In 2025, Proofpoint identified an ongoing phishing campaign abusing Microsoft OAuth applications to compromise Microsoft 365 accounts. Threat actors created malicious OAuth apps impersonating trusted services like Adobe, SharePoint, and DocuSign, using them as lures to redirect victims to attacker-in-the-middle (AiTM) phishing sites. These sites, powered by the Tycoon Phishing-as-a-Service platform, captured credentials and session…
On July 28, 2025, the City of St. Paul, Minnesota, shut down its government IT systems in response to a cyberattack detected three days earlier. The attack targeted critical infrastructure, prompting city officials to take key systems offline to prevent further damage. While 911 and emergency services remained operational, internet-based services at City Hall, libraries,…
In late July 2025, threat hunters uncovered a stealthy Linux backdoor dubbed Plague, implemented as a malicious PAM (Pluggable Authentication Module). The implant enables silent bypass of authentication, persistent SSH access, and leaves minimal forensic traces, making it extremely difficult to detect. Plague has been in circulation since at least mid-2024, with multiple compiled variants…
In late July 2025, Arctic Wolf identified a surge in ransomware intrusions linked to SonicWall SSL VPNs, with evidence suggesting the exploitation of a likely zero-day vulnerability. Several incidents involved compromised VPN access despite devices being fully patched and protected with TOTP-based MFA. In many cases, accounts were breached shortly after credential rotations, pointing to…
Read More “Akira Targets SonicWall VPNs in Zero-Day Surge” »
On July 29, 2025, Cursor, a widely used AI-powered code editor, released version 1.3 to patch a critical remote code execution (RCE) vulnerability tracked as CVE-2025–54135 (CVSS 8.6). Discovered by Aim Security, the flaw dubbed “CurXecute”, allowed attackers to exploit Cursor’s integration with external Model Control Protocol (MCP) servers to execute arbitrary code. The issue…
Read More “Akira Targets SonicWall VPNs in Zero-Day Surge” »
On July 29, Russian airline Aeroflot announced that it had stabilized flight operations after a major cyberattack disrupted its IT infrastructure the day before. While Aeroflot described the disruption as a “technical failure,” prosecutors are investigating it as a cyberattack. Two pro-Ukraine hacking groups, Belarusian Cyber Partisans and the newly emerged Silent Crow, claimed responsibility….
On Friday, 25 July, Orange Group detected a cyberattack targeting one of its internal information systems.Upon discovery, Orange’s response teams working closely with Orange Cyberdefense, immediately activated containment protocols. To limit the impact, several systems were isolated, which led to temporary disruptions affecting certain management services and platforms. The impact was primarily observed among Business…
Read More “Telecom Giant Orange Files Complaint After Cyber Incident” »
In a striking revelation, the U.S. Department of Health and Human Services Office of Inspector General (HHS OIG) has uncovered major cybersecurity shortcomings at a prominent Northeastern hospital during a recent HIPAA audit. The findings serve as a wake-up call not just to one institution but to the entire healthcare ecosystem. What Was the Issue? This unnamed…
Read More “Is Your Hospital Truly Secure? HHS OIG Audit Reveals Startling Gaps” »
Soco404 and Koske exploit configs with fake pages, mining on global cloud systemsJuly 2025 Security researchers have uncovered two separate malware campaigns — Soco404 and Koske — that exploit vulnerabilities and misconfigurations in cloud environments to install cryptocurrency miners on both Linux and Windows systems. Soco404 Campaign Attributed to threat actors tracked by Wiz, Soco404…
Patchwork uses fake invites with LNK files to breach missile contractors for intel28 July 2025 The Indian-linked threat actor Patchwork (also known as APT-C-09, Dropping Elephant, Operation Hangover) has launched a spear-phishing campaign against Turkish defense contractors, aiming to collect sensitive intelligence on unmanned vehicle systems and missile programs. Geopolitical Context The timing aligns with…
