Vulnerabilities
-
Zero‑day FreePBX vulnerability exploited in the wild; active exploitation prompts urgent security advisories
Administrators of FreePBX are urged to upgrade and restrict access after a zero-day vulnerability (CVE-2025-57819) was actively exploited on public-facing systems, with a maximum CVSS score of 10.0 and multiple indicators of compromise identified.
-
Nx supply-chain attack: Malicious npm packages exfiltrate credentials and tokens
Security researchers say a supply-chain attack on the nx build system led to malicious nx npm packages that exfiltrated credentials and tokens. The breach was tied to a vulnerable PR workflow and elevated GitHub permissions, prompting widespread token rotation and intensified vendor-targeted remediation.
-
Storm-0501 Debuts Brutal Hybrid Ransomware Attack Chain, Microsoft Warns
Microsoft Threat Intelligence warns Storm-0501 has deployed a brutal hybrid ransomware chain, exploiting hijacked privileged accounts to pivot between on‑prem and cloud, exfiltrate data, delete backups and encrypt remaining cloud resources, pressuring victims to pay or face potential shutdown.
-
ShadowSilk Expands Target Reach to Central Asia and APAC Government Agencies, 36 Victims Identified, Group-IB Says
A new threat cluster named ShadowSilk has targeted government entities across Central Asia and the Asia-Pacific region, with Group-IB reporting 36 identified victims. The operation blends Russian- and Chinese-speaking actors, uses spear-phishing and Telegram-based C2, and leverages a broad toolkit to exfiltrate data from government networks.
-
Farmers Insurance says 1.1 million customers affected by data breach tied to Salesforce attack wave
Farmers Insurance says 1.1 million customers were affected by a data breach at a third‑party vendor, tied to a broader Salesforce data‑theft campaign. The incident exposed names, addresses, birth dates, driver’s licenses, and last‑four digits of SSNs, with notices issued starting in August and Maine officials confirming more than 1.1 million total affected across notices.
-
Auchan data breach exposes loyalty data of hundreds of thousands of customers
French retailer Auchan disclosed a cyberattack that exposed the personal data of hundreds of thousands of loyalty-account holders, including names, addresses, emails, phone numbers, and loyalty card numbers, while bank data and PINs were not affected. The company has notified CNIL and urged vigilance against phishing.
-
Critical Docker Desktop vulnerability could let attackers hijack Windows hosts, researchers say
A critical vulnerability in Docker Desktop for Windows and macOS could allow attackers to hijack the host by running a malicious container, even with Enhanced Container Isolation, tracked as CVE-2025-9074 (SSRF) and rated 9.3. The flaw has been patched in Docker Desktop 4.44.3, after demonstrations of a PoC that could access the Docker Engine from…
-
Cheap VPS Hijacking Drives New Wave of SaaS-Based Business Email Compromises, Darktrace Finds
A Darktrace security report details a new wave of attacks where criminals rent cheap VPS services to hijack business email accounts, bypass traditional defenses, and establish covert, long-term access through subtle inbox rules.
-
Malicious Go module masquerades as SSH brute-forcer, exfiltrates credentials via Telegram bot, researchers say
Security researchers have identified a malicious Go module masquerading as an SSH brute-force tool that quietly exfiltrates credentials to a threat actor via Telegram. The module, golang-random-ip-ssh-bruteforce, targets random SSH services, disables host key verification, and relays harvested data to a Telegram bot, highlighting ongoing software supply chain and credential theft risks.
-
China-linked Murky Panda exploits cloud trust to move laterally, CrowdStrike finds
A CrowdStrike 2025 Threat Hunting Report finds a 136% increase in cloud intrusions, driven by Murky Panda’s use of zero-day exploits and, more notably, their manipulation of trusted cloud relationships to move from SaaS providers into downstream customer environments, with links to a February 2025 breach of Commvault’s Microsoft Azure cloud environment highlighted as a…
