North Korean Scammers Are Doing Architectural Design Now
“The plans are being used and being built,” says Michael “Barni” Barnhart, a leading authority in North Korean hacking and cyber threats, who works for…
Month: October 2025
Gladinet CentreStack and Triofox 0-Day Flaw Under Active Attack
Gladinet CentreStack and Triofox have come under active attack as threat actors exploit an unauthenticated local file inclusion flaw (CVE-2025-11371). The flaw lets attackers read…
Payroll Pirates Are Exploiting Trust, Not Technology
Microsoft Threat Intelligence has revealed a spate of financially motivated cyberattacks against universities across the United States. The threat actor, known as Storm-2657, is exploiting…
Apple Bug Bounty Update: Top Payout $2 Million, $35 Million Paid to Date
Apple on Friday announced significant updates to its bug bounty program and the company is now offering up to $2 million for complex exploit chains. …
U.S. CISA adds Grafana flaw to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Grafana flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini October 10, 2025 U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Grafana flaw to…
New Android Malware ClayRat Mimic as WhatsApp, Google Photos to Attack Users
A sophisticated Android spyware campaign dubbed ClayRat has emerged as one of the most concerning mobile threats of 2025, masquerading as popular applications including WhatsApp,…
Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits
Since launching its bug bounty program nearly a decade ago, Apple has always touted notable maximum payouts—$200,000 in 2016 and $1 million in 2019. Now…
RondoDox Botnet Targets Over 50 Vulnerabilities to Compromise Routers, CCTV Systems, and Web Servers
The RondoDox campaign’s “exploit shotgun” method leverages over 50 vulnerabilities across more than 30 vendors to infiltrate network devices, highlighting the urgent need for rapid…
Nothing Phone (2a) Faces Secure Boot Exploit Risk
A newly released proof-of-concept (PoC) exploit has disclosed a severe code-execution vulnerability affecting the Nothing Phone (2a) and the CMF Phone 1, both of which…
FBI takes down BreachForums portal used for Salesforce extortion
The FBI has seized last night all domains for the BreachForums hacking forum operated by the ShinyHunters group mostly as a portal for leaking corporate…
LLM-enabled MalTerminal Malware Leverages GPT-4 To Generate Ransomware Code
Cybersecurity researchers have identified what is believed to be the earliest known instance of malware that leverages a Large Language Model (LLM) to generate malicious…
ClayRat Android Malware Masquerades as WhatsApp & Google Photos
ClayRat, a rapidly evolving Android spyware campaign, has surged in activity over the past three months, with zLabs researchers observing more than 600 unique samples…