Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Check Point Reports Critical Vulnerability in Cursor Patched Days After Discovery Rashmi Ramesh (rashmiramesh_) • August 6, 2025 A pertinent security vulnerability identified in the AI-driven coding environment known as Cursor has raised alarms within the cybersecurity community. Research from…
India Faces Unprecedented Data Breach Costs, Reveals IBM Report Bengaluru, India—August 7, 2025—IBM’s latest Cost of a Data Breach Report highlights a concerning trend for organizations in India, with the average cost of data breaches soaring to INR 220 million this year, reflecting a 13% increase from 2024. This surge…
Cybersecurity researchers have revealed new insights into MDifyLoader, a malware recently linked to cyber attacks exploiting security weaknesses in Ivanti Connect Secure (ICS) appliances. A report from JPCERT/CC highlights that threat actors have exploited vulnerabilities CVE-2025-0282 and CVE-2025-22457 between December 2024 and July 2025 to deploy MDifyLoader, which is then utilized to initiate in-memory Cobalt Strike operations. CVE-2025-0282 is a critical vulnerability allowing unauthenticated remote code execution, addressed by Ivanti in January 2025. Meanwhile, CVE-2025-22457, patched in February 2025, involves a stack-based buffer overflow potentially enabling arbitrary code execution. Previous findings indicate that CVE-2025-0282 was actively weaponized in the wild as a zero-day beginning in mid-December 2024, facilitating the delivery of various malware families.
Ivanti Vulnerabilities Exploited to Deploy MDifyLoader and Initiate In-Memory Cobalt Strike Attacks In a recent cybersecurity report released by JPCERT/CC, researchers have uncovered a sophisticated new malware strain known as MDifyLoader, which is linked to a series of cyber incursions targeting Ivanti Connect Secure (ICS) appliances. The findings detail how…
Cybersecurity researchers have revealed new insights into MDifyLoader, a malware recently linked to cyber attacks exploiting security weaknesses in Ivanti Connect Secure (ICS) appliances. A report from JPCERT/CC highlights that threat actors have exploited vulnerabilities CVE-2025-0282 and CVE-2025-22457 between December 2024 and July 2025 to deploy MDifyLoader, which is then utilized to initiate in-memory Cobalt Strike operations. CVE-2025-0282 is a critical vulnerability allowing unauthenticated remote code execution, addressed by Ivanti in January 2025. Meanwhile, CVE-2025-22457, patched in February 2025, involves a stack-based buffer overflow potentially enabling arbitrary code execution. Previous findings indicate that CVE-2025-0282 was actively weaponized in the wild as a zero-day beginning in mid-December 2024, facilitating the delivery of various malware families.
Cyber Threats / Weekly Overview
This week’s cybersecurity landscape reads like a thrilling spy film. Hackers are infiltrating rival operations, stealthy malware lurks in widely-used software, and AI-driven scams are outsmarting even the brightest minds. Meanwhile, defenders are dismantling illicit online markets and shutting down dubious chat rooms, while major corporations scramble to patch vulnerabilities before attackers can exploit them. Curious about who’s targeting whom, the tactics they’re using, and the countermeasures in play? Keep reading—this recap has all the details.
Picture this: one hacking group infiltrates another’s covert operations to launch their own attacks. That’s the scenario unfolding as the Russia-linked Turla group has been leveraging the infrastructure of a Pakistani hacking team, Storm-0156, since December 2022. By breaching their servers, Turla is now spying on governmental and military entities in Afghanistan and India.
Cybersecurity Weekly Recap: December 2 – 8, 2024 In the ever-evolving landscape of cybersecurity, recent developments have painted a picture reminiscent of a high-stakes espionage narrative. Cybercriminals have escalated their tactics, infiltrating not only vulnerable systems but also each other’s operations, while defenders are stepping up their efforts against emerging…
Cyber Threats / Weekly Overview
This week’s cybersecurity landscape reads like a thrilling spy film. Hackers are infiltrating rival operations, stealthy malware lurks in widely-used software, and AI-driven scams are outsmarting even the brightest minds. Meanwhile, defenders are dismantling illicit online markets and shutting down dubious chat rooms, while major corporations scramble to patch vulnerabilities before attackers can exploit them. Curious about who’s targeting whom, the tactics they’re using, and the countermeasures in play? Keep reading—this recap has all the details.
Picture this: one hacking group infiltrates another’s covert operations to launch their own attacks. That’s the scenario unfolding as the Russia-linked Turla group has been leveraging the infrastructure of a Pakistani hacking team, Storm-0156, since December 2022. By breaching their servers, Turla is now spying on governmental and military entities in Afghanistan and India.
