A sophisticated North Korean cyber campaign has resurfaced, deploying twelve malicious NPM packages to infiltrate developer systems and steal cryptocurrency. The attack exploits supply chain trust in open-source repositories, with threat actors posing as interviewers who instruct developers to install infected packages during coding tests. Once installed, the malware a Beavertail variant scans for crypto…

Read More “North Korean Hackers Launch NPM Supply Chain Attack” »

On July 30, the National Company Law Tribunal (NCLT) Kolkata bench faced a cybersecurity breach during an online court hearing when an unknown individual hijacked the session to display inappropriate content. The disruption began around 2:52 pm and lasted for three to four minutes, halting proceedings. According to a complaint filed with the Bidhannagar Cyber…

Read More “Cyber Breach Disrupts NCLT Kolkata Virtual Hearing” »

Cybersecurity researchers have uncovered a Vietnamese-speaking hacking group running a highly evasive, multi-stage campaign to steal sensitive information from over 4,000 victims across 62 countries. The most affected regions include South Korea, the U.S., the Netherlands, Hungary, and Austria. Active since late 2024, the group has recently refined its techniques to bypass antivirus tools and…

Read More “Vietnamese Hackers Run Global Data Theft Campaign” »

What Happened and Who Was Affected: On July 24, 2025, Cisco confirmed a filthy vishing attack targeting one of its representatives. The employee was deceived over a phone call, enabling attackers to gain access to a third-party cloud-based CRM instance used by CiscoFrom that CRM dashboard, attackers extracted basic profile information of Cisco.com users, including names, email addresses, phone numbers, organization names,…

Read More “Why was Cisco Hit by Voice Phishing Breach?” »

Between February and November 2024, state-sponsored threat actor CL-STA-0969 linked to China-based espionage group Liminal Panda targeted telecommunications infrastructure in Southeast Asia to establish persistent access and conduct network surveillance. According to Palo Alto Networks’ Unit 42, attackers employed a range of custom implants and evasive techniques without evidence of data exfiltration. Key tools used…

Read More “State Actor Spies on Asian Telecoms” »

In 2025, Proofpoint identified an ongoing phishing campaign abusing Microsoft OAuth applications to compromise Microsoft 365 accounts. Threat actors created malicious OAuth apps impersonating trusted services like Adobe, SharePoint, and DocuSign, using them as lures to redirect victims to attacker-in-the-middle (AiTM) phishing sites. These sites, powered by the Tycoon Phishing-as-a-Service platform, captured credentials and session…

Read More “Fake OAuth Apps Fuel MFA Phishing” »

On July 28, 2025, the City of St. Paul, Minnesota, shut down its government IT systems in response to a cyberattack detected three days earlier. The attack targeted critical infrastructure, prompting city officials to take key systems offline to prevent further damage. While 911 and emergency services remained operational, internet-based services at City Hall, libraries,…

Read More “St. Paul Deploys National Guard Amid Attack” »

In late July 2025, threat hunters uncovered a stealthy Linux backdoor dubbed Plague, implemented as a malicious PAM (Pluggable Authentication Module). The implant enables silent bypass of authentication, persistent SSH access, and leaves minimal forensic traces, making it extremely difficult to detect. Plague has been in circulation since at least mid-2024, with multiple compiled variants…

Read More “Stealthy ‘Plague’ Backdoor Hits Linux Systems” »

In late July 2025, Arctic Wolf identified a surge in ransomware intrusions linked to SonicWall SSL VPNs, with evidence suggesting the exploitation of a likely zero-day vulnerability. Several incidents involved compromised VPN access despite devices being fully patched and protected with TOTP-based MFA. In many cases, accounts were breached shortly after credential rotations, pointing to…

Read More “Akira Targets SonicWall VPNs in Zero-Day Surge” »

On July 29, 2025, Cursor, a widely used AI-powered code editor, released version 1.3 to patch a critical remote code execution (RCE) vulnerability tracked as CVE-2025–54135 (CVSS 8.6). Discovered by Aim Security, the flaw dubbed “CurXecute”, allowed attackers to exploit Cursor’s integration with external Model Control Protocol (MCP) servers to execute arbitrary code. The issue…

Read More “Akira Targets SonicWall VPNs in Zero-Day Surge” »