Chinese Hackers Exploit SharePoint Flaws in ‘Project AK47’ Campaign

Chinese Hackers Exploit SharePoint Flaws in ‘Project AK47’ Campaign

Researchers from Palo Alto Networks Unit 42 have uncovered a state-sponsored Chinese threat actor tracked as Storm-2603 by Microsoft and CL-CRI-1040 by Unit 42 exploiting four critical Microsoft SharePoint vulnerabilities (CVE-2025–49704, CVE-2025–49706, CVE-2025–53770, CVE-2025–53771) to deliver a custom malware suite dubbed Project AK47. Active since March 2025, the campaign uses the ToolShell exploit chain to…

Read More “Chinese Hackers Exploit SharePoint Flaws in ‘Project AK47’ Campaign” »

Hacker
Critical Flaws in Claude AI Code Assistant Patched

Critical Flaws in Claude AI Code Assistant Patched

Cybersecurity researcher Elad Beber of Cumulate has uncovered two critical flaws in Anthropic’s Claude Code AI development assistant CVE-2025–54794 and CVE-2025–54795 that could allow attackers to bypass safeguards and execute unauthorized commands. Both have since been patched by Anthropic. The vulnerabilities were identified using an “inverse prompting” approach, where Claude itself was manipulated to reveal…

Read More “Critical Flaws in Claude AI Code Assistant Patched” »

Ai
North Korean Hackers Launch NPM Supply Chain Attack

North Korean Hackers Launch NPM Supply Chain Attack

A sophisticated North Korean cyber campaign has resurfaced, deploying twelve malicious NPM packages to infiltrate developer systems and steal cryptocurrency. The attack exploits supply chain trust in open-source repositories, with threat actors posing as interviewers who instruct developers to install infected packages during coding tests. Once installed, the malware a Beavertail variant scans for crypto…

Read More “North Korean Hackers Launch NPM Supply Chain Attack” »

Hacker
Vietnamese Hackers Run Global Data Theft Campaign

Vietnamese Hackers Run Global Data Theft Campaign

Cybersecurity researchers have uncovered a Vietnamese-speaking hacking group running a highly evasive, multi-stage campaign to steal sensitive information from over 4,000 victims across 62 countries. The most affected regions include South Korea, the U.S., the Netherlands, Hungary, and Austria. Active since late 2024, the group has recently refined its techniques to bypass antivirus tools and…

Read More “Vietnamese Hackers Run Global Data Theft Campaign” »

Hacker
Why was Cisco Hit by Voice Phishing Breach?

Why was Cisco Hit by Voice Phishing Breach?

What Happened and Who Was Affected: On July 24, 2025, Cisco confirmed a filthy vishing attack targeting one of its representatives. The employee was deceived over a phone call, enabling attackers to gain access to a third-party cloud-based CRM instance used by CiscoFrom that CRM dashboard, attackers extracted basic profile information of Cisco.com users, including names, email addresses, phone numbers, organization names,…

Read More “Why was Cisco Hit by Voice Phishing Breach?” »

Cyber
State Actor Spies on Asian Telecoms

State Actor Spies on Asian Telecoms

Between February and November 2024, state-sponsored threat actor CL-STA-0969 linked to China-based espionage group Liminal Panda targeted telecommunications infrastructure in Southeast Asia to establish persistent access and conduct network surveillance. According to Palo Alto Networks’ Unit 42, attackers employed a range of custom implants and evasive techniques without evidence of data exfiltration. Key tools used…

Read More “State Actor Spies on Asian Telecoms” »

Cyber
Fake OAuth Apps Fuel MFA Phishing

Fake OAuth Apps Fuel MFA Phishing

In 2025, Proofpoint identified an ongoing phishing campaign abusing Microsoft OAuth applications to compromise Microsoft 365 accounts. Threat actors created malicious OAuth apps impersonating trusted services like Adobe, SharePoint, and DocuSign, using them as lures to redirect victims to attacker-in-the-middle (AiTM) phishing sites. These sites, powered by the Tycoon Phishing-as-a-Service platform, captured credentials and session…

Read More “Fake OAuth Apps Fuel MFA Phishing” »

Cyber
Stealthy ‘Plague’ Backdoor Hits Linux Systems

Stealthy ‘Plague’ Backdoor Hits Linux Systems

In late July 2025, threat hunters uncovered a stealthy Linux backdoor dubbed Plague, implemented as a malicious PAM (Pluggable Authentication Module). The implant enables silent bypass of authentication, persistent SSH access, and leaves minimal forensic traces, making it extremely difficult to detect. Plague has been in circulation since at least mid-2024, with multiple compiled variants…

Read More “Stealthy ‘Plague’ Backdoor Hits Linux Systems” »

Security