News
-
Chinese state-sponsored group RedNovember exploited enterprise network gear in global campaign, researchers say
Recorded Future says a Chinese state-sponsored group called RedNovember ran a global espionage campaign from June 2024 to July 2025, exploiting vulnerabilities in enterprise network appliances to breach defense contractors, government agencies and other organizations and using publicly available tools to maintain persistent access.
-
Researchers find malicious ‘postmark-mcp’ npm package that forwarded emails to attacker
Researchers say a malicious npm package named “postmark-mcp” copied an official library and, beginning with version 1.0.16, BCC’d every email to an external address, exposing potentially sensitive communications; the package has been removed from npm and users are urged to revoke credentials and check logs.
-
Fake Microsoft Teams installers promoted in search ads deliver Oyster backdoor, researchers say
Search ads and SEO poisoning have been used to promote fake Microsoft Teams installers that deliver the Oyster backdoor to Windows machines, researchers said; the trojanized installer drops a DLL and creates a scheduled task for persistence.
-
Volvo North America confirms employee data exposure after Miljödata ransomware attack
Volvo North America confirmed that attackers accessed employee data after its HR-system provider Miljödata was hit by a ransomware attack, exposing names and Social Security numbers and affecting a wide network of Swedish municipalities and institutions.
-
Archer Health data breach exposes 145,000 patient records in publicly accessible database
A California-based in-home health provider, Archer Health Inc., left a 23 GB cache of medical and personal data publicly accessible, exposing more than 145,000 files including patient names, SSNs and medical histories. The database was secured within hours after a cybersecurity researcher alerted investigators, and the company says it is investigating the incident, which underscores…
-
Vane Viper identified as a major malvertising operator, DNS-driven adtech network linked to trillions of queries
A deep-dive by Infoblox, with Guardio and Confiant, accuses the threat actor Vane Viper of running a vast malvertising and adtech operation that generated about 1 trillion DNS queries across thousands of compromised sites. The network leverages push notifications and service workers to stay persistent, links to major adtech players like PropellerAds, and has expanded…
-
Senate Democrats flag DOGE program for privacy, cybersecurity risks across three federal agencies
A Senate Democratic report accuses the DOGE program of violating federal law and exposing Americans’ personal data across three agencies, urging immediate safeguards and compliance measures amid warnings of heightened identity theft risk.
-
Researchers disclose root takeover vulnerability in Unitree robots
Security researchers published a public exploit called UniPwn that they say allows root takeover of multiple Unitree robot models via a Bluetooth Low Energy Wi‑Fi setup interface, warning the flaw could enable wormable infections and urging short‑term mitigations such as disabling BLE and using isolated networks.
-
Vietnamese hackers use fake copyright notices to steal cryptocurrency, researchers say
A Vietnamese hacking group known as Lone None has launched a multi-language scam to steal personal and financial data, with a focus on cryptocurrency, using fake copyright takedown notices and malware delivered through DLL side-loading, according to Cofense Intelligence.
-
Critical CVSS-10 Flaw in Fortra GoAnywhere MFT Prompts Urgent Patch and Contingency Measures
A CVSS-10 vulnerability in Fortra's GoAnywhere MFT (CVE-2025-10035) threatens enterprise data transfers. The deserialization flaw in the License Servlet could enable remote code execution if exploited. Patches are available, and experts warn that thousands of internet-facing deployments may be at immediate risk unless mitigations are applied.
