Chinese authorities have accused the U.S. National Security Agency (NSA) of orchestrating a series of cyberattacks targeting the 2025 Asian Winter Games in Harbin and related critical infrastructure across Heilongjiang Province. In an unprecedented move, local police issued a public bounty for three alleged NSA operatives. Why it Matters This is not the first time … Continued
A cyberattack earlier this year on Conduent, a major American business services provider and government contractor, resulted in the theft of customer data. In a recent filing with U.S. Securities and Exchange Commission (SEC) revealed that threat actors were able to exfiltrate a set of files containing sensitive information associated with a limited number of … Continued
Huntress issued an alert following the discovery of active exploitation of newly disclosed zero-day vulnerability (CVE-2025-30406) in Gladinet’s CentreStack and Triofox platforms. The vulnerability, marked as critical (CVSS 9.0), allows unauthenticated remote code execution through cryptographic keys present in configuration files. Gladinet CentreStack and Triofox Exploited in the Wild The first known exploit attempt occurred … Continued
Security researchers from Appknox have found 10 serious vulnerabilities in Perplexity AI chatbot’s Android application. The flaws — some of which are shared with other AI chatbots — prompted security reserachers o urge users to uninstall the app until fixes are implemented. Researchers Uncover 10 Security Flaws in Perplexity AI Chatbot Appknox found twice as … Continued
The notorious Phishing-as-a-service (PhaaS) platform Tycoon2FA kit has introduced several new evasion techniques to bypass EDR solutions and detection mechanism. Tycoon 2FA kit uses custom CAPTCHA rendered using HTML5 canvas, Unicode characters in obfuscated JavaScript, and anti-debugging scripts to bypass detection mechanisms and EDR. Technical analysis Tycoon2FA was initially by Sekoia researchers in October 2023. … Continued
Today, we identified a new data breach involving the Algerian Ministry of Pharmaceutical Industry, with threat actor MORH4x listing 34.4GB of internal data for sale on breach forums. The actor claims the breach includes extensive documentation related to Algeria’s pharmaceutical imports, personnel, inventory management, and psychotropic drug control. The actor explicitly framed the breach as … Continued
A new wave of deceptive websites mimicking as the Google Play Store has emerged, distributing SpyNote, a notorious Android malware. These malicious sites are hosted on newly registered domains and designed to trick visitors into downloading infected applications by mimicking legitimate Play Store pages. Attack Chain According to researchers, these sites employ a clean user … Continued
The cryptocurrency community is once again in the crosshairs of cybercriminals, according to a new report by ReversingLabs. In a series of ongoing attacks, threat actors are using increasingly stealthy methods to compromise Web3 wallets and siphon off crypto assets-this time by manipulating open-source packages. The security researchers have identified a campaign involving a malicious … Continued
The Jenkins project issued a new security advisory for vulnerabilities affecting its Docker’s image deliverables, including jenkins/ssh-agent and the deprecated jenkins/ssh-slave. Vulnerability Details The advisory outlines a medium-severity vulnerability (CVSS) related to host key reuse in SSH build agent Docker images, which may allow attackers to impersonate Jenkins SSH build agents under some conditions. This … Continued
Today, we identified that a threat actor known as Phantom Atlas has listed more than 13GB of internal data from Algeria’s state-run MGPTT (Post & Telecom) for sale on breachforums. The listed material reportedly includes personal data, confidential documents, strategic records, and full databases tied to the organization. In addition to MGPTT, Phantom Atlas also … Continued
