Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks
A widespread campaign aimed at breaching organizations via zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) has been revealed by the US, UK, Canadian and…
Month: September 2025
No Patches for Vulnerabilities Allowing Cognex Industrial Camera Hacking
Some of the industrial cameras made by Cognex are affected by potentially serious vulnerabilities, but they will not receive a patch. The cybersecurity agency CISA…
CISA Warns of Cisco Firewall 0-Day Vulnerabilities Actively Exploited in the Wild
CISA has issued an Emergency Directive mandating immediate action to mitigate two critical zero-day vulnerabilities, CVE-2025-20333 and CVE-2025-20362, actively exploited against Cisco Adaptive Security Appliances (ASA) and select Firepower…
New Botnet ‘Loader-as-a-Service’ Turns Home Routers and IoT into Mirai Farms
CloudSEK has uncovered a sophisticated Loader-as-a-Service botnet campaign spanning the last six months, leveraging exposed command-and-control logs to orchestrate attacks against SOHO routers, embedded Linux…
Archer Health Data Leak Exposes 23GB of Medical Records
A large cache of medical and personal information belonging to patients of Archer Health Inc. was left publicly accessible after a database was found online…
New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module
Sep 26, 2025Ravie LakshmananMalware / Browser Security Cybersecurity researchers have discovered an updated version of a known Apple macOS malware called XCSSET that has been…
New XCSSET macOS Malware Variant Hijacks Cryptocurrency Transactions
An updated variant of the sophisticated XCSSET macOS malware is monitoring the system clipboard to hijack cryptocurrency transactions, Microsoft warns. First observed in the wild…
Product comparison: Detectify vs. Nessus
Nessus Pros Authenticated scanning of internal assets (workstations, network devices). Widely accepted for compliance and audit reporting (e.g., PCI DSS). Cons Core strength is infrastructure,…
Chinese State-Sponsored Hackers Attacking Telecommunications Infrastructure to Harvest Sensitive Data
In late 2024, a new wave of cyber espionage emerged targeting global telecommunications infrastructure. Operating under the moniker Salt Typhoon, this Chinese state-sponsored group has…
Researchers Map Links Between Major Hacker Groups: LAPSUS$, Scattered Spider, ShinyHunters
A loosely connected cybercrime supergroup is exploiting social engineering to compromise Fortune 100 organizations and government agencies. LAPSUS$, Scattered Spider, and ShinyHunters—three of the most…
Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure
Sep 26, 2025Ravie LakshmananVulnerability / Threat Intelligence Cybersecurity company watchTowr Labs has disclosed that it has “credible evidence” of active exploitation of the recently disclosed…
Amazon joins coalition to reduce water usage habits of AI datacentres
Amazon is part of a coalition focused on ensuring artificial intelligence (AI) datacentres use water as efficiently as possible, amid growing concerns about the environmental…