Recent investigations have revealed a sophisticated malware campaign deploying a remote access trojan (RAT) called AsyncRAT, utilizing Python payloads and TryCloudflare tunnels for distribution. Forcepoint X-Labs researcher Jyotika Singh indicated that AsyncRAT capitalizes on the async/await programming model, allowing attackers to covertly access and manipulate infected systems, exfiltrate data, and…
On Tuesday, Microsoft rolled out security updates addressing a total of 57 vulnerabilities, including six that have been actively exploited in the wild. These updates are particularly crucial for organizations concerned about potential security breaches, as they rectify flaws that could be leveraged by malicious actors. Among the 57 identified…
Major Security Flaw Discovered in Microsoft Azure’s Identity Management System Over the past decade, a significant transition has occurred in how businesses manage their digital infrastructures, shifting from self-hosted servers to cloud services. This change has allowed many organizations to benefit from the advanced security features offered by key cloud…
In a recent advisory, the Ukrainian government alerted that “massive cyberattacks” are imminent, targeting the critical infrastructure of Ukraine and its allies. The Ministry of Defense’s Main Directorate of Intelligence (GUR) has identified the energy sector as a primary target. The agency indicated that these cyberattacks would likely be designed…
Cybercrime, Fraud Management & Cybercrime Colt Services Faces Ongoing Outages; Finland Charges U.S. National in Vastaamo Hack Anviksha More (AnvikshaMore) • September 18, 2025 Image: Shutterstock/ISMG Each week, Information Security Media Group compiles cybersecurity incidents worldwide. Recently, Microsoft dealt a significant blow to RaccoonO365, outages at Colt Technology Services continue,…
High-Severity Vulnerabilities Discovered in Ruby-SAML Library, Posing Authentication Risks Two significant security vulnerabilities have been identified in the open-source ruby-saml library, which poses a risk of allowing malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections. The discovered vulnerabilities are classified as CVE-2025-25291 and CVE-2025-25292, carrying a high…
The current landscape of cybersecurity reveals that even the smallest vulnerabilities can precipitate significant breaches. Exposing an encryption key, neglecting a minor software update, or leaving a cloud storage bucket unsecured may seem trivial, yet these factors can become major gateways for cyber attacks. This week, instances of cybercriminals exploiting…
A subgroup of the notorious Russian state-sponsored hacking entity known as Sandworm has been linked to a persistent global access operation, termed BadPilot, which has been under way for several years. The Microsoft Threat Intelligence team recently disclosed this in a report, emphasizing the group’s strategy of compromising internet-facing infrastructure…
Microsoft Disrupts ‘RaccoonO365’ Phishing Service In a significant development in the cybersecurity landscape, Microsoft has announced the dismantling of the ‘RaccoonO365’ phishing service, a notable player in the realm of cybercrime. This disruptive action targets a sophisticated network that has been implicated in various phishing attacks, with an emphasis on…
