Real-time threat intelligence from trusted sources
Iran-linked hackers have been involved in cyber warfare to support real-world missile strikes, highlighting the dangerous convergence of cyber attacks and kinetic warfare. This trend indicates a growing need for new frameworks to address the evolving nature of warfare, as traditional boundaries between cyber and physical attacks become increasingly blurred.
The TamperedChef malware campaign exploits fake software installers to distribute JavaScript malware, enabling remote access and control of infected systems. This ongoing global threat poses significant risks to users who may unknowingly install these malicious applications.
Fortinet is facing significant challenges as a second zero-day vulnerability in its web application firewall (WAF) has been discovered and is under attack. This situation raises concerns about the vendor's disclosure practices and the overall security of their products.
The article discusses the challenges faced by international corporations in navigating conflicting cyber laws from various countries, which can lead to fragmented systems that are more susceptible to cyber risks. This fragmentation poses significant security vulnerabilities for large organizations, highlighting the need for cohesive regulatory frameworks.
The article highlights the vulnerabilities of agentic AI to hijacking, which can lead to the subversion of an agent's goals. This raises significant concerns about the potential for compromised interactions to affect entire networks, indicating a serious cybersecurity threat.
The NHS England Digital has issued a warning regarding a security vulnerability in 7-Zip, identified as CVE-2025-11001, which allows for remote code execution through symbolic links. Although no active exploitation has been observed, a public proof-of-concept exploit exists, raising concerns about potential future threats.
Cloudflare experienced a significant outage that was initially suspected to be a DDoS attack. However, it was later determined to be caused by an internal configuration error related to a routine change in permissions, leading to widespread software failure.
A new cyber campaign has emerged in Brazil, utilizing social engineering and WhatsApp hijacking to spread a banking trojan called Eternidade Stealer. This threat is significant due to its ability to dynamically retrieve command-and-control addresses, indicating a sophisticated level of exploitation targeting Brazilian users.
The article highlights a serious vulnerability in railway braking systems that can be exploited using inexpensive materials and gadgets, posing a significant risk to safety. This tampering could lead to dangerous situations for train conductors and passengers alike.
The Hacker News
Operation WrtHug has compromised tens of thousands of outdated ASUS routers globally, primarily affecting users in Taiwan, the U.S., and Russia. The severity of this campaign highlights the risks associated with using end-of-life devices, as they can be easily hijacked to form a large botnet.
All CISA Advisories
The Cybersecurity and Infrastructure Security Agency (CISA) has released a guide to help Internet Service Providers (ISPs) mitigate risks associated with Bulletproof Hosting (BPH) providers that facilitate cybercriminal activities like ransomware and phishing. The guide emphasizes the importance of collaboration and proactive measures to reduce the effectiveness of BPH infrastructure, which poses significant threats to critical systems and services.
All CISA Advisories
CISA has added CVE-2025-13223, a Google Chromium V8 Type Confusion Vulnerability, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. This vulnerability poses significant risks to federal enterprises, prompting CISA to urge timely remediation by all organizations to mitigate potential cyberattacks.
The article highlights the critical challenge of securing environments against cyber threats, emphasizing the inadequacy of traditional security measures like Endpoint Detection and Response (EDR). It points out that reliance on reactive strategies contributes significantly to the escalating costs of cybercrime, suggesting a need for a fundamental shift towards Zero Trust security models.
The report highlights a concerning rise in mobile threats during Q3 2025, particularly noting an increase in ransomware activity in Germany. This trend underscores the evolving landscape of cybersecurity threats and the need for heightened vigilance among users and organizations.
The report highlights the evolving landscape of IT threats in Q3 2025, focusing on malware targeting Windows and macOS personal computers, as well as IoT devices. This indicates a growing severity of cyber threats that could have significant implications for users and organizations relying on these systems.