Weaponized PDFs and LNK Files Used in Windows Attacks
A clandestine campaign in which threat actors are weaponizing a legitimate-looking PDF document, titled “국가정보연구회 소식지 (52호)” (National Intelligence Research Society Newsletter – Issue 52),…
Month: August 2025
Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authentication
Aug 29, 2025Ravie LakshmananThreat Intelligence / Malware Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated…
Smaller Dutch ISPs Targeted In Broader Salt Typhoon Campaign
China-linked espionage actor Salt Typhoon is again in news but this time not for targeting larger telecommunication giants, instead its the smaller internet and hosting…
Experts warn of actively exploited FreePBX zero-day
Experts warn of actively exploited FreePBX zero-day Pierluigi Paganini August 29, 2025 Sangoma warns of an actively exploited FreePBX zero-day affecting systems with publicly exposed…
One Apple Fanboy’s White-hot Anger at the iPad Commercial
Before I go into this, I want to articulate exactly how much of an Apple fanboy I am. I camped for the first iPhone I…
Hackers Leverage Compromised Third-Party SonicWall SSL VPN Credentials to Deploy Sinobi Ransomware
A sophisticated ransomware attack has emerged targeting organizations through compromised third-party managed service provider (MSP) credentials, showcasing the evolving tactics of cybercriminals in 2025. The…
Reduce Fraud Risk with Effective Identity Verification
In a world where transactions occur smoothly across borders and platforms, the need for robust fraud and risk management strategies has become critical. As technology advances, so…
AppSuite PDF Editor Exploit Lets Hackers Run Arbitrary Commands
A sophisticated backdoor in AppSuite PDF Editor that enables threat actors to execute arbitrary commands on compromised Windows systems. Initially flagged as a potentially unwanted…
One Apple Fanboy’s White-hot Anger at the iPad Commercial
Before I go into this, I want to articulate exactly how much of an Apple fanboy I am. I camped for the first iPhone I…
Google Confirms Potential Compromise of All Salesloft Drift Customer Authentication Tokens
Google has confirmed that a security breach involving the Salesloft Drift platform is more extensive than initially reported, potentially compromising all authentication tokens connected to…
Critical Hikvision Vulnerabilities Allow Remote Command Injection
On August 28, 2025, the Hikvision Security Response Center (HSRC) issued Security Advisory SN No. HSRC-202508-01, detailing three critical vulnerabilities affecting various HikCentral products. Collectively…
Cybercrime Moves Beyond Financial Gains
When it comes to cybercrime, the stories are often told in numbers. By 2025, it is expected to cost $10.5 trillion globally. If it were a…