Remove 2025 Remove Malware Remove Security Intelligence
article thumbnail

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

Security Affairs

Cybersecurity and Infrastructure Security Agency (CISA) added the the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Last week, Cisco Talos researchers reported that an unknown threat actor has been exploiting the flaw since as early as January 2025, predominantly targeting organizations in Japan. reported Akamai.

DDOS 104
article thumbnail

North Korea-linked APT Emerald Sleet is using a new tactic

Security Affairs

. “While we have only observed the use of this tactic in limited attacks since January 2025, this shift is indicative of a new approach to compromising their traditional espionage targets.” ” states Microsoft Threat Intelligence. LNK shortcut files, disguised as Office documents.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Security Roundup June 2025

BH Consulting

Cybercriminals use a constantly evolving toolkit, ranging from phishing and phone scams, to malware and AI-generated deepfakes, to compromise systems and steal personal information, which is then sold, resold, and repackaged by data and access brokers operating across dark web forums, encrypted channels, and subscription-based criminal marketplaces.

Scams 59
article thumbnail

Reflectiz Joins the Datadog Marketplace

Penetration Testing

NASDAQ: DDOG), the monitoring and security platform for cloud applications. This integration combines advanced website security intelligence with enterprise-grade observability, empowering organizations with continuous visibility and control over their expanding attack surface.

article thumbnail

Paragon Graphite Spyware used a zero-day exploit to hack at least two journalists’ iPhones

Security Affairs

On April 29, 2025, Apple alerted select iOS users of spyware targeting. Apple has since patched the zero-click exploit used in the attack, now tracked the flaw as CVE-2025-43200 , in iOS version 18.3.1. Apple has since patched the zero-click exploit used in the attack, now tracked the flaw as CVE-2025-43200 , in iOS version 18.3.1.

Spyware 88
article thumbnail

New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer

The Hacker News

The AhnLab Security Intelligence Center (ASEC) said it has observed a spike in the distribution volume of ACR Stealer since January 2025. A notable aspect of the stealer malware is the use of a technique called dead drop

Software 110
article thumbnail

Sophisticated IIS Malware Targets South Korean Web Servers

Penetration Testing

In a targeted and technically advanced cyber operation discovered in February 2025, the AhnLab Security Intelligence Center (ASEC) The post Sophisticated IIS Malware Targets South Korean Web Servers appeared first on Daily CyberSecurity.

Malware 75