have previously corrupted employees at other organizations. The hackers employed aggressive tactics, pushing Tidy for immediate responses and claiming they had successfully exploited numerous victims. This highlights the growing threat posed by insider threats in cybersecurity, underlinin…
Read More

Acreed, a newly emerged infostealer since early 2025, is gaining traction among Russian-speaking cybercriminals for its stealthy approach and minimalistic logging that obscures infection pathways. It typically infects systems via trojanized installers and utilizes advanced mechanisms such as dedicated C2 channels linked to platforms like Steam and BNB Smartchain for secure data exfiltration, targeting browser credentials and cryptocurrency wallets. The malware’s design underscores a significant evolution in cyber threats, employing sophisticated tactics like JavaScript clipper modules to manip…
Read More

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 25-03 due to significant vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower platforms, which are being exploited by advanced threat actors. CISA mandates federal agencies to swiftly identify and mitigate these vulnerabilities, emphasizing the urgent need for inventory and updates on affected devices. The directive highlights the risk of remote code execution and privilege escalation, compelling agencies to disconnect unsupported systems and report any compromises. This situati…
Read More

The Akira ransomware group is actively exploiting a significant vulnerability in SonicWall firewalls, identified as CVE-2024-40766, which has a CVSS score of 9.3. Despite being patched in August 2024, attacks have surged, particularly targeting SSL VPN accounts with multi-factor authentication. Cybersecurity analysts from Arctic Wolf report that the attackers utilize legitimate tools, such as Datto’s remote monitoring solution, to mask their activities, thereby evading detection and carrying out effective intrusions. This situation highlights the urgent need for organizations to enhance their…
Read More

This festive season has witnessed a significant rise in cyber fraud cases in India, with reports indicating a nearly 40% increase in attacks, largely attributed to AI-driven tools. Individuals are becoming targets of personalized scams, as exemplified by a Mumbai content writer who was deceived through a fraudulent request for payment disguised under her roommate’s likeness. Experts note that these sophisticated scams leverage machine learning to create contextually relevant phishing messages that exploit recent search patterns. The implications are profound, highlighting the urgent need for e…
Read More

Jaguar Land Rover (JLR), owned by India’s Tata Motors, has been severely impacted by a cyberattack that halted production for nearly a month, affecting 33,000 employees and destabilizing its global supply chain. In response, the UK government has announced a £1.5 billion loan guarantee to support JLR’s operations and safeguard jobs, highlighting the critical role of cybersecurity in modern industries. The attack has raised concerns not only for JLR, which faces potential losses exceeding £2 billion, but also for the broader automotive sector, emphasizing the vulnerabilities inherent in digit…
Read More

A newly identified DLL hijacking vulnerability, tracked as CVE-2025-56383, in Notepad++ version 8.8.3 poses significant risks, allowing local attackers to execute arbitrary code by replacing legitimate DLL files with malicious versions. This flaw threatens millions of users as it could be exploited without user detection, potentially enabling persistent malware activation each time Notepad++ is launched. As of now, no official patch has been provided by developers, prompting users to download software exclusively from official sources and remain vigilant. The broader significance of this vulne…
Read More