News
-
GoBruteforcer botnet targets crypto and blockchain databases with credential brute force
A technical analysis found GoBruteforcer campaigns since mid 2025 that turn exposed Linux servers into botnet nodes to brute force FTP and database credentials and to probe blockchain accounts for funds.
-
Critical RCE and two DoS flaws patched in Apex Central on-premise
Trend Micro issued updates for Apex Central on-premise after a Tenable technical analysis detailed CVE-2025-69258, a critical RCE with CVSS 9.8, and two DoS flaws that can be triggered via MsgReceiver.exe on TCP port 20001.
-
CISA retires 10 Emergency Directives issued 2019 to 2024
CISA is retiring 10 Emergency Directives issued from 2019 through 2024 after required actions were implemented or enforcement moved to Binding Operational Directive 22-01. The closed directives include SolarWinds and Exchange mitigation orders.
-
FBI warns Kimsuky used malicious QR codes in 2025 quishing campaigns
An FBI flash alert warned that North Korea linked group Kimsuky used malicious QR codes in 2025 spear phishing to target think tanks, academia, and government entities. The attacks aimed to steal session tokens and bypass multi factor authentication.
-
China-linked UAT-7290 targets telcos in South Asia and expands into Southeastern Europe
A China-linked cluster called UAT-7290 has targeted telecommunications providers in South Asia and moved into Southeastern Europe. The group performs deep reconnaissance and deploys modular malware that can turn edge devices into relay nodes.
-
U.S. to Withdraw From Several International Cybersecurity Organizations
The White House announced the U.S. will withdraw from 66 international organizations, including several that work on cybersecurity, prompting critics to warn of weakened multinational coordination on cyber defenses and online rights.
-
Cisco issues updates for ISE XML parsing flaw CVE-2026-20029 and Snort 3 bugs
Cisco issued updates on Jan 8, 2026 to fix a medium severity XML parsing flaw in Identity Services Engine CVE-2026-20029 with a public proof of concept. The company also patched two Snort 3 DCE/RPC vulnerabilities.
-
Black Cat uses SEO poisoning to distribute backdoor, compromises about 277,800 hosts in China
A CNCERT/CC and ThreatBook technical analysis links the Black Cat gang to an SEO poisoning campaign that pushed fake software downloads and implanted a backdoor, compromising about 277,800 hosts in China between December 7 and 20, 2025.
-
ownCloud urges users to enable MFA after credential theft reports
ownCloud urged users to enable multi-factor authentication after attackers used credentials stolen by infostealer malware to access self-hosted file sharing instances. The advisory recommends MFA, password resets, session invalidation, and log review.
-
Phishing actors spoof internal addresses by abusing complex email routing, Microsoft warns
Microsoft warned that phishing actors exploit complex mail routing and misconfigured spoof protections to send emails appearing internal, and that more than 13 million messages tied to the Tycoon 2FA kit were blocked in October 2025.
