Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for North Korean Hackers ...

 Malware News

The name said it all: DroneEXEHijackingLoader.dll. That internal file name, buried in malicious code delivered to three European defense contractors, revealed what security researchers now believe represents North Korea's latest espionage campaign aimed at stealing drone technology as Pyongyang races to modernize   show more ...

its UAV arsenal. The attacks, attributed to the notorious Lazarus APT group, targeted companies manufacturing unmanned aerial vehicle components and software between March and August 2025, according to ESET Research. The timing proves significant. North Korean soldiers deployed to Russia during this period to support Moscow's war effort in Kursk, exposing Pyongyang's military to modern drone warfare firsthand. Intelligence analysts assess this battlefield experience likely reinforced North Korea's determination to accelerate its domestic UAV production capabilities. Lazarus executed the intrusions through Operation DreamJob, a long-running social engineering campaign that dangles fake job offers at aerospace and defense sector employees. Targets received trojanized PDF readers alongside fabricated job descriptions, delivering malware disguised as legitimate hiring materials. Also read: Operation Dream Job Continues, Uses Trojanized PuTTY SSH Client The attackers compromised a metal engineering firm in southeastern Europe, an aircraft component manufacturer in central Europe, and a defense company also in central Europe. At least two victims maintain direct involvement in UAV technology development, with one producing critical drone components currently deployed in Ukraine. Technical Evolution Maintains Effectiveness The campaign deployed ScoringMathTea, a remote access trojan that grants attackers complete system control and has served as Lazarus's payload of choice for three years. This RAT supports approximately 40 commands enabling file manipulation, process management, system reconnaissance, and data exfiltration through encrypted channels. Lazarus embedded its malicious code within trojanized open-source projects pulled from GitHub, including TightVNC Viewer, MuPDF reader, DirectX Wrappers, and plugins for Notepad++ and WinMerge. This technique provides enough variation to evade signature-based detection while maintaining operational consistency. The group leveraged DLL side-loading, a technique where legitimate executables load malicious dynamic link libraries placed in unexpected system locations. The malware never appears unencrypted on disk, using AES-128 or ChaCha20 algorithms for obfuscation. Reverse Engineering Through Cyberespionage North Korea's current flagship reconnaissance drone, the Saetbyol-4, appears nearly identical to Northrop Grumman's RQ-4 Global Hawk. Its multipurpose combat drone, the Saetbyol-9, replicates the design of General Atomics' MQ-9 Reaper. Even the numerical designations mirror their American counterparts. This copying extends beyond visual mimicry. Multiple campaigns affecting aerospace companies, including UAV technology specifically, have been attributed to North Korean APT groups in recent years. U.S. authorities formally linked several Lazarus-related groups to North Korean intelligence services. Russia now reportedly assists North Korea in producing knockoff versions of Iranian-made Shahed suicide drones. Pyongyang also develops low-cost attack UAVs potentially destined for African and Middle Eastern export markets. Recent construction activity near North Korean aircraft factories suggests preparation for mass UAV production. Persistent Methods Despite Public Exposure Despite widespread media coverage of Operation DreamJob tactics, employee awareness in sensitive sectors remains insufficient to counter these social engineering approaches. The campaign's success rate indicates security training programs fail to adequately prepare personnel for sophisticated recruitment-themed attacks. Also read: LinkedIn Job Scams Are the Latest Cyber Threat – Don’t Fall for Fake Recruiters ESET researchers identified ScoringMathTea in previous attacks against companies in India, Poland, the United Kingdom, and Italy since January 2023. The RAT first appeared in VirusTotal submissions from Portugal and Germany in October 2022, disguised as Airbus-themed job offers. Command and control infrastructure relies on compromised WordPress installations, with malicious server-side code typically stored within template or plugin directories. The attackers rotate through various hosting providers across multiple countries. Security researchers attribute this activity to Lazarus with high confidence based on social engineering techniques, GitHub project trojanization methods, ScoringMathTea deployment, and targeting patterns consistent with previous Operation DreamJob campaigns. Organizations active in UAV development should anticipate continued targeting as North Korea pursues indigenous drone capabilities through cyber-enabled industrial espionage. Also read: Lazarus Group Targets Cryptocurrency Job Seekers on LinkedIn

image for Ransomware Attacks H ...