OpenAI’s Connectors Exposed: Researchers Uncover Vulnerability Recent developments in the realm of generative AI have caught the attention of cybersecurity experts, particularly regarding OpenAI’s ChatGPT. Unlike traditional chatbots, these AI models can connect with various data sources to provide tailored responses. ChatGPT, for instance, can access your Gmail, delve into…
Data Security Insikt Group Reveals Spyware Clusters in Hungary and Saudi Arabia Akshaya Asokan (asokan_akshaya) • August 6, 2025 Image: Shutterstock Recent investigations led by the Insikt Group of Recorded Future have unveiled a new cluster of malware linked to the Israeli spyware company Candiru. This development suggests the possibility…
Surge in Cybercrime: Alarming Trends in Ransomware and Infostealer Attacks Recent research highlights a significant escalation in cybercrime activity throughout 2025, characterized by substantial increases across various types of threats. Notably, there has been a staggering 800% rise in credential theft attributed to information-stealing malware, defining identity theft as a…
July 20, 2025
Vulnerability / Threat Intelligence
A recently identified critical vulnerability in CrushFTP is now being actively exploited. Designated CVE-2025-54309, this flaw has a CVSS score of 9.0. According to the NIST National Vulnerability Database, “CrushFTP versions 10 prior to 10.8.5 and 11 prior to 11.3.4_23, when the DMZ proxy feature is not in use, improperly handles AS2 validation, enabling remote attackers to gain admin access via HTTPS.” CrushFTP reported detecting the first zero-day exploitation of this vulnerability on July 18, 2025, at 9 a.m. CST, although they noted that it might have been weaponized earlier. The company explained, “The attack vector utilized HTTP(S) to exploit the server. While we had addressed a separate AS2-related issue in HTTP(S), we did not realize that a previous bug could be exploited in this manner. It seems hackers observed our code changes and took advantage of them.”
Exploit of Critical Vulnerability in CrushFTP Grants Unauthorized Admin Access On July 20, 2025, cybersecurity experts reported that a serious security vulnerability in CrushFTP has been actively exploited. This vulnerability, identified as CVE-2025-54309, has been assigned a CVSS score of 9.0, indicating its critical nature. The vulnerability affects versions of…
July 20, 2025
Vulnerability / Threat Intelligence
A recently identified critical vulnerability in CrushFTP is now being actively exploited. Designated CVE-2025-54309, this flaw has a CVSS score of 9.0. According to the NIST National Vulnerability Database, “CrushFTP versions 10 prior to 10.8.5 and 11 prior to 11.3.4_23, when the DMZ proxy feature is not in use, improperly handles AS2 validation, enabling remote attackers to gain admin access via HTTPS.” CrushFTP reported detecting the first zero-day exploitation of this vulnerability on July 18, 2025, at 9 a.m. CST, although they noted that it might have been weaponized earlier. The company explained, “The attack vector utilized HTTP(S) to exploit the server. While we had addressed a separate AS2-related issue in HTTP(S), we did not realize that a previous bug could be exploited in this manner. It seems hackers observed our code changes and took advantage of them.”
Cybersecurity researchers have identified a new iteration of the ZLoader malware that utilizes Domain Name System (DNS) tunneling for command-and-control (C2) communications, showcasing that threat actors are actively enhancing their toolset after its reappearance a year ago. “Zloader version 2.9.4.0 features significant improvements, including a custom DNS tunnel protocol for C2 communications and an interactive shell supporting over a dozen commands, potentially aiding in ransomware attacks,” Zscaler ThreatLabz noted in a report released on Tuesday. “These enhancements provide added resilience against detection and mitigation efforts.” ZLoader, also known as Terdot, DELoader, or Silent Night, functions as a malware loader capable of deploying subsequent payloads. Following the shutdown of its infrastructure, malware campaigns distributing ZLoader were observed again for the first time in nearly two years in September 2023.
ZLoader Malware Resurfaces Utilizing DNS Tunneling for C2 Communications On December 11, 2024, cybersecurity experts reported the emergence of an updated version of the ZLoader malware, which now employs a Domain Name System (DNS) tunneling technique for its command-and-control (C2) communications. This advancement illustrates a continued evolution of this malicious…
Cybersecurity researchers have identified a new iteration of the ZLoader malware that utilizes Domain Name System (DNS) tunneling for command-and-control (C2) communications, showcasing that threat actors are actively enhancing their toolset after its reappearance a year ago. “Zloader version 2.9.4.0 features significant improvements, including a custom DNS tunnel protocol for C2 communications and an interactive shell supporting over a dozen commands, potentially aiding in ransomware attacks,” Zscaler ThreatLabz noted in a report released on Tuesday. “These enhancements provide added resilience against detection and mitigation efforts.” ZLoader, also known as Terdot, DELoader, or Silent Night, functions as a malware loader capable of deploying subsequent payloads. Following the shutdown of its infrastructure, malware campaigns distributing ZLoader were observed again for the first time in nearly two years in September 2023.
