In our fast-paced, interconnected world, the dangers of cyberattacks are becoming more frequent and complex. That’s why it’s more important than ever to stay updated and aware of the risks. Every week, our newsletter offers a simple roundup of the most important news, expert opinions, and practical tips to help you protect your online information and stay ahead of potential threats.
In this edition, we examine recent cyberattacks, security weaknesses that have been discovered, and important updates related to laws and regulations affecting businesses everywhere. We highlight key issues such as advanced scams and the rise of ransomware, as well as the latest vulnerabilities affecting cloud services and internet-connected devices.
Our goal is to help you spot potential risks before they become bigger problems. We also share easy-to-follow advice to enhance your organization’s security and promote a culture of awareness about online safety.
Whether you work in cybersecurity, IT, or just have an interest in protecting yourself and your data online, we aim to keep you informed and prepared. Our newsletter combines essential news with useful insights and straightforward tips for everyday readers.
Look forward to regular features that include brief updates on security threats, recommendations for helpful tools, and insights into new technologies that can improve security.
Thank you for trusting us as your source of information on cybersecurity. We encourage you to read on, share your thoughts, and become part of a community dedicated to safeguarding our digital world. Stay safe, stay updated, and remember that being informed is your best defense against online threats.
1. Weaponized Packages Uploaded to PyPI Repositories
Hackers are targeting Python developers by uploading malicious, weaponized packages to the official PyPI repository. These packages can compromise developer systems and potentially spread malware through the software supply chain.
Read more
2. Over 20 Malicious Apps on Google Play Target Cryptocurrency Users
A coordinated phishing campaign has been uncovered involving more than 20 malicious apps on Google Play. These apps, disguised as legitimate cryptocurrency wallets and exchanges, steal users’ wallet credentials. The attackers exploited compromised developer accounts, some with over 100,000 downloads, making the apps appear trustworthy. The campaign targets platforms like SushiSwap, PancakeSwap, Hyperliquid, and Raydium, and poses significant financial risks to users.
Read more
3. Malicious Payload Hidden in JPEG Image via Steganography
Researchers have discovered a novel attack where a malicious payload was embedded inside a JPEG image using steganography. This technique allows attackers to bypass traditional security tools by hiding malware in seemingly harmless image files.
Read more
4. BERT Ransomware Now Targets Linux Machines
The BERT ransomware has evolved, now capable of attacking Linux systems in addition to Windows. This upgrade broadens its reach and increases the risk to organizations using Linux servers.
Read more
5. AsyncRAT Delivered via Fake Verification Prompts
Threat actors are distributing the AsyncRAT remote access trojan through deceptive verification prompts. Users tricked into interacting with these prompts may unknowingly install the malware, granting attackers remote control over their systems.
Read more
6. Weaponized Research Papers Deliver Malware
Cybercriminals are distributing weaponized research papers that, when downloaded or opened, deliver malware to victims. These attacks often target researchers and professionals seeking academic resources.
Read more
7. Weaponized PuTTY Ads Used to Spread Malware
Attackers are leveraging malicious advertisements for PuTTY, a popular SSH and telnet client, to distribute malware. Unsuspecting users searching for PuTTY downloads are at risk of downloading compromised versions.
Read more
8. Microsoft Defender Email Bombing Attacks
A new wave of email bombing attacks is exploiting Microsoft Defender notifications to overwhelm users’ inboxes and potentially mask more targeted phishing attempts.
Read more
9. Supercard Malware Hijacks Android Phones
The new Supercard malware is infecting Android devices, using them to carry out further attacks or steal sensitive information. The malware spreads through compromised apps and phishing campaigns.
Read more
10. Threat Actors Poison Google Search Results
Cybercriminals are manipulating Google search results to direct users to malicious websites. This “search poisoning” technique increases the likelihood of users landing on phishing or malware-laden pages.
Read more
Record-Breaking DDoS Attack Hits 7.3 Tbps
Cloudflare successfully mitigated the largest distributed denial-of-service (DDoS) attack ever recorded, peaking at 7.3 terabits per second. The attack, which lasted just 45 seconds, targeted a hosting provider and delivered 37.4 terabytes of junk traffic from over 122,000 IP addresses across 161 countries. This event marks a significant escalation in both scale and sophistication, underscoring the growing threat posed by global botnets and vulnerable IoT devices.
Read more
Fortinet FortiGate API Exploit Tool Surfaces on Dark Web
A critical zero-day vulnerability in Fortinet’s FortiOS and FortiProxy products is being actively exploited. The flaw allows unauthenticated remote code execution via the SSL VPN interface, potentially granting attackers full control over affected devices. Threat actors are selling exploit tools on dark web forums, and organizations using Fortinet products are urged to patch immediately.
Read more
700+ ComfyUI AI Image Generation Servers Compromised
Hackers have exploited critical vulnerabilities in ComfyUI, a popular AI image-generation framework, compromising at least 695 servers globally. Attackers deployed a backdoor called “Pickai” to steal sensitive data, execute remote commands, and establish persistent access. The campaign highlights the growing risk to organizations deploying AI infrastructure without robust security controls.
Read more
Phishing Campaigns Leverage Vercel Hosting Platform
Threat actors are abusing Vercel, a trusted frontend hosting service, to distribute malicious LogMeIn remote access tools. Over 1,200 users have been targeted with phishing emails that lead to deceptive Vercel-hosted pages, tricking victims into installing malware disguised as legitimate documents. The campaign demonstrates the increasing use of legitimate platforms to evade detection and amplify the impact of phishing attacks.
