Month May 2025

 In 2025, the exploitation of supply chain vulnerabilities by Advanced Persistent Threats (APTs) has emerged as one of the most significant and damaging trends in enterprise cybersecurity. As organizations become increasingly interconnected, the supply chain, once a driver of efficiency,…

 A sophisticated spear-phishing campaign has emerged targeting chief financial officers and senior financial executives across banking, energy, insurance, and investment sectors worldwide, marking a concerning escalation in precision-targeted cyber attacks against corporate leadership. The campaign, which surfaced on May 15,…

 The cybersecurity landscape of 2025 has become a high-stakes battleground as Advanced Persistent Threat (APT) campaigns leverage artificial intelligence, zero-day exploits, and cloud vulnerabilities to bypass traditional defenses. With APT attacks on critical infrastructure surging by 136% in Q1 2025…

 State-sponsored Advanced Persistent Threats (APTs) have become the defining challenge for cybersecurity professionals in 2025, with attacks growing in sophistication, persistence, and global reach. High-profile breaches targeting critical infrastructure, telecommunications, and government entities underscore the urgent need for robust, adaptive…

 A sophisticated botnet campaign dubbed “AyySSHush” has compromised over 9,000 ASUS routers worldwide, establishing persistent backdoor access that survives firmware updates and reboots.  The stealthy operation, first detected in March 2025, demonstrates advanced nation-state-level tradecraft by exploiting authentication vulnerabilities and…

 A critical security flaw in Microsoft’s OneDrive File Picker has exposed millions of users to unauthorized data access, allowing third-party web applications to gain complete access to users’ entire OneDrive storage rather than just selected files.  Security researchers from Oasis…

Google on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control (C2).
The tech giant, which discovered the activity in late October 2024, said the malware was hosted on a compromised government website and was used to target multiple other government entities.
"Misuse of cloud

Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files.
TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to allow e-commerce site customers to save their favorite products for later and share the lists on social

 Cybersecurity researchers have uncovered a sophisticated new attack method called “ChoiceJacking” that allows malicious charging stations to steal sensitive data from smartphones and tablets, effectively bypassing security measures that have protected mobile devices for over a decade. The attack, discovered…

Researchers are using quantum computers to generate keys that are truly random to strengthen data encryption. Read More  

 As 2025 unfolds, the digital battleground has never been more complex-or more consequential. Cyberattacks are no longer isolated incidents but persistent realities, threatening not only sensitive data but the very continuity of businesses, critical infrastructure, and even national security. In…

Researchers at Oasis Security say the problem has to do with OneDrive File Picker having overly broad permissions. Read More  

The Cybersecurity and Infrastructure Security Agency (CISA) and Australian Cyber Security Centre (ACSC) recommend that organizations conduct thorough testing and manage costs, which can be hefty, before implementing the platforms. Read More  

[[{“value”:”The incident impacted multiple web and mobile applications, licensing services, downloads and online store, website, wiki, MathWorks accounts, and other services. The post MATLAB Maker MathWorks Recovering From Ransomware Attack appeared first on SecurityWeek.”}]] Read More