Risk
-
Amazon says APT29 attempted watering-hole attack to harvest Microsoft credentials; AWS says no systems affected
Amazon said it disrupted an APT29 watering-hole campaign aimed at harvesting Microsoft credentials, stressing that no AWS systems were compromised. The operation used spoofed Cloudflare pages and randomized redirects to trick users, with Google Threat Intelligence and AWS detailing evasion techniques and previous similar activity.
-
WhatsApp patches high-severity vulnerability tied to Apple zero-day in targeted attacks on iOS and macOS
WhatsApp has patched a high-severity vulnerability in its iOS and macOS apps (CVE-2025-55177) that could allow an attacker to process content from an arbitrary URL on a target device, potentially in conjunction with a separate Apple zero-day. Affected versions include iOS and Mac apps; targeted individuals have been notified and advised to reset devices and…
-
Abandoned Sogou Zhuyin Update Server Hijacked to Deliver Espionage Malware, TAOTH Campaign Reveals
A June 2025 reveal shows attackers hijacking an abandoned Sogou Zhuyin update server to deploy multiple spyware and backdoors (TOSHIS, DESFY, GTELAM, C6DOOR) in a campaign targeting East Asia and overseas Chinese communities, with phishing and OAuth abuse used to gain access to high-value targets.
-
High-severity authentication bypass patched in Passwordstate credential manager, vendor says
Click Studios has released a patch for Passwordstate to fix a high-severity authentication bypass vulnerability that could allow attackers to access the emergency access page and the admin area. The vulnerability affects Passwordstate deployments used by thousands of customers and security professionals, with a CVE identifier not yet assigned. The company has published a forum…
-
MathWorks reports ransomware breach exposed data of 10,476 individuals
MathWorks disclosed that a ransomware group stole the data of 10,476 individuals after breaching its network in April, prompting outages affecting MFA, SSO, and other services. The company has not named the ransomware operator, and authorities note that a resolution or ransom payment, if any, remains undisclosed.
-
TransUnion breach affects 4.46 million; third-party app exposed personal data, not credit records
TransUnion disclosed a cyber incident affecting about 4.46 million individuals via a third-party application used by its US consumer-support operations. The breach did not touch core credit data, but exposed limited personal information, with victims offered two years of credit monitoring and fraud assistance.
-
Nx supply-chain attack: Malicious npm packages exfiltrate credentials and tokens
Security researchers say a supply-chain attack on the nx build system led to malicious nx npm packages that exfiltrated credentials and tokens. The breach was tied to a vulnerable PR workflow and elevated GitHub permissions, prompting widespread token rotation and intensified vendor-targeted remediation.
-
Sweden hit by cyberattack on municipal IT supplier Miljödata, disrupting services for more than 200 municipalities
A cyberattack on Miljödata disrupted access to municipal IT systems across more than 200 regions in Sweden, with reports of potential data leakage and a ransom demand tied to the incident.
-
Storm-0501 Debuts Brutal Hybrid Ransomware Attack Chain, Microsoft Warns
Microsoft Threat Intelligence warns Storm-0501 has deployed a brutal hybrid ransomware chain, exploiting hijacked privileged accounts to pivot between on‑prem and cloud, exfiltrate data, delete backups and encrypt remaining cloud resources, pressuring victims to pay or face potential shutdown.
-
ShadowSilk Expands Target Reach to Central Asia and APAC Government Agencies, 36 Victims Identified, Group-IB Says
A new threat cluster named ShadowSilk has targeted government entities across Central Asia and the Asia-Pacific region, with Group-IB reporting 36 identified victims. The operation blends Russian- and Chinese-speaking actors, uses spear-phishing and Telegram-based C2, and leverages a broad toolkit to exfiltrate data from government networks.