 Cyber News

Ransomware attacks have soared 50% in 2025 despite major changes among the leading ransomware groups, according to a new Cyble report. Through October 21, there have been 5,010 ransomware attacks claimed by ransomware groups on their dark web data leak sites, up from 3,335 in the same period of 2024, according to a   show more ...

Cyble blog post. “From the decline of RansomHub to the rise of Qilin and newcomers like Sinobi and The Gentlemen, ransomware group leadership has been in flux for much of 2025, but affiliates have been quick to find new opportunities, and a steady supply of critical vulnerabilities has helped fuel attacks,” Cyble said. The threat intelligence company noted that its new threat landscape report (registration required) also documents record data breaches and supply chain attacks, as the cyber landscape has become more dangerous in general this year. Qilin Led All Ransomware Groups Once Again September marked the fifth consecutive monthly increase in ransomware attacks, and Qilin led all ransomware groups for the fifth time in six months, as the group has solidified its leadership in the wake of RansomHub's decline. In all, ransomware groups claimed 474 victims in September, up slightly from August (chart below). That’s well below February’s record, “yet still among the highest monthly ransomware attack totals on record,” Cyble said. [caption id="attachment_106294" align="aligncenter" width="723"] Ransomware attacks by month 2021-2025 (Cyble)[/caption] The U.S. remains by far the biggest target for ransomware groups, with its 259 victims accounting for nearly 55% of attacks in September (chart below). Germany, France, Canada, Spain, Italy and the UK remain consistent targets, but South Korea emerged a new major target, in second place behind the U.S. with 32 attacks, largely due to one campaign by Qilin. [caption id="attachment_106292" align="aligncenter" width="936"] Ransomware attacks by country September 2025 (Cyble)[/caption] Of the 32 South Korean attacks recorded in September, 29 came from Qilin’s “KoreanLeak” campaign that targeted asset management companies in the country. Cyble noted that “One of the asset management firms said its systems were impacted through a ransomware attack on its IT management provider, indicating a possible supply chain compromise affecting multiple firms simultaneously.” The campaign also made South Korea by far the most attacked country in the APAC region in September, well ahead of India, Thailand and Taiwan. Qilin’s South Korean campaign made Banking, Financial Services and Insurance (BFSI) the third most attacked sector in September, behind Construction and Manufacturing and ahead of Professional Services, IT and Healthcare (chart below). [caption id="attachment_106296" align="aligncenter" width="936"] Ransomware attacks by sector September 2025 (Cyble)[/caption] The Emergence of The Gentlemen Ransomware Group Qilin led all ransomware groups with 99 claimed victims, 40 ahead of second-place Akira (chart below). [caption id="attachment_106298" align="aligncenter" width="936"] Top ransomware groups September 2025 (Cyble)[/caption] The emergence of The Gentlemen was a noteworthy development, a new group that has claimed 46 victims to date. “The group’s use of custom tools targeting specific security vendors and the geographic diversity of its targets ... suggests that the group may have the resources to become an enduring threat,” Cyble said. The full Cyble blog detailed 11 significant ransomware incidents in September, including some with supply chain implications, and also included recommendations for defenders.

image for Compromised YouTube ...

 Cyber News

More than 3,000 malicious YouTube videos were used to distribute infostealer malware, according to a new report detailing the operation. Dubbed the “YouTube Ghost Network” by Check Point Research, the large-scale malware distribution operation used fake and compromised YouTube accounts to distribute infostealers   show more ...

