Risk
-
Source-code leak exposes ERMAC Android banking trojan infrastructure, researchers say
The ERMAC Android banking trojan v3 source code was leaked online, exposing its backend, panel, and exfiltration infrastructure and signaling an expanded targeting scope of over 700 apps, along with notable operational security lapses that could invite further risk from other threat actors.
-
PipeMagic backdoor used in RansomExx attacks tied to patched Windows vulnerability CVE-2025-29824
Security researchers say the PipeMagic backdoor, used in RansomExx attacks, exploits a patched Windows vulnerability (CVE-2025-29824) and leverages a modular loader to deploy additional payloads, with activity spanning Saudi Arabia, Brazil and beyond.
-
N-able N-central: More Than 800 On-Premises Servers Remain Unpatched as Two Critical Flaws See Active Exploitation
More than 800 N-able N-central servers remain unpatched against two critical, actively exploited flaws (CVE-2025-8875 and CVE-2025-8876), prompting federal and private-sector action as researchers warn that thousands of instances remain exposed online. Patch guidance and regulatory responses are being rolled out as investigations continue into the scope of exploitation.
-
Workday says data breach tied to Salesforce-related social engineering campaign, broader breach wave observed
Workday disclosed a data breach after attackers gained access to a third-party CRM platform via a social engineering campaign. While customer tenants were not affected, some business contact information was exposed. The incident appears linked to a broader Salesforce data-theft campaign attributed to the ShinyHunters group, with Workday noting the discovery on August 6.
-
Taiwan Web Infrastructure Targeted by UAT-7237, Cisco Talos Says
Cisco Talos links a China-aligned APT cluster, UAT-7237, to attacks on Taiwan’s web infrastructure, using customized open-source tooling and a SoundBill shellcode loader to deploy backdoors and credentials-stealing utilities. The operation, active since 2022 and considered a sub-group of UAT-5918, also employs VPN persistence and RDP access, with updates to embed Mimikatz and broader lateral…
-
NIST proposes AI security overlays built on SP 800-53, invites public feedback
NIST published a concept paper proposing a framework of AI security overlays built on SP 800-53 and opened a public call for input, detailing use cases like generative, predictive, and agentic AI while inviting feedback through COSAIS channels.
-
Colt Technology Services says cyber incident disrupted customer portal and Voice API; no evidence of data breach reported
Colt Technology Services disclosed a cyber incident that disrupted its customer portal and internal systems, with no confirmed evidence of data breach. The company has engaged cyber experts and is restoring services, while updating customers via its status page. Separately, a ransomware group claimed to have stolen Colt documents, a claim awaiting verification.
-
Norway says pro-Russian hackers sabotaged Bremanger dam to demonstrate capabilities
Norwegian authorities accuse pro-Russian hackers of taking control of Bremanger dam’s operations and opening outflow valves in what officials describe as a demonstration of Moscow’s ability to disrupt critical infrastructure, prompting warnings about hybrid threats.
-
Unicode homoglyph phishing campaign uses Japanese character to spoof Booking.com, delivering MSI malware
Security researchers warn of a phishing campaign that uses the Japanese character ん to visually imitate Booking.com in order to redirect users to a lookalike domain and deliver MSI malware; a separate Lntuit/Intuit-themed campaign is also observed, underscoring the evolving use of homoglyphs in brand impersonation and malware delivery.
-
Canada’s House of Commons Investigates Data Breach Tied to Reported Microsoft Vulnerability Exploitation
Canada’s House of Commons is investigating a data breach after a cyberattack reportedly exposed employee information. The Cyber Centre is assisting, and authorities caution that attribution remains complex. The incident comes as Canada and other nations grapple with recently disclosed Microsoft vulnerabilities, including CVE-2025-53770 (ToolShell) and CVE-2025-53786, which have seen active exploitation by various threat…
