News
-
Iranian-linked hackers expand European operations with fake job portals and new malware, researchers say
Security researchers say Iranian government-backed attackers are targeting Western Europe with fake job portals and new Minibike malware, including MiniJunk and MiniBrowse, delivered through a multi-stage DLL sideloading chain. The operation focuses on Denmark, Portugal, and Sweden and appears linked to broader Iran-aligned threat activity.
-
GitHub Tightens npm Publishing Security with 2FA, Short-Lived Tokens and Trusted Publishing
GitHub announced a sweeping set of security measures for npm publishing, including deprecating legacy tokens, migrating to FIDO-based 2FA, and introducing seven-day, short-lived granular tokens plus trusted publishing that uses OpenID Connect and cryptographic provenance attestations to bolster npm’s supply-chain security.
-
SEO-poisoning BadIIS malware tied to Operation Rewrite targets East and Southeast Asia, researchers say
Security researchers say a Chinese-speaking actor is using the BadIIS malware in an Operation Rewrite SEO-poisoning campaign to hijack search results via a compromised IIS proxy, targeting East and Southeast Asia with Vietnam as a focus.
-
Mac ad campaign impersonating brands pushes macOS credential stealer, LastPass warns
Security researchers warn of a malvertising campaign that uses search ads to impersonate LastPass and other services, delivering the Atomic Stealer/Amos Stealer on macOS via fraudulent GitHub pages; LastPass says takedowns are underway and IoCs are shared.
-
Microsoft patches critical Entra ID flaw CVE-2025-55241 with 10.0 severity, enabling cross-tenant impersonation
Microsoft has patched a critical Entra ID vulnerability, CVE-2025-55241, with a maximum CVSS score of 10.0 that could allow cross-tenant impersonation of users, including Global Administrators. The fix, disclosed by researchers and implemented on July 17, 2025, requires no action by customers, though experts warn the flaw highlights broader cloud-security risks and the need to…
-
Stellantis confirms data breach via third-party provider exposing customer emails
Stellantis disclosed that attackers breached a North American third-party customer-service partner, exposing only customer names and email addresses. The company launched an investigation, notified law enforcement, and urged affected customers to watch for phishing, as the auto maker navigates broader industry disruption linked to a separate JLR cyberattack.
-
Cyberattacks and fiber outages disrupt global aviation as European and U.S. delays mount
Technology outages in Europe and the United States disrupted air travel over the weekend, as Collins Aerospace’s ARINC cMUSE system suffered a cyberattack affecting check-in and baggage processing in Brussels, and a fiber-optic outage at Dallas/Fort Worth interfered with U.S. air‑traffic control operations, triggering hundreds of cancellations and delays.
-
Iran-linked Subtle Snail Targets European Telecoms in LinkedIn Recruitment Scheme, 34 Devices Infected
A Iran-linked cyber espionage group known as UNC1549, also called Subtle Snail, has been attributed to a campaign against European telecommunications firms, infiltrating 34 devices across 11 organizations through LinkedIn-based recruitment lures and a modular backdoor named MINIBIKE designed for long-term data exfiltration.
-
Fortra patches critical GoAnywhere MFT flaw; admins urged to restrict internet exposure of Admin Console
Fortra has issued patches for a critical GoAnywhere MFT vulnerability (CVE-2025-10035) that could enable remote command injection via deserialization. The company urges administrators to secure Admin Console access and apply the latest updates, as Shadowserver tracks hundreds of GoAnywhere instances and exposure continues to be a concern.
-
ESET: Gamaredon and Turla Coordinating Campaign Targets Ukrainian Institutions, Deploying Kazuar Backdoor
Security researchers have identified a coordinated campaign between Gamaredon and Turla targeting Ukrainian entities, with Kazuar backdoor deployments signaling active collaboration and evolving tactics across multiple campaigns in early 2025.
