UNC2891 Hackers Breach ATMs Using Raspberry Pi Devices for Network Access
A Raspberry Pi device that was directly attached to an internal network switch was used by the financially motivated threat actor group UNC2891 to breach…
Month: July 2025
Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install
Jul 31, 2025Ravie LakshmananVulnerability / Website Security Threat actors are actively exploiting a critical security flaw in “Alone – Charity Multipurpose Non-profit WordPress Theme” to…
Gunra Ransomware New Linux Variant Runs Up To 100 Encryption Threads With New Partial Encryption Feature
A sophisticated new Linux variant of Gunra ransomware has emerged, marking a significant escalation in the threat group’s cross-platform capabilities since its initial discovery in…
North Korean APT Hackers Compromise CI/CD Pipelines to Steal Sensitive Data
Sonatype’s automated malware detection systems have exposed a large-scale and ongoing cyber infiltration campaign orchestrated by the North Korea-backed Lazarus Group, also known as Hidden…
Researchers released a decryptor for the FunkSec ransomware
Researchers released a decryptor for the FunkSec ransomware Pierluigi Paganini July 31, 2025 Researchers have released a decryptor for the ransomware FunkSec, allowing victims to…
Qilin Ransomware Leverages TPwSav.sys Driver to Disable EDR Security Measures
Cybercriminals have once again demonstrated their evolving sophistication by weaponizing an obscure Toshiba laptop driver to bypass endpoint detection and response systems. The Qilin ransomware…
Dahua Camera flaws allow remote hacking. Update firmware now
Dahua Camera flaws allow remote hacking. Update firmware now Pierluigi Paganini July 31, 2025 Critical flaws in Dahua cameras let hackers take control remotely. The…
ChatGPT, Gemini, GenAI Tools Vulnerable to Man-in-the-Prompt Attacks
A critical vulnerability affecting popular AI tools, including ChatGPT, Google Gemini, and other generative AI platforms, exposes them to a novel attack vector dubbed “Man-in-the-Prompt.” …
CrushFTP Hit by Critical 0-Day RCE Vulnerability
Security researchers have disclosed a critical zero-day vulnerability in CrushFTP, a popular file transfer server solution, that allows attackers to execute arbitrary commands on affected…
AI is changing the vCISO game
Virtual CISO (vCISO) services have moved from niche to mainstream, with vCISO services adoption 2025 data showing a more than threefold increase in just one…
NIST Secure Software DevSecOps Practices Publication
To support the creation of software that is secure against cyber breaches and free of malicious code, the U.S. Department of Commerce’s National Institute of…
New JSCEAL Attack Targeting Crypto App Users To Steal Credentials and Wallets
A sophisticated new malware campaign targeting cryptocurrency application users has emerged, leveraging compiled JavaScript files and Node.js to steal digital wallets and credentials with unprecedented…