Cybercrime
-
Europol urges coordinated EU response as caller ID spoofing drives phone and text fraud
Europol says caller ID spoofing is driving much of Europe’s phone and text fraud, estimating EUR 850 million in annual losses and calling for EU-wide technical standards, an international traceback system and aligned legal frameworks to improve cross-border investigations.
-
Australia warns of ongoing BADCANDY attacks on unpatched Cisco IOS XE devices
The Australian Signals Directorate warned of ongoing attacks using a Lua-based web shell called BADCANDY that exploits CVE-2023-20198 in unpatched Cisco IOS XE devices, estimated to have affected about 400 devices in Australia since July 2025 and urging patching and hardening measures.
-
Hezi Rash hacktivist group tied to hundreds of DDoS attacks, Check Point reports
Hezi Rash, a Kurdish nationalist hacktivist group founded in 2023, has been linked by Check Point to about 350 DDoS attacks between August and October 2025 targeting sites in Japan, Turkey, Israel, Iran, Iraq and Germany; analysts say the campaigns are ideologically driven and focus on disruption.
-
China-linked Tick group exploits Lanscope flaw to deploy Gokcpdoor backdoor
A critical Lanscope Endpoint Manager flaw (CVE-2025-61932, CVSS 9.3) has been exploited by the Tick espionage group to deploy a Gokcpdoor backdoor and other tooling, with JPCERT/CC confirming active abuse and researchers advising prompt patching and review of internet-exposed servers.
-
CISA adds VMware local privilege‑escalation zero-day to Known Exploited Vulnerabilities catalog
CISA added CVE-2025-41244, a high-severity VMware local privilege‑escalation flaw, to its Known Exploited Vulnerabilities catalog after reports of active exploitation. Broadcom-owned VMware has issued a patch, NVISO Labs reported zero-day use since October 2024, and federal agencies must apply mitigations by Nov. 20, 2025.
-
Ribbon Communications says nation-state hackers breached its network; initial access traced to December 2024
Ribbon Communications disclosed a nation-state-associated breach of its IT network, detected in September 2025 with preliminary evidence of initial access in December 2024. The company is working with outside cybersecurity experts and federal law enforcement, has found customer files on two laptops outside its main network, and said it has not found evidence of theft…
-
Conduent says 2024 breach affected more than 10.5 million people
Conduent said a data breach first compromising its environment in October 2024 and discovered in January 2025 has impacted more than 10.5 million people, with state filings naming Oregon, Texas, Washington and Maine among those affected; exposed data reportedly included names, Social Security numbers and medical information.
-
Open-source C2 Framework AdaptixC2 Draws Use by Groups Linked to Russian Ransomware
AdaptixC2, an open-source command-and-control framework published on GitHub, has been adopted by multiple threat actors, including groups linked to Russian ransomware, prompting analysis from Palo Alto Networks Unit 42 and an investigation by Silent Push into the project’s author and Telegram activity.
-
Attackers exploit patched WSUS flaw to deploy infostealer on unpatched Windows servers
Attackers have been observed exploiting CVE-2025-59287 in WSUS to deploy an infostealer on unpatched Windows servers, exfiltrate data to webhook.site URLs and use follow-up tooling including Velociraptor and a UPX-packed Skuld Stealer; agencies and vendors are urging immediate patching and investigation.
-
PhantomRaven campaign places malicious code in 126 npm packages
Researchers say a campaign codenamed PhantomRaven has placed malicious code into 126 npm packages since August 2025, using external dynamic dependencies to steal authentication tokens, CI/CD secrets and GitHub credentials; Koi Security and DCODX published analyses.