like Rhadamanthys and Lumma, the report said. Most of the videos have now been removed, but the malware operation has been active at least since 2021. Game hacks and cheats and software cracks and piracy were the most targeted categories. “It is important to emphasize that the use of cracked software is illegal and that such versions frequently contain hidden malware,” Check Point said. The most viewed malicious videos targeted Adobe Photoshop, with 293,000 views, and FL Studio, with 147,000 views. Compromised YouTube Accounts Used to Spread Infostealer Malware Much of the YouTube Ghost Network consists of compromised YouTube accounts that are assigned specific operational roles, such as uploading malicious videos or liking and commenting to create a false sense of trust in a compromised account. “This role-based structure enables stealthier distribution, as banned accounts can be rapidly replaced without disrupting the overall operation,” the report said. The most targeted game from the “Game Hacks/Cheats” category was Roblox, with 380 million monthly active users and about 111.8 million daily active users. In the “Software Cracks/Piracy” category, Adobe products are the main targets, led by Photoshop and Lightroom. External links in the video posts typically redirect users to file-sharing services such as MediaFire, Dropbox, or Google Drive, or to phishing pages hosted on platforms like Google Sites, Blogspot, or Telegraph (telegra.ph). Those pages then contain links to download the malicious software, and shortened URLs are often used to hide the real destination of the external link. The description of the videos follows a typical structure, with a download link and shared password. Step-by-step instructions often advise users to temporarily disable Windows Defender to avoid “a false alert.” “Don’t worry – the archive is clean,” assures one post after telling potential victims to temporarily disable Windows Defender. “Defender may trigger a false alert due to the way Setup.exe works with installations.” In most cases, the malware distributed is an infostealer. Lumma was initially the most distributed malware before its disruption, followed by Rhadamanthys, and the StealC and Redline infostealers have also been observed. Compromised YouTube Accounts Distributed Malicious Pirated Photoshop The report detailed two compromised YouTube channels and accounts. The YouTube channel @Sound_Writer, with 9,690 subscribers, published videos that were mainly focused on cryptocurrency software and gaming. “Our analysis indicates that this account has been compromised for over a year, as evidenced by the appearance of malicious videos that differ significantly from the channel’s previous content,” Check Point said. The account @Afonesio1, with approximately 129,000 subscribers, was compromised between December 3, 2024, and January 5, 2025, and has since uploaded four videos to distribute malware. One of the account’s most viewed videos, with 291,155 views and 54 positive comments, “was used to lure unsuspecting viewers into downloading and executing a cracked version of Adobe Photoshop.” Within the video’s description was a community message link and the password required to decompress the password-protected archive. The post “received approximately 1,200 likes and numerous positive comments praising the effectiveness of the software solution,” Check Point said. The shortened link in the post redirected users to Dropbox, where the file could be downloaded The archive contained a file named Adobe.Photoshop.2024.v25.1.0.120.exe, which is a cracked version of Adobe Photoshop. “It remains unclear whether the positive comments originate from real users who inadvertently infected themselves or from ghost accounts promoting the malicious software with AI comments,” the report said. “The ongoing evolution of malware distribution methods demonstrates the remarkable adaptability and resourcefulness of threat actors in bypassing conventional security defenses,” Check Point concluded. “While email phishing remains a well-known and persistent threat, our research reveals that adversaries are increasingly shifting toward more sophisticated, platform-based strategies, most notably, the deployment of Ghost Networks. These networks leverage the trust inherent in legitimate accounts and the engagement mechanisms of popular platforms to orchestrate large-scale, persistent, and highly effective malware campaigns.”

image for Microsoft Issues Eme ...

 Firewall Daily

Microsoft has released an urgent out-of-band security update to address a severe remote code execution (RCE) vulnerability in Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, poses a direct risk to organizations that utilize WSUS to manage Windows updates across their IT infrastructure.    show more ...

