Critical Infrastructure Security, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Threat Actor Maintains Long-Term Stealthy Access Prajeet Nair (@prajeetspeaks) • August 4, 2025 Image: Shutterstock A recent cybersecurity analysis reveals that Chinese nation-state hackers have infiltrated mobile telecommunications networks across Southeast Asia, ostensibly to track the locations of individuals,…
Agentic AI, Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Investment Fuels Development for Predictive, Autonomous Threat Defense Michael Novinson (MichaelNovinson) • August 1, 2025 Saket Modi, co-founder and CEO, Safe (Image: Safe) In a significant development within the cybersecurity landscape, Safe, a vendor specializing in cyber risk…
July 30, 2025
Vulnerability / Threat Intelligence
Threat actors have been found exploiting a critical SAP NetWeaver vulnerability, now patched, to introduce the Auto-Color backdoor in an April 2025 attack on a U.S.-based chemicals firm. According to a report from Darktrace shared with The Hacker News, the attacker accessed the company’s network over three days, attempted to download suspicious files, and communicated with infrastructure associated with the Auto-Color malware. The vulnerability, identified as CVE-2025-31324, is a severe unauthenticated file upload flaw in SAP NetWeaver that allows remote code execution (RCE) and was fixed by SAP in April. Auto-Color, first reported by Palo Alto Networks Unit 42 in February, operates similarly to a remote access trojan, providing remote access to compromised Linux systems. It has been linked to attacks against universities and government entities in North America and Asia between November and December 2024.
Hackers Exploit SAP Vulnerability to Target U.S. Chemical Company with Auto-Color Malware On July 30, 2025, cybersecurity experts reported a significant breach involving a critical vulnerability in SAP NetWeaver, previously patched by SAP. In an incident that unfolded over three days in April 2025, threat actors targeted a U.S.-based chemicals…
July 30, 2025
Vulnerability / Threat Intelligence
Threat actors have been found exploiting a critical SAP NetWeaver vulnerability, now patched, to introduce the Auto-Color backdoor in an April 2025 attack on a U.S.-based chemicals firm. According to a report from Darktrace shared with The Hacker News, the attacker accessed the company’s network over three days, attempted to download suspicious files, and communicated with infrastructure associated with the Auto-Color malware. The vulnerability, identified as CVE-2025-31324, is a severe unauthenticated file upload flaw in SAP NetWeaver that allows remote code execution (RCE) and was fixed by SAP in April. Auto-Color, first reported by Palo Alto Networks Unit 42 in February, operates similarly to a remote access trojan, providing remote access to compromised Linux systems. It has been linked to attacks against universities and government entities in North America and Asia between November and December 2024.
Access Management, Agentic AI, Identity & Access Management CyberArk Acquisition Enhances Palo Alto Networks’ Privileged Access Capabilities Michael Novinson (@MichaelNovinson) • July 30, 2025 Nikesh Arora, Chairman and CEO, Palo Alto Networks Nikesh Arora, CEO of Palo Alto Networks, announced the company’s intention to acquire CyberArk for $25 billion, driven…
Jun 26, 2025
Threat Intelligence / Ransomware
Cybersecurity experts are highlighting a wave of cyberattacks aimed at financial institutions across Africa, dating back to at least July 2023. These attacks leverage a combination of open-source and publicly available tools to sustain access. Researchers from Palo Alto Networks’ Unit 42 are monitoring this activity under the label CL-CRI-1014, where “CL” stands for “cluster” and “CRI” signifies “criminal motivation.” The primary objective appears to be gaining initial access to systems, which is then sold to other criminal actors in underground forums, effectively turning the threat actor into an initial access broker (IAB). “The threat actor mimics signatures from legitimate applications to create forged file signatures, camouflaging their toolset and concealing malicious activities,” noted researchers Tom Fakterman and Guy Levi. “Threat actors frequently spoof legitimate products for illicit purposes.” The attacks are marked by the use of tools such as PoshC2 and others.
Cyber Criminals Utilize Open-Source Tools to Target African Financial Institutions June 26, 2025 Threat Intelligence / Ransomware Recent investigations have revealed a troubling trend of cyber attacks aimed at financial institutions across Africa, with reports indicating that this wave of attacks began as early as July 2023. Cybersecurity experts at…
Jun 26, 2025
Threat Intelligence / Ransomware
Cybersecurity experts are highlighting a wave of cyberattacks aimed at financial institutions across Africa, dating back to at least July 2023. These attacks leverage a combination of open-source and publicly available tools to sustain access. Researchers from Palo Alto Networks’ Unit 42 are monitoring this activity under the label CL-CRI-1014, where “CL” stands for “cluster” and “CRI” signifies “criminal motivation.” The primary objective appears to be gaining initial access to systems, which is then sold to other criminal actors in underground forums, effectively turning the threat actor into an initial access broker (IAB). “The threat actor mimics signatures from legitimate applications to create forged file signatures, camouflaging their toolset and concealing malicious activities,” noted researchers Tom Fakterman and Guy Levi. “Threat actors frequently spoof legitimate products for illicit purposes.” The attacks are marked by the use of tools such as PoshC2 and others.
Microsoft has recently addressed two critical vulnerabilities, CVE-2025-49706 and CVE-2025-49704, part of their monthly update cycle. However, reports from over the weekend have revealed that the patches were insufficient, leaving organizations vulnerable to new types of cyberattacks. The primary targets of these attacks are organizations using SharePoint servers. The initial…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Governance & Risk Management Security Researchers Warn of Widespread Access to Exploit Code by Diverse Hacking Groups Mathew J. Schwartz (euroinfosec) • July 22, 2025 Image: Shutterstock/Microsoft Recent assessments indicate that hackers have been exploiting zero-day vulnerabilities in Microsoft SharePoint, primarily to…
Governance & Risk Management, Patch Management Microsoft Rolls Out Emergency Patches for Authentication-Bypassing Attacks Prajeet Nair (@prajeetspeaks), Mathew J. Schwartz (euroinfosec) • July 21, 2025 Image: Shutterstock In a concerning development, cybersecurity experts have reported that attackers are exploiting two zero-day vulnerabilities in on-premises Microsoft SharePoint installations. This activity allows…
Researchers from Cisco’s Talos security team have identified a sophisticated malware-as-a-service (MaaS) operation that exploited public GitHub accounts to distribute various types of malicious software to targeted entities. This innovative distribution method capitalized on GitHub’s widespread acceptance in enterprise environments, where many organizations rely on the platform for software development.…
