Afraid of missing important security news during the week? We're here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Doxing: When private data becomes a Russian weapon
- Global operation targets NoName057(16) pro-Russian cybercrime network
- Armenian national extradited to the United States faces federal charges for ransomware extortion conspiracy
- Operation Overload’s underwhelming influence and evolving tactics
- Digital occupation: Pro-Russian bot networks target Ukraine’s occupied territories on Telegram
- How China’s patriotic ‘Honkers’ became the nation’s elite cyberspies
- Cloudflare starts blocking pirate sites for UK users – that’s a pretty big deal
- Steam introduces vague new rules banning 'certain kinds of adult content' to appease credit card companies
For the more technical
- Beyond the surface – Digging into CVE-2024-10864 & CVE-2024-10865 in NetIQ Advanced Authentication
- Pre-auth SQL injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257)
- GPUHammer: Rowhammer attacks on GPU memories are practical
- Gigabyte motherboards vulnerable to UEFI malware bypassing Secure Boot
- Malware identified in attacks exploiting Ivanti Connect Secure vulnerabilities
- Ongoing SonicWall Secure Mobile Access (SMA) exploitation campaign using the Overstep backdoor
- PoisonSeed downgrading FIDO key authentications to ‘fetch’ user accounts
- FileFix: The new social engineering attack building on ClickFix tested in the wild
- KongTuke FileFix leads to new Interlock RAT variant
- Fix the click: Preventing the ClickFix attack vector
- Phishing for Gemini
- Tracking protestware spread: 28 npm packages affected by payload targeting Russian-language users
- June 2025 Infostealer Trend Report
- Signed and stealing: uncovering new insights on Odyssey infostealer
- Katz stealer: Powerful MaaS on the prowl for credentials and crypto assets
- Unmasking AsyncRAT: Navigating the labyrinth of forks
- Threat analysis: SquidLoader - still swimming under the radar
- From a Teams call to a ransomware threat: Matanbuchus 3.0 MaaS levels up
- KAWA4096’s ransomware Tide: Rising threat with borrowed styles
- Global Group: Emerging Ransomware-as-a-Service, supporting AI driven negotiation and mobile control panel for their affiliates
- BlackSuit: A hybrid approach with data exfiltration and encryption
- Konfety returns: Classic mobile threat with new evasion techniques
- Evolving tactics of Slow Tempest: A deep dive into advanced malware techniques
- The cost of a call: From voice phishing to data extortion
- UNG0002: Regional threat operations tracked across multiple Asian jurisdictions
- Phish and chips: China-aligned espionage actors ramp up Taiwan semiconductor industry targeting
- Behind the clouds: Attackers targeting governments in Southeast Asia implement novel covert C2 communication
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
Comments