When Addressing Cyber Attacks in Healthcare, Prevention is Better Than Treatment
No industry is spared from cyber-attacks. But some have greater consequences than others. When a hospital or medical group experiences a breach, people’s private and…
Month: October 2025
Hackers Use ASP.NET Machine Keys to Break Into IIS, Push Malicious Extensions
In September 2025, Texas A&M University System (TAMUS) Cybersecurity, a managed detection and response provider, in collaboration with Elastic Security Labs, uncovered a sophisticated post-exploitation…
More openness on the cards for Apple and Google’s mobile platforms
Following a nine-month investigation, the Competition and Markets Authority (CMA) has designated Google’s provision of its mobile platform with strategic market status (SMS). The CMA…
CISA’s international, industry and academic partnerships slashed
The Trump administration has effectively closed the division of the Cybersecurity and Infrastructure Security Agency that coordinates critical infrastructure cybersecurity improvements with states and local…
New Tykit Phishing Kit Mimics Microsoft 365 Login Pages to Steal Corporate Account Credentials
A sophisticated phishing kit dubbed Tykit, which impersonates Microsoft 365 login pages to harvest corporate credentials. First detected in May 2025, the kit has surged…
Threat Actors Exploiting Azure Blob Storage to Breach Organizational Repositories
Threat actors are increasingly targeting Azure Blob Storage, Microsoft’s flagship object storage solution, to infiltrate organizational repositories and disrupt critical workloads. With its capacity to…
Attackers target retailers’ gift card systems using cloud-only techniques
A newly uncovered attack campaign mounted by suspected Morocco-based attackers has been hitting global retailers and other businesses issuing gift cards. What makes this campaign…
TARmageddon flaw in Async-Tar Rust library allows to smuggle extra archives when the library is processing nested TAR files
TARmageddon flaw in Async-Tar Rust library allows to smuggle extra archives when the library is processing nested TAR files Pierluigi Paganini October 22, 2025 CVE-2025-62518…
PhantomCaptcha ClickFix attack targets Ukraine war relief orgs
A spearphishing attack that lasted a single day targeted members of the Ukrainian regional government administration and organizations critical for the war relief effort in Ukraine,…
Lumma Infostealer Malware Attacks Users to Steal Browser Cookies, Cryptocurrency Wallets and VPN/RDP Accounts
Since its emergence in August 2022, Lumma Infostealer has rapidly become a cornerstone of malware-as-a-service platforms, enabling even unskilled threat actors to harvest high-value credentials.…
Take It from a Former Pen Tester: Zero-Days Aren’t the Problem. One-Days Are.
Let’s set the record straight: the greatest risk to most companies isn’t breaking news. It’s known weaknesses that are left unaddressed due to slow patching,…
Threat Actors Advancing Email Phishing Attacks to Bypass Security Filters
Cybercriminals continue to evolve their email phishing arsenals, reviving legacy tactics while layering on advanced evasions to slip past automated filters and human scrutiny. In…