News
-
Researchers warn of DOM-based extension clickjacking in password managers
Security researchers at DEF CON 33 revealed a DOM-based extension clickjacking flaw affecting popular password-manager browser extensions, capable of stealing credentials, 2FA codes, and more with a single click on a malicious page; Bitwarden has issued a fix, and others are in progress, with guidance to disable auto-fill until patches are deployed.
-
Static Tundra: Russia-linked group exploits Cisco flaw to maintain long-term access to global networks, researchers say
A Russian state-sponsored group known as Static Tundra has been quietly compromising network devices worldwide for over a decade, exploiting a seven-year-old Cisco vulnerability to steal data and maintain access, according to Cisco Talos Intelligence.
-
Hackers exploit trusted Microsoft redirects and ADFS to steal Microsoft 365 logins, researchers say
Researchers describe a phishing campaign that uses legitimate office.com redirects and a misconfigured Microsoft tenant with ADFS to harvest Microsoft 365 credentials, bypassing some security controls. The attack chain begins with a misleading Google ad for “Office 265,” redirects through Office to a phantom domain, and uses conditional access restrictions to conceal the page from…
-
DripDropper Linux malware patches exploited flaw to lock out rivals, Red Canary says
Red Canary researchers describe DripDropper, a Linux malware that exploits Apache ActiveMQ CVE-2023-46604 to gain access to cloud servers, then patches the vulnerability to keep rivals out and maintain control, using Sliver for persistence and Dropbox as a command channel.
-
Commvault patches four on-prem vulnerabilities tied to remote code execution chains
Commvault has fixed four on-prem vulnerabilities that could enable unauthenticated attackers to compromise deployments and chain to remote code execution, according to findings from watchTowr Labs.
-
Inotiv ransomware attack disrupts operations as Qilin claims data theft
Inotiv, an Indiana-based contract research organization, disclosed a ransomware incident on August 8, 2025 that encrypted some systems and data, disrupting operations. The company engaged external security experts, notified law enforcement, and said it is restoring networks while a Qilin ransomware gang claims to have stolen hundreds of thousands of files and published data samples.
-
Business Council of New York State discloses data breach affecting 47,329 people
The Business Council of New York State disclosed a February data breach affecting 47,329 individuals, exposing a broad range of personal, financial and health information. The intrusion was detected in August, and BCNYS has offered free credit monitoring to those affected while it investigates the incident.
-
UK Drops Apple Backdoor Mandate as U.S. Vows to Protect Americans’ Civil Liberties over Encryption
The U.K. reportedly abandoned a government plan to compel Apple to weaken encryption and enable a backdoor, signaling a shift in how authorities approach access to encrypted data while U.S. officials emphasize protecting civil liberties for Americans.
-
State-sponsored XenoRAT campaign targets South Korean embassies, researchers say
A Trellix-led analysis describes a multi-phase, state-sponsored XenoRAT espionage campaign targeting South Korean embassies, with links to North Korea’s Kimsuky and indications of possible China-based sponsorship. The operation has conducted at least 19 spearphishing attacks since March, delivering XenoRAT via password-protected ZIP archives and complex, multilingual lures.
-
Source-code leak exposes ERMAC Android banking trojan infrastructure, researchers say
The ERMAC Android banking trojan v3 source code was leaked online, exposing its backend, panel, and exfiltration infrastructure and signaling an expanded targeting scope of over 700 apps, along with notable operational security lapses that could invite further risk from other threat actors.