Read more 
Qilin Ransomware Group Adopts Advanced Loader Techniques
The Qilin (Agenda) ransomware group has enhanced its attack methods by integrating sophisticated loaders like NETXLOADER and SmokeLoader. These tools employ advanced obfuscation and stealth tactics, enabling in-memory execution of ransomware payloads and evasion of security tools. Qilin’s shift to Rust for development further improves their ability to propagate within virtual environments and target high-value enterprises.
Read more
WormGPT Variants Hijack Commercial AI Models
WormGPT, a notorious malicious AI tool, has resurfaced as a set of wrappers that hijack legitimate large language models (LLMs) like xAI’s Grok and Mistral AI’s Mixtral. By jailbreaking these models via prompt manipulation, threat actors bypass safety guardrails to generate phishing emails and malware scripts. This evolution lowers the barrier for cybercrime, allowing attackers to weaponize commercial AI platforms with minimal effort.
Read more
1. Citrix NetScaler ADC & Gateway: Critical Flaws Enable Data Breach
Two severe vulnerabilities (CVE-2025-5349, CVE-2025-5777) in NetScaler ADC and Gateway could let attackers access sensitive data or compromise network security. All organizations using affected versions should update immediately, especially as some older, end-of-life versions remain unpatched.
Read more
2. Linux Kernel Privilege Escalation: Exploit in the Wild
A use-after-free bug (CVE-2024-1086) in the Linux netfilter component allows local attackers to escalate privileges to root and execute arbitrary code. The vulnerability is actively exploited, and patches are available for all major kernel versions. Immediate updates are recommended.
Read more
3. Google Chrome: Multiple Zero-Day Exploits Patched
Google released urgent updates for Chrome, fixing several critical vulnerabilities, including CVE-2025-5419 (actively exploited zero-day in the V8 engine) and CVE-2025-4664 (policy enforcement bypass). Users and organizations are urged to update to version 137.0.7151.68/.69 or later.
Read more
4. Apache SeaTunnel: Unauthenticated RCE & File Read
A critical flaw (CVE-2025-32896) in Apache SeaTunnel allows unauthenticated attackers to read arbitrary files and execute remote code via a legacy REST API endpoint. Users should upgrade to version 2.3.11 or later and secure API endpoints.
Read more
5. OpenVPN: Denial-of-Service and Potential RCE
OpenVPN versions 2.6.1 through 2.6.13 (with –tls-crypt-v2 enabled) are vulnerable to an attack that can crash servers and potentially lead to further exploitation. The issue is fixed in version 2.6.14.
Read more
6. Linux Privilege Escalation: Common Attack Techniques
Attackers continue to leverage misconfigured services, vulnerable SUID binaries, and improper sudo rights to escalate privileges on Linux systems. Security teams should audit user permissions and system configurations regularly.
Read more
7. Password Reset Poisoning Attack
A new attack vector targets web applications’ password reset functionality, enabling attackers to hijack password reset requests and compromise accounts. Organizations should review and harden their reset workflows.
Read more
8. Cisco AnyConnect VPN: Vulnerability Exposes Servers
A recently disclosed vulnerability in Cisco AnyConnect VPN servers could allow attackers to compromise remote access infrastructure. Immediate patching is advised for all exposed systems.
Read more
1. Zoomcar Data Breach Exposes 8.4 Million Users
Indian car-sharing platform Zoomcar has confirmed a significant data breach impacting approximately 8.4 million users. The breach was discovered on June 9, 2025, after employees received messages from a hacker claiming to have stolen company data. Exposed information includes users’ names, phone numbers, car registration numbers, home addresses, and email addresses. While there is currently no evidence that financial data or passwords were leaked, the compromised data could be used for targeted phishing and identity fraud. The full scope and method of the attack are still under investigation.
Read more
2. Washington Post Journalists Targeted in State-Linked Email Hack
The Washington Post is investigating a targeted cyberattack that compromised the Microsoft email accounts of several journalists, particularly those covering national security, economic policy, and China. The breach, discovered on June 12, 2025, is believed to be the work of a foreign state actor, with early indicators pointing to Chinese involvement. Hackers gained access to both sent and received emails, but there is no evidence that customer data or other internal systems were affected. The attack exploited vulnerabilities in Microsoft’s authentication protocols, possibly using phishing and zero-day exploits to bypass multi-factor authentication. The breach highlights the ongoing threat of espionage against media organizations.
Read more
3. Record-Breaking Leak: 16 Billion Passwords Exposed Online
Cybersecurity researchers have uncovered the largest credential breach in history, with over 16 billion login records leaked online. The data, compiled from 30 separate datasets, includes usernames and passwords for major platforms such as Google, Apple, Facebook, GitHub, Telegram, and even government portals. The leak is attributed to infostealer malware, not direct company breaches, and consists primarily of fresh, highly exploitable credentials. Experts warn this “blueprint for mass exploitation” could lead to widespread phishing, account takeovers, and identity theft. Users are urged to check if their accounts are affected and to use strong, unique passwords and multi-factor authentication.
Read more
Darknet Market ‘Archetyp’ Dismantled in Major International Operation
Authorities across Europe and the United States have successfully dismantled the notorious Archetyp Market, a long-standing dark web marketplace known for facilitating the sale of fentanyl and other potent opioids. The operation, coordinated by Europol, resