A cyberattack targeting Bouygues Telecom has led to the exposure of sensitive data for approximately 6.4 million customers. Learn about the compromised information and measures you can take to safeguard yourself against potential scams, as the company cautions customers to remain vigilant. Bouygues Telecom, a leading telecommunications provider in France…
Next-Generation Technologies & Secure Development, Threat Detection Presented by Harness 60 Minutes Recent statistics reveal that 53% of internet traffic is now generated by bots, many of which utilize artificial intelligence to closely mimic human behavior. These sophisticated bots extend far beyond simple scraping techniques; they are designed to circumvent…
📅 July 28, 2025
Some threats don’t breach the perimeter—they slip in through signed software, polished resumes, or approved vendors that remain hidden in plain sight. This week, the most significant dangers weren’t the ones making the most noise—they were the ones that looked the most legitimate. In a landscape where identity, trust, and tools are interconnected, the strongest attack vectors often appear entirely credible. Security teams now face the challenge of defending systems not only from intrusions but from the very essence of trust being weaponized.
⚡ Threat of the Week Microsoft SharePoint Breaches Linked to China — The repercussions of an attack wave targeting vulnerabilities in on-premises Microsoft SharePoint servers continue to intensify a week after the discovery of zero-day exploits, with over 400 organizations worldwide affected. These attacks have been connected to two notorious Chinese hacking groups, Linen Typhoon (APT27) and Violet Typhoon (APT31), along with a suspected China-based threat actor known as Storm-2603.
Weekly Recap — SharePoint Breach, Spyware, IoT Hijacks, DPRK Fraud, Crypto Drains, and More July 28, 2025 Cybersecurity threats are increasingly sneaking through the back door, penetrating defenses via seemingly legitimate vectors such as signed software, polished resumes, and authorized vendors that often remain unnoticed. This week underscored that the…
📅 July 28, 2025
Some threats don’t breach the perimeter—they slip in through signed software, polished resumes, or approved vendors that remain hidden in plain sight. This week, the most significant dangers weren’t the ones making the most noise—they were the ones that looked the most legitimate. In a landscape where identity, trust, and tools are interconnected, the strongest attack vectors often appear entirely credible. Security teams now face the challenge of defending systems not only from intrusions but from the very essence of trust being weaponized.
⚡ Threat of the Week Microsoft SharePoint Breaches Linked to China — The repercussions of an attack wave targeting vulnerabilities in on-premises Microsoft SharePoint servers continue to intensify a week after the discovery of zero-day exploits, with over 400 organizations worldwide affected. These attacks have been connected to two notorious Chinese hacking groups, Linen Typhoon (APT27) and Violet Typhoon (APT31), along with a suspected China-based threat actor known as Storm-2603.
Google Data Breach: Business User Information Compromised In a recent announcement, Google confirmed that a cyberattack attributed to the ShinyHunters ransomware group has led to unauthorized access of business user data within its corporate databases. The breach specifically targeted a Salesforce system that stores contact information for small and medium-sized…
CISA Adds Active Citrix NetScaler CVE-2025-5777 to KEV Catalog as Threat to Enterprises
July 11, 2025
Network Security / Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included a critical vulnerability affecting Citrix NetScaler ADC and Gateway in its Known Exploited Vulnerabilities (KEV) catalog, signaling that this flaw has been actively exploited. The identified vulnerability, CVE-2025-5777 (CVSS score: 9.3), arises from insufficient input validation, allowing attackers to bypass authentication on appliances configured as Gateway or AAA virtual servers. Dubbed Citrix Bleed 2 due to its resemblance to Citrix Bleed (CVE-2023-4966), CISA noted, “Citrix NetScaler ADC and Gateway are susceptible to an out-of-bounds read vulnerability, which can result in memory overread when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.” The agency emphasized the importance of addressing vulnerabilities like CVE-2025-5777 to safeguard enterprise systems.
CISA Includes Citrix NetScaler CVE-2025-5777 in KEV Catalog as Active Threats Targeting Enterprises On July 11, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially added a critical vulnerability affecting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities (KEV) catalog. This alert marks the recognition that the…
CISA Adds Active Citrix NetScaler CVE-2025-5777 to KEV Catalog as Threat to Enterprises
July 11, 2025
Network Security / Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included a critical vulnerability affecting Citrix NetScaler ADC and Gateway in its Known Exploited Vulnerabilities (KEV) catalog, signaling that this flaw has been actively exploited. The identified vulnerability, CVE-2025-5777 (CVSS score: 9.3), arises from insufficient input validation, allowing attackers to bypass authentication on appliances configured as Gateway or AAA virtual servers. Dubbed Citrix Bleed 2 due to its resemblance to Citrix Bleed (CVE-2023-4966), CISA noted, “Citrix NetScaler ADC and Gateway are susceptible to an out-of-bounds read vulnerability, which can result in memory overread when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.” The agency emphasized the importance of addressing vulnerabilities like CVE-2025-5777 to safeguard enterprise systems.
