Streaming Service Vulnerabilities Exposed at Defcon Conference Recent revelations at the Defcon security conference in Las Vegas have shed light on critical vulnerabilities present in some streaming platforms, particularly those utilized for corporate broadcasts and sports live streams. Leading streaming…
Data Breach Notification, Data Privacy, Data Security Lawmakers Press UnitedHealth Group for Clarification Following New Breach Marianne Kolbasuk McGee (HealthInfoSec) • August 7, 2025 Recent developments have placed UnitedHealth Group (UHG) in a precarious position following the revelation of a…
Scattered Spider Compromises VMware ESXi to Launch Ransomware Against Critical U.S. Infrastructure
July 28, 2025
Cyber Attack / Ransomware
The infamous cybercrime group Scattered Spider is targeting VMware ESXi hypervisors in a series of attacks against the retail, airline, and transportation sectors in North America. According to an in-depth analysis by Google’s Mandiant team, “The group’s core tactics remain unchanged and do not depend on software exploits. Instead, they employ a strategic playbook that primarily involves phone calls to IT help desks.” The actors are described as aggressive and innovative, particularly adept at using social engineering to bypass even robust security systems. Their operations are precision-driven campaigns focused on the most critical systems and data of their victims. Also known as 0ktapus, Muddled Libra, Octo Tempest, and UNC3944, these threat actors have a track record of executing sophisticated social engineering tactics to gain initial access to target environments, subsequently employing a “living-off-the-land” (LotL) strategy by leveraging trusted administrative tools.
Scattered Spider Breaches VMware ESXi to Launch Ransomware Attacks on Critical U.S. Infrastructure July 28, 2025 In a concerning escalation of cyber threats, the cybercriminal group known as Scattered Spider has been orchestrating targeted attacks on VMware ESXi hypervisors, primarily…
Computer code and text displayed on computer screens. Photographer: Chris Ratcliffe/Bloomberg © 2021 Bloomberg Finance LP Data breaches pose significant threats to individuals and businesses alike, often resulting in identity theft and associated financial damages. In 2023 alone, approximately 5.5…
Cybersecurity experts have unveiled a new malware campaign known as CRON#TRAP, which infiltrates Windows systems through a Linux virtual machine that harbors a backdoor for remote access. The campaign initiates with a malicious Windows shortcut (LNK) file, typically distributed as a ZIP archive in phishing emails. Researchers Den Iuzvyk and Tim Peck from Securonix highlighted that the Linux instance is pre-configured with a backdoor that automatically connects to an attacker-controlled command-and-control (C2) server. This enables attackers to maintain a hidden presence on the compromised system, facilitating further malicious activities within a concealed environment, thus evading detection by traditional antivirus solutions. The phishing messages often disguise themselves as an “OneAmerica survey.”
New CRON#TRAP Malware Targets Windows Systems via Linux Virtual Machine, Evading Detection November 8, 2024 Cybersecurity experts have identified a sophisticated malware campaign dubbed CRON#TRAP that infiltrates Windows systems through a concealed Linux virtual machine (VM). This innovative approach allows…
A cyberattack targeting Bouygues Telecom has led to the exposure of sensitive data for approximately 6.4 million customers. Learn about the compromised information and measures you can take to safeguard yourself against potential scams, as the company cautions customers to…
Next-Generation Technologies & Secure Development, Threat Detection Presented by Harness 60 Minutes Recent statistics reveal that 53% of internet traffic is now generated by bots, many of which utilize artificial intelligence to closely mimic human behavior. These sophisticated bots extend…
📅 July 28, 2025
Some threats don’t breach the perimeter—they slip in through signed software, polished resumes, or approved vendors that remain hidden in plain sight. This week, the most significant dangers weren’t the ones making the most noise—they were the ones that looked the most legitimate. In a landscape where identity, trust, and tools are interconnected, the strongest attack vectors often appear entirely credible. Security teams now face the challenge of defending systems not only from intrusions but from the very essence of trust being weaponized.
⚡ Threat of the Week Microsoft SharePoint Breaches Linked to China — The repercussions of an attack wave targeting vulnerabilities in on-premises Microsoft SharePoint servers continue to intensify a week after the discovery of zero-day exploits, with over 400 organizations worldwide affected. These attacks have been connected to two notorious Chinese hacking groups, Linen Typhoon (APT27) and Violet Typhoon (APT31), along with a suspected China-based threat actor known as Storm-2603.
Weekly Recap — SharePoint Breach, Spyware, IoT Hijacks, DPRK Fraud, Crypto Drains, and More July 28, 2025 Cybersecurity threats are increasingly sneaking through the back door, penetrating defenses via seemingly legitimate vectors such as signed software, polished resumes, and authorized…
Google Data Breach: Business User Information Compromised In a recent announcement, Google confirmed that a cyberattack attributed to the ShinyHunters ransomware group has led to unauthorized access of business user data within its corporate databases. The breach specifically targeted a…
CISA Adds Active Citrix NetScaler CVE-2025-5777 to KEV Catalog as Threat to Enterprises
July 11, 2025
Network Security / Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included a critical vulnerability affecting Citrix NetScaler ADC and Gateway in its Known Exploited Vulnerabilities (KEV) catalog, signaling that this flaw has been actively exploited. The identified vulnerability, CVE-2025-5777 (CVSS score: 9.3), arises from insufficient input validation, allowing attackers to bypass authentication on appliances configured as Gateway or AAA virtual servers. Dubbed Citrix Bleed 2 due to its resemblance to Citrix Bleed (CVE-2023-4966), CISA noted, “Citrix NetScaler ADC and Gateway are susceptible to an out-of-bounds read vulnerability, which can result in memory overread when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.” The agency emphasized the importance of addressing vulnerabilities like CVE-2025-5777 to safeguard enterprise systems.
CISA Includes Citrix NetScaler CVE-2025-5777 in KEV Catalog as Active Threats Targeting Enterprises On July 11, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially added a critical vulnerability affecting Citrix NetScaler ADC and Gateway to its Known Exploited…
