Afraid of missing important security news during the week? We're here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Sinaloa cartel used phone data and surveillance cameras to find FBI informants, DOJ says (PDF)
- Crypto investment fraud ring dismantled in Spain after defrauding 5 000 victims worldwide
- Treasury sanctions global bulletproof hosting service enabling cybercriminals and technology theft
For the more technical
- Prompt Injections, design patterns and a CaMeL
- LSTM or Transformer as "malware packer"
- CVE-2025-5777: Citrix Bleed 2 opens old wounds
- Cisco Identity Services Engine (ISE) unauthenticated remote code execution vulnerabilities
- Windows shortcut (LNK) malware strategies
- PDFs: Portable documents, or perfect deliveries for phish?
- Yet another ZIP trick
- Taking SHELLTER: a commercial evasion framework abused in- the- wild
- XWorm's shape-shifting arsenal: Loader and stager variants in the wild
- Hide your RDP: Password spray leads to RansomHub deployment
- From Googlebot to GPTBot: who’s crawling your site in 2025
- RondoDox unveiled: Breaking down a new botnet threat
- FoxyWallet: 40+ malicious Firefox extensions exposed
- 600,000 WordPress sites affected by arbitrary file deletion vulnerability in Forminator WordPress plugin
- Taking over 60k spyware user accounts with SQL injection
- Odyssey stealer : The rebrand of Poseidon stealer
- 10 things I hate about attribution: RomCom vs. TransferLoader
- DCRAT impersonating the Colombian government
- Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset
- Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
Comments