On November 8, 2024, IoT Security / Vulnerability
The creators of the AndroxGh0st malware are now exploiting a wider range of security vulnerabilities affecting various internet-facing applications, while also deploying the Mozi botnet. According to a recent report by CloudSEK, this botnet employs remote code execution and credential theft techniques to maintain ongoing access, using unpatched vulnerabilities to infiltrate critical infrastructures.
AndroxGh0st is a Python-based attack tool specifically designed to target Laravel applications, aiming to extract sensitive data related to services such as Amazon Web Services (AWS), SendGrid, and Twilio. Active since at least 2022, it has previously exploited vulnerabilities in the Apache web server (CVE-2021-41773), Laravel Framework (CVE-2018-15133), and PHPUnit (CVE-2017-9841) to gain initial access, escalate privileges, and maintain persistent control over compromised systems. Earlier this January, U.S. cybersecurity and intelligence agencies…
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services November 8, 2024 In a notable escalation of cyber threats, the creators of AndroxGh0st malware are now exploiting a wider range of security vulnerabilities affecting numerous internet-facing applications. This malicious software has recently adopted the Mozi botnet, a tool…
On November 8, 2024, IoT Security / Vulnerability
The creators of the AndroxGh0st malware are now exploiting a wider range of security vulnerabilities affecting various internet-facing applications, while also deploying the Mozi botnet. According to a recent report by CloudSEK, this botnet employs remote code execution and credential theft techniques to maintain ongoing access, using unpatched vulnerabilities to infiltrate critical infrastructures.
AndroxGh0st is a Python-based attack tool specifically designed to target Laravel applications, aiming to extract sensitive data related to services such as Amazon Web Services (AWS), SendGrid, and Twilio. Active since at least 2022, it has previously exploited vulnerabilities in the Apache web server (CVE-2021-41773), Laravel Framework (CVE-2018-15133), and PHPUnit (CVE-2017-9841) to gain initial access, escalate privileges, and maintain persistent control over compromised systems. Earlier this January, U.S. cybersecurity and intelligence agencies…
With the increasing prevalence of contactless payment systems, thefts involving portable point-of-sale (POS) devices are resurging. These thefts, characterized by their rapid execution, are often difficult to detect. Business owners must consider the real risks posed by these scams and explore effective ways to mitigate them. Recent Incident in Sorrento…
Roger Grimes Joins KnowBe4 as Data-Driven Defense Evangelist Expertise Brought by a Veteran in Computer Security In a notable move for cybersecurity awareness, Roger A. Grimes has taken on the role of Data-Driven Defense Evangelist at KnowBe4. With over 35 years of experience in the field of computer security, Grimes…
Hacking News / Cybersecurity
Malware is evolving—it’s no longer just hiding in the shadows but actively seeking to blend in. We’re witnessing code that mimics our language, logs activity like us, and even documents itself as if it were a supportive team member. Nowadays, some threats resemble developer tools more than straightforward exploits, while others gain credibility from open-source projects or are constructed using AI-generated snippets. It’s not only about being malicious; it’s about being convincingly so. In this week’s cybersecurity recap, we delve into how modern threats are becoming more sociable, automated, and alarmingly sophisticated—far too clever for yesterday’s defense tactics to address.
Secret Blizzard Conducts ISP-Level AitM Attacks to Deploy ApolloShadow
Russian cyberspies are leveraging local internet service providers’ networks to target foreign embassies in Moscow, potentially gathering intelligence from the devices of diplomats. This activity has been traced to the Russian advanced persistent threat (APT) group known as Secret Blizzard (also referred to as Turla). It likely involves employing adversary-in-the-middle tactics…
Cybersecurity Weekly Recap: Notable Threats and Trends Date: August 4, 2025 Source: Hacking News / Cybersecurity In today’s evolving landscape of cybersecurity, malware is adopting an unexpected approach. Rather than simply evading detection, modern threats are increasingly designed to integrate seamlessly into their environments. They mimic human behavior, with the…
Hacking News / Cybersecurity
Malware is evolving—it’s no longer just hiding in the shadows but actively seeking to blend in. We’re witnessing code that mimics our language, logs activity like us, and even documents itself as if it were a supportive team member. Nowadays, some threats resemble developer tools more than straightforward exploits, while others gain credibility from open-source projects or are constructed using AI-generated snippets. It’s not only about being malicious; it’s about being convincingly so. In this week’s cybersecurity recap, we delve into how modern threats are becoming more sociable, automated, and alarmingly sophisticated—far too clever for yesterday’s defense tactics to address.
Secret Blizzard Conducts ISP-Level AitM Attacks to Deploy ApolloShadow
Russian cyberspies are leveraging local internet service providers’ networks to target foreign embassies in Moscow, potentially gathering intelligence from the devices of diplomats. This activity has been traced to the Russian advanced persistent threat (APT) group known as Secret Blizzard (also referred to as Turla). It likely involves employing adversary-in-the-middle tactics…