Overview of the CVE-2025-59287 Vulnerability  The vulnerability, identified as a case of CWE-502: Deserialization of Untrusted Data, occurs when WSUS improperly deserializes untrusted objects. A remote, unauthenticated attacker could exploit this flaw by sending a specially crafted request to the WSUS service.  Because WSUS commonly runs under the SYSTEM account, successful exploitation would allow the attacker to execute arbitrary code with the highest privileges, effectively gaining full control of the targeted system.  Microsoft has rated the flaw as Critical with a CVSS 3.1 base score of 9.8. The attack vector is network-based, requires no authentication or user interaction, and has low complexity. The vulnerability’s scope, confidentiality, integrity, and availability impacts are all classified as high. Microsoft has also assessed exploitation as “More Likely,” increasing the urgency for administrators to patch affected systems immediately.  Affected Versions  The RCE vulnerability affects several supported editions of Windows Server, including:  Windows Server 2012 and 2012 R2  Windows Server 2016  Windows Server 2019  Windows Server 2022 (including the 23H2 Server Core edition)  Windows Server 2025  By default, the WSUS server role is not enabled on Windows Server installations. However, once enabled, unpatched servers become vulnerable to exploitation. Microsoft emphasizes that servers without the WSUS role activated are not affected by CVE-2025-59287.  Timeline of Discovery and Patching  The vulnerability was first disclosed on October 14, 2025, with Microsoft formally registering it under the identifier CVE-2025-59287. Following the discovery, Microsoft released an out-of-band update on October 23, 2025, after confirming the existence of publicly available proof-of-concept (PoC) exploit code. This prompted an update to the CVSS temporal score to reflect the increased maturity of the exploit.  The update is available through multiple channels, including Windows Update, Microsoft Update, and Microsoft Update Catalog. Systems configured to automatically receive updates will download and install the patch without manual intervention. A system reboot is required after applying the update.  Mitigation and Workarounds For organizations unable to immediately install the October 23, 2025, patch, Microsoft has provided several temporary mitigations:  Disable the WSUS Server Role: Doing so prevents exploitation but also halts update delivery to clients.  Block Inbound Traffic: Administrators can block ports 8530 and 8531 on the host firewall to render WSUS non-operational and mitigate the risk of attack.  Microsoft warns that these workarounds should remain in place until the official patch is successfully applied. Reverting them before updating could leave systems exposed to potential exploitation.  Exploitability and Risk  At the time of release, Microsoft reported no evidence of active exploitation or public disclosure beyond the proof-of-concept code. However, a successful compromise of a WSUS server could allow attackers to distribute malicious updates throughout an organization’s network, manipulate system configurations, or pivot deeper into internal environments.  CVE-2025-59287 was reported by Markus Wulftange of CODE WHITE GmbH, with Microsoft acknowledging his contribution to identifying and responsibly disclosing the issue.  The ability for an unauthenticated attacker to achieve RCE over a network, without user interaction, elevates this vulnerability to a critical priority. Organizations relying on WSUS should verify that the October 23, 2025, update has been applied across all affected systems. Until fully patched, any unprotected WSUS installation remains at risk of compromise.  

image for SessionReaper Exploi ...

 Vulnerabilities

Six weeks after Adobe shipped an emergency fix, attackers have begun weaponizing SessionReaper — and most Magento stores still stand exposed. Security firm Sansec’s forensics team said it blocked hundreds of real-world exploitation attempts of the SessionReaper bug as proof-of-concept code and a technical write-up   show more ...

circulated publicly. For those who still have not patched this bug, Its a critical warning that widespread abuse would follow. What is SessionReaper Bug SessionReaper (CVE-2025-54236) is an unauthenticated, remote-code-execution flaw in Adobe Commerce / Magento that stems from nested deserialization in admin-facing functionality. Assetnote published the technical analysis that demonstrated how an attacker could craft requests to trigger object deserialization and run arbitrary PHP — a straight path to web shells and full shop takeover. With exploit details now public, Sansec researchers said the window for safe patching had effectively closed. Sansec researchers reported that only 38% of Magento stores had applied Adobe’s patch six weeks after disclosure, leaving roughly 62% vulnerable to automated scans and commodity exploit tooling. They also confirmed of blocking more than 250 exploitation attempts in a single day and observed initial payloads that delivered PHP webshells or phpinfo probes. The company published an initial set of attacker source IPs to help defenders triage incoming traffic. Also read: Adobe Issues Urgent Patch for ‘SessionReaper’ Vulnerability in Commerce and Magento Attackers Exploited Familiar eCommerce Playbook Researchers said the flow of the attack is not novel and has been observed earlier. The attackers scanned the web for reachable admin consoles, sent crafted HTTP requests to the vulnerable endpoint and dropped webshells to persist and pivot. Sansec compared SessionReaper’s potential impact to previous mass-compromise flaws such as Shoplift (2015) and CosmicSting (2024), both of which spawned waves of site-wide infections and payment-card skimming campaigns. With automated exploit scanners and proof-of-concept code circulating, researchers expect mass compromise within hours of public analysis. The defensive checklist that the researchers suggested remains simple but urgent. They urged store owners to deploy the vendor patch or upgrade to the latest security release immediately; to activate a web application firewall (WAF) if they cannot patch right away; and to run a thorough compromise scan for indicators such as unexpected PHP webshells, new files in webroot and suspicious scheduled tasks. They also advised searching logs for the IPs it observed to identify probing activity. The warning held particular weight because of the way ecommerce platforms amplify risk. Magento and Adobe Commerce sit at the intersection of payments, customer PII and third-party plugins. A single compromised admin console can let an attacker replace checkout pages, inject payment skimmers, and harvest credit-card data at scale. Attackers historically monetized these compromises rapidly, either by installing Magecart skimmers or building backend access for long-running fraud operations. Sansec’s timeline explicitly linked SessionReaper to that same class of high-impact supply-chain abuse. The SessionReaper episode offered two broader lessons. First, critical-path fixes for internet-facing infrastructure must move faster than the adversary’s ability to automate; Adobe’s patch arrived, but adoption lagged dangerously. Second, ecommerce operators needed layered controls. Patching alone would stop exploitation, but WAFs, hardened deployment practices, privilege separation and continuous file-integrity monitoring buy time when immediate patching proves difficult. Also read: Adobe Patch Tuesday Fixes Over 60 Vulnerabilities Across 13 Products

