Cybersecurity researchers have discovered that attackers are misusing ConnectWise ScreenConnect, a widely used remote access tool, to deliver AsyncRAT, a dangerous Remote Access Trojan. The malicious campaign is designed to steal sensitive data, login credentials, and even cryptocurrency from unsuspecting victims. The attack begins when a victim downloads or installs a tampered version of the … Continued
In July 2025, just before key trade talks between the United States and China in Sweden, a suspicious email began making rounds. The email looked like it was sent by Representative John Moolenaar, who chairs the House committee on U.S.–China competition. It asked recipients to review a draft of legislation, but the attachment was actually … Continued
A major security incident has hit the JavaScript ecosystem as more than 20 popular npm packages were compromised in a supply chain attack. These packages together are downloaded over 2 billion times every week, making the attack one of the most serious seen in recent years. Well-known libraries like chalk and debug were among the … Continued
A new security report has revealed that a dangerous flaw in Apple’s Messages app was used to spy on journalists. At the same time, businesses using SAP S/4HANA are being warned about a critical vulnerability that attackers are already exploiting. Both cases show how quickly hackers move and why updating software immediately is more important … Continued
A new zero-day vulnerability has been discovered in Sitecore, and attackers are already taking advantage of it. The flaw is tracked as CVE-2025-53690 and has been linked to active exploitation in the wild. Security researchers from Mandiant revealed that hackers are using this weakness to run malicious code on vulnerable servers, giving them a direct … Continued
Security researchers have discovered a cyber campaign where Chinese-linked hackers are secretly manipulating Google search results to push gambling websites. The operation, uncovered by cybersecurity company ESET, has been named GhostRedirector. Evidence shows it started in August 2024 and was still active in June 2025, running undetected for many months. The attackers managed to compromise … Continued
Japan, South Korea, and the United States recently held a joint forum in Tokyo to tackle a sophisticated scam. In this scheme, individuals connected to North Korea pretend to be IT professionals. They apply for remote jobs, get hired by unsuspecting companies, then steal data, funnel money back to North Korea, or launder payroll. At … Continued
A new cyber-espionage campaign has come to light, this time linked to hackers connected with Iran. Security researchers discovered that attackers compromised more than 100 embassy and government email accounts to target diplomats around the world. By abusing official mailboxes, the hackers were able to make their phishing messages look completely authentic. Investigators found that … Continued
WordPress, the world’s most widely used website platform, is facing yet another wave of security issues. Researchers have revealed that many WordPress sites are being compromised and abused through malicious or vulnerable plugins. These hacked sites are being used to spread two major threats, known as ClickFix attacks and Traffic Distribution Systems (TDS). Both of … Continued
A Ukrainian network known as FDN3 has been identified as the source of large brute-force attacks targeting SSL VPNs and Remote Desktop Protocol (RDP) devices. Security researchers observed these attacks during June and July 2025, with the most intense surge recorded between July 6 and July 8. Instead of quick hits, some of the campaigns … Continued
