Monthly Archives: August 2025

Leaked Credentials Up 160%: What Attackers Are Doing With Them

When an organization’s credentials are leaked, the immediate consequences are rarely visible—but the long-term impact...

08
Aug
RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes

A fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by...

08
Aug
GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensions

A newly discovered campaign dubbed GreedyBear has leveraged over 150 malicious extensions to the Firefox...

08
Aug
SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others

The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs)...

07
Aug
Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes

Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to...

07
Aug
Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups

Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange...

07
Aug
6,500 Axis Servers Expose Remoting Protocol, 4,000 in U.S. Vulnerable to Exploits

Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that,...

07
Aug
The AI-Powered Security Shift: What 2025 Is Teaching Us About Cloud Defense

Now that we are well into 2025, cloud attacks are evolving faster than ever and...

07
Aug
SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day

SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer...

07
Aug
Webinar: How to Stop Python Supply Chain Attacks—and the Expert Tools You Need

Python is everywhere in modern software. From machine learning models to production microservices, chances are...

07
Aug
Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft

Cybersecurity researchers have demonstrated an “end-to-end privilege escalation chain” in Amazon Elastic Container Service (ECS)...

06
Aug
Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams

The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious...

06
Aug
AI Slashes Workloads for vCISOs by 68% as SMBs Demand More – New Report Reveals

As the volume and sophistication of cyber threats and risks grow, cybersecurity has become mission-critical...

06
Aug
Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools

Microsoft on Tuesday announced an autonomous artificial intelligence (AI) agent that can analyze and classify...

06
Aug
Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems

Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex...

06
Aug
Cyber Assessment Framework v4.0 released in response to growing threat
August 6, 2025

Updates to the CAF helps providers of essential services to better manage their cyber risks....

CERT-UA Warns of HTA-Delivered C# Malware Attacks Using Court Summons Lures

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks carried out...

06
Aug
AI Is Transforming Cybersecurity Adversarial Testing – Pentera Founder’s Vision

When Technology Resets the Playing Field In 2015 I founded a cybersecurity testing software company...

06
Aug
CISA Adds 3 D-Link Router Flaws to KEV Catalog After Active Exploitation Reports

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws...

06
Aug
NIST NCCoE Cyber AI Profile Virtual Working Session Series: Securing AI System Components
August 5, 2025

Join the NIST NCCoE soon for a series of virtual working sessions to provide input...

ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections

A combination of propagation methods, narrative sophistication, and evasion techniques enabled the social engineering tactic...

05
Aug
Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild

Google has released security updates to address multiple security flaws in Android, including fixes for...

05
Aug
Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval

Cybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence (AI)-powered code editor...

05
Aug
Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks

In SaaS security conversations, “misconfiguration” and “vulnerability” are often used interchangeably. But they’re not the...

05
Aug
How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents

Why do SOC teams still drown in alerts even after spending big on security tools?...

05
Aug
15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign

Cybersecurity researchers have lifted the veil on a widespread malicious campaign that’s targeting TikTok Shop...

05
Aug
SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported

SonicWall said it’s actively investigating reports to determine if there is a new zero-day vulnerability...

05
Aug
NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers

A newly disclosed set of security flaws in NVIDIA’s Triton Inference Server for Windows and...

04
Aug
Vietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords Globally

Cybersecurity researchers are calling attention to a new wave of campaigns distributing a Python-based information...

04
Aug
What a Real Professional Social Engineering Team Looks Like

If you’ve been following us, you probably remember when we introduced our ops team. Now...

04
Aug