Category: Cyber

Weekly Cyber Intelligence Brief Global Threats & Breaches

Weekly Cyber Intelligence Brief Global Threats & Breaches

This week’s cybersecurity landscape highlights how both private enterprises and government institutions remain under relentless attack from a variety of threat actors. From ransomware gangs targeting ministries in Latin America to critical vulnerabilities in industrial systems, the risks continue to evolve across geographies and sectors. Key incidents include breaches at Plex, LNER, and Vietnam’s National…

Read More “Weekly Cyber Intelligence Brief Global Threats & Breaches” »

Cyber
Cybersecurity Intelligence Weekly, Global Threat Landscape (Sept 1–7, 2025)

Cybersecurity Intelligence Weekly, Global Threat Landscape (Sept 1–7, 2025)

This week’s Cybersecurity Intelligence Weekly (Sept 1–7, 2025) highlights a series of high-impact incidents shaping the global threat landscape. From large-scale manufacturing disruptions at Jaguar Land Rover and Bridgestone to critical zero-day exploits in WhatsApp, Apple, and Sitecore, the week underscores the growing risks faced by enterprises and individuals alike. The report also covers state-sponsored campaigns, massive…

Read More “Cybersecurity Intelligence Weekly, Global Threat Landscape (Sept 1–7, 2025)” »

Cyber
Iranian Cyber Offensive Shows Unprecedented Coordination

Iranian Cyber Offensive Shows Unprecedented Coordination

During the 12-day conflict in June 2025, Iranian state-sponsored hacking groups and hacktivist proxies operated with greater coordination against Israel than previously documented, according to research from Security Scorecard’s STRIKE Team and the Middle East Institute. More than 178 Iranian-affiliated actors conducted operations ranging from influence campaigns to data theft. The state-backed group Imperial Kitten…

Read More “Iranian Cyber Offensive Shows Unprecedented Coordination” »

Cyber
CAPTCHA geddon’ Click Fix Malware Campaign Emerges

CAPTCHA geddon’ Click Fix Malware Campaign Emerges

Cybersecurity firm Guardio has uncovered a new campaign, ClickFix, that weaponizes fake CAPTCHA verification pages to trick users into executing malicious commands marking a major evolution from 2024’s fake browser update scams. Victims encounter CAPTCHA pages branded with Google reCAPTCHA or Cloudflare logos, but instead of solving a puzzle, they’re instructed to perform keyboard shortcuts…

Read More “CAPTCHA geddon’ Click Fix Malware Campaign Emerges” »

Captcha
Critical Flaws in Claude AI Code Assistant Patched

Critical Flaws in Claude AI Code Assistant Patched

Cybersecurity researcher Elad Beber of Cumulate has uncovered two critical flaws in Anthropic’s Claude Code AI development assistant CVE-2025–54794 and CVE-2025–54795 that could allow attackers to bypass safeguards and execute unauthorized commands. Both have since been patched by Anthropic. The vulnerabilities were identified using an “inverse prompting” approach, where Claude itself was manipulated to reveal…

Read More “Critical Flaws in Claude AI Code Assistant Patched” »

Ai
Why was Cisco Hit by Voice Phishing Breach?

Why was Cisco Hit by Voice Phishing Breach?

What Happened and Who Was Affected: On July 24, 2025, Cisco confirmed a filthy vishing attack targeting one of its representatives. The employee was deceived over a phone call, enabling attackers to gain access to a third-party cloud-based CRM instance used by CiscoFrom that CRM dashboard, attackers extracted basic profile information of Cisco.com users, including names, email addresses, phone numbers, organization names,…

Read More “Why was Cisco Hit by Voice Phishing Breach?” »

Cyber
State Actor Spies on Asian Telecoms

State Actor Spies on Asian Telecoms

Between February and November 2024, state-sponsored threat actor CL-STA-0969 linked to China-based espionage group Liminal Panda targeted telecommunications infrastructure in Southeast Asia to establish persistent access and conduct network surveillance. According to Palo Alto Networks’ Unit 42, attackers employed a range of custom implants and evasive techniques without evidence of data exfiltration. Key tools used…

Read More “State Actor Spies on Asian Telecoms” »

Cyber
Fake OAuth Apps Fuel MFA Phishing

Fake OAuth Apps Fuel MFA Phishing

In 2025, Proofpoint identified an ongoing phishing campaign abusing Microsoft OAuth applications to compromise Microsoft 365 accounts. Threat actors created malicious OAuth apps impersonating trusted services like Adobe, SharePoint, and DocuSign, using them as lures to redirect victims to attacker-in-the-middle (AiTM) phishing sites. These sites, powered by the Tycoon Phishing-as-a-Service platform, captured credentials and session…

Read More “Fake OAuth Apps Fuel MFA Phishing” »

Cyber