image for Privacy rankings of ...

 Privacy

Although direct messages sent through a chat app are often perceived as a private conversation, it’s actually not that simple. Not only can your chats and data be used for advertising and AI training, but they can be shared with law enforcement and intelligence agencies. Furthermore, perfect strangers, or scammers   show more ...

— pretending to be your boss, for example — might reach out to you directly. Then again, attackers can use social engineering techniques to gain access to your account and read all of your chats in real-time. Which services minimize the chance of these unwelcome events? That’s the question experts at the company Incogni set out to answer. They decided to compare popular social networks and messaging apps, and ranked them as per privacy levels from highest to lowest. The result is the Social Media Privacy Ranking 2025. This was an extensive study covering 15 social networks and chat apps, and comparing them across 18 criteria. Today, we focus on the scores for messaging apps and direct communication platforms — selecting only the most practical evaluation criteria. So, which of the common messaging apps are the most privacy-oriented? Overall privacy rankings We’ll start with Incogni’s final conclusions. After summing up all their scores across the criteria, they produced the following privacy rankings (lower is better): Discord: 10.23 Telegram: 13.08 Snapchat: 13.39 Facebook Messenger: 22.22 WhatsApp: 23.17 But don’t rush to migrate all your chats from WhatsApp to Discord just yet — comparing only the criteria that matter most reveals a different picture. Incogni’s comprehensive study included some very peculiar points, such as the number of fines for data retention violations across all countries, the number of past hacks and data breaches, the readability of the privacy policy, the time it takes to have your data deleted after an account closure request, and so on. However, there are also highly practical criteria: the types of data collected by the mobile app, the privacy level by default, the amount of user data visible to non-contacts, the use of user data for AI training, and the option to opt out of this. For those concerned about excessive government interference in private correspondence, the score for the response rates to government requests for user information will also be of interest. If we add up the scores from only these practical categories, the rankings shift significantly: Telegram: 4.23 Snapchat: 7.72 Discord: 8.14 WhatsApp: 11.93 Facebook Messenger: 13.37 Incogni penalized WhatsApp  3.4 points for the fact that chats may be used for AI training, and users can’t opt out. However, there’s one important caveat: as of today, this only applies to user chats with Meta’s AI assistant, while other chats are still protected by end-to-end encryption, and can’t be used for training. Therefore, in our view, a more accurate score for WhatsApp would be 8.53; this doesn’t change its position, but significantly narrows the gap between it and the leading trio. Let’s move past the numbers now, and review the practically significant findings of the analysis. Private by default An app focused on user interests sets all security and privacy settings to safe and private upon installation. The user can then lower the level of privacy where they choose to. Telegram and Snapchat exhibit this commendable behavior. Discord’s default settings are less private, while Facebook Messenger and WhatsApp are down at the bottom of the rankings. A similar situation is found with the number of privacy settings — Telegram and Snapchat offer the most. We’ve published detailed guides on setting up privacy in Telegram, WhatsApp, and Discord, and you can find privacy configuration tips for many other popular apps, devices, and operating systems on our free Privacy Checker portal. Secure against strangers Minimizing the amount of information strangers can see is crucial for both privacy and physical safety. It limits the possibilities for scams, spam, stalking, and child abuse. The most secure accounts are provided equally by Telegram and WhatsApp — tying for first place. Facebook Messenger and Snapchat share second, while Discord ranks last in this regard. Cooperating with authorities Telegram doesn’t disclose the percentage of government requests for personal data that it grants — though it’s known to be greater than zero. As for the other platforms, Snapchat most frequently approves such requests (82%), Meta’s services approve them in 78% of cases (the breakdown by service is unknown), and Discord is not far behind at 77.4%. Collecting data for advertising and other purposes Every platform collects a certain amount of information about its users, their socio-demographic profile, and preferences. The study distinguishes between general data collection and mobile-app data collection. The former was based on privacy policies; the latter used the data published for the apps in the App Store and Google Play. Based on general data collection, the leaders with the least amount of collected data are Telegram and WhatsApp. Discord took second place, and Snapchat and Facebook Messenger both ranked last. Regarding mobile-app data collection, the picture is slightly different: Telegram leads by a significant margin, followed by WhatsApp in second place, then Discord, Snapchat, and finally, Facebook Messenger. Which messaging app is best? Among the services reviewed, Telegram collects the least data and provides the widest range of privacy settings. While Discord leads the overall rankings thanks to limited data collection and a clean record on privacy fines, it falls short in privacy settings, and doesn’t default to secure options. WhatsApp offers extensive protection against strangers, and collects a relatively modest amount of user data. Note that the ranking focuses on mainstream apps; more niche messaging apps that place a strong emphasis on privacy were simply not included. Truly confidential/sensitive conversations should ideally be conducted on one of these dedicated private messaging apps. Additionally, Incogni didn’t focus on encryption. Among the reviewed apps, only WhatsApp offers full end-to-end encryption for all chats by default. This is a crucial consideration, for the hugely popular Telegram doesn’t guarantee message privacy: chats aren’t end-to-end encrypted by default. Finally, don’t forget that the indicated level of security applies only to the official mobile clients of these messaging services. The desktop versions of popular messaging apps are far more vulnerable due to their architecture. As for using mods or third-party clients, it’s best to avoid them entirely — malicious versions are routinely distributed both through channels and group chats within the messaging services themselves, and through official app stores such as Google Play. To protect Android smartphones from these malicious apps, consider Kaspersky for Android. Incidentally, after a recent update, it now also blocks phishing and malicious links in all notifications from any messaging or other app. Messaging apps today arguably hold the maximum amount of private information about each of us. To avoid becoming a victim of a data leak, read our other posts: Messengers 101: safety and privacy advice What to do if your WhatsApp account gets hacked What to do if your Telegram account is hacked WhatsApp and Telegram account hijacking: how to protect yourself against scams Chatting offline: an overview of mesh messaging apps

image for How CISA Layoffs Wea ...

 Feed

Cyber teams need to get to work backfilling diminishing federal resources, according to Alexander Garcia-Tobar, who shares clear steps on a path forward for protecting enterprises with less CISA help.

 Feed

Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks. The sophisticated threat, codenamed GlassWorm by Koi Security, is the second such supply chain attack to hit the DevOps space within a span

 Feed

Does your organization suffer from a cybersecurity perception gap? Findings from the Bitdefender 2025 Cybersecurity Assessment suggest the answer is probably “yes” — and many leaders may not even realize it. This disconnect matters. Small differences in perception today can evolve into major blind spots tomorrow. After all, perception influences what organizations prioritize, where they

 Feed

A malicious network of YouTube accounts has been observed publishing and promoting videos that lead to malware downloads, essentially abusing the popularity and trust associated with the video hosting platform for propagating malicious payloads. Active since 2021, the network has published more than 3,000 malicious videos to date, with the volume of such videos tripling since the start of the

 Feed

The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targeting a broad range of services across the world, according to new findings from Palo Alto Networks Unit 42. "Although these domains are registered through a Hong Kong-based registrar and use Chinese nameservers, the attack infrastructure is

 Feed

Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant

 Feed

A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT. The activity, observed in August and September 2025 by Sekoia, has been attributed to Transparent Tribe (aka APT36), a state-sponsored hacking group known to be active since at least 2013. It also builds upon a prior

2025-10
Aggregator history
Friday, October 24
WED
THU
FRI
SAT
SUN
MON
TUE
OctoberNovemberDecember