Artificial Intelligence & Machine Learning, Cybercrime as-a-service, Fraud Management & Cybercrime WormGPT 4 Offered at $50 Monthly; KawaiiGPT Now Open Source Rashmi Ramesh (@rashmiramesh_) • December 8, 2025 Image: Shutterstock A new wave of cybercrime-as-a-service offerings is emerging, featuring malicious large language models (LLMs) available for subscription on platforms like…
Mass Exploitation of SSRF Vulnerability in Ivanti Products A significant server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure and Policy Secure products has been widely exploited. Recent reports indicate that attacks are emanating from over 170 distinct IP addresses, indicating a coordinated effort to establish unauthorized access, including reverse…
The investigation into the SolarWinds supply chain attack continues to reveal significant findings, including the emergence of a new malware strain. Recent digital forensic analysis suggests that a different group of threat actors may be exploiting SolarWinds’ Orion software to deploy a similar persistent backdoor on compromised systems. According to…
A critical vulnerability has been identified in the SolarWinds Orion software, which may have been exploited by threat actors as a zero-day to deliver the SUPERNOVA malware across targeted environments. This discovery highlights significant risks for organizations utilizing this widely adopted system monitoring and management tool. The CERT Coordination Center…
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) included a recently patched security vulnerability affecting Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software in its Known Exploited Vulnerabilities (KEV) catalog. This update comes in response to indications that the flaw is being actively exploited in…
Recent cybersecurity research has uncovered intriguing potential connections between the notorious SolarWinds hack and a previously identified malware strain called Kazuar. Kaspersky’s latest analysis highlights overlapping features that suggest a link between the two malicious software architectures. The SolarWinds incident, disclosed in December 2020, was characterized by its unprecedented scale…
Mimecast Confirms Breach Linked to SolarWinds Cyberattack Mimecast, a prominent cloud-based email management provider, disclosed on Tuesday that a “sophisticated threat actor” had compromised one of its digital certificates integral to secure connections with Microsoft 365 Exchange. This alarming revelation emerged after Microsoft notified Mimecast of potential vulnerabilities. In response,…
Recent investigations have linked a malicious web shell deployed on Windows systems to a possible Chinese cyber threat group, following the exploitation of an undisclosed zero-day vulnerability in SolarWinds’ Orion network monitoring software. The cybersecurity firm Secureworks reported that this breach involved a web shell referred to as Supernova, which…
Cybersecurity Alert: Vulnerabilities Found in D-Link NAS Devices Open Doors to Exploitation Recent findings reveal that threat actors are actively exploiting security weaknesses affecting approximately 92,000 D-Link network-attached storage (NAS) devices exposed to the internet. The vulnerabilities, identified as CVE-2024-3272 and CVE-2024-3273, are categorized with high CVSS scores of 9.8…
