Latest Intelligence
Cellcom Service Disruption Caused by Cyberattack
Cellcom has confirmed that a significant service disruption lasting a week was due to a cyberattack. This incident highlights the vulnerabilities faced by wireless carriers and the potential impact on their customers.
Dero miner zombies biting through Docker APIs to build a cryptojacking horde
Kaspersky experts have identified a cryptojacking campaign that exploits the Docker API to deploy a Dero crypto miner in containerized environments. This highlights the growing threat of cryptojacking in cloud infrastructures and the need for enhanced security measures.
Google DeepMind Unveils Defense Against Indirect Prompt Injection Attacks
Google DeepMind has introduced a new defense mechanism to combat indirect prompt injection (IPI) attacks, which are a growing threat in the cybersecurity landscape. This development is significant as it addresses the evolving nature of these attacks, aiming to enhance the security of AI systems.
Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities
Wiz has issued a warning about the ongoing exploitation of two recent Ivanti vulnerabilities that allow threat actors to perform unauthenticated remote code execution. This exploitation poses significant risks to affected systems, highlighting the urgency for remediation.
Virtual Event Today: Threat Detection & Incident Response (TDIR) Summit
The 2025 Threat Detection & Incident Response (TDIR) Summit is being held virtually on May 21st, focusing on the crucial aspects of cybersecurity threat detection and incident response. This event highlights the significance of staying updated on the latest threats and response strategies in the ever-evolving cybersecurity landscape.
Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers
Research indicates that a significant portion of industrial control systems (ICS) exposed to the internet, potentially up to 25%, may actually be honeypots rather than genuine devices. This raises concerns about the security landscape and the tactics used by attackers to gather information or mislead security efforts.
Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps
Cybersecurity researchers have identified a malicious campaign that uses JavaScript injections to redirect mobile users to a fraudulent Chinese adult-content Progressive Web App. This method of attack highlights a significant concern in mobile security, particularly regarding the exploitation of PWAs for scams.
Ransomware Attack Forces Kettering Health to Cancel Procedures
Kettering Health has been forced to cancel both inpatient and outpatient procedures due to a ransomware attack that has led to a system-wide outage. This incident highlights the ongoing threat of ransomware in the healthcare sector and its significant impact on patient care.
Critical OpenPGP.js Vulnerability Allows Spoofing
A critical vulnerability in OpenPGP.js, identified as CVE-2025-47934, allows attackers to spoof message signature verifications. This flaw poses significant risks to the integrity of secure communications utilizing this library.
Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager
Google Chrome has introduced a feature in its built-in Password Manager that automatically changes compromised passwords when detected during sign-in. This enhancement aims to improve user security by simplifying the process of managing compromised credentials.
Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery
Hazy Hawk, a threat actor, exploits misconfigurations in DNS records to hijack abandoned cloud resources from major organizations, including Amazon and Microsoft. The hijacked domains are repurposed to deliver scams and malware, highlighting significant security risks associated with cloud misconfigurations.
100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads
Over 100 fake Chrome extensions have been discovered that are designed to hijack user sessions, steal credentials, and inject advertisements. These malicious extensions are created by an unknown threat actor and pose significant risks to users by masquerading as legitimate tools.
NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch
VMware has released security patches addressing vulnerabilities that could lead to data leakage, command execution, and denial-of-service attacks. Notably, one of the vulnerabilities has been flagged by NATO, underscoring its significance and urgency for users to apply the patches.
South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware
A new cyber campaign by the SideWinder APT group has targeted high-level government institutions in Sri Lanka, Bangladesh, and Pakistan using spear phishing tactics and geofenced payloads. This attack highlights the ongoing threat to governmental cybersecurity in South Asia, emphasizing the need for enhanced protective measures.
AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation
Cybersecurity researchers have identified risky default IAM roles in AWS that can lead to privilege escalation and manipulation of other services, potentially compromising entire AWS accounts. This issue highlights the importance of reviewing and tightening IAM permissions to prevent unauthorized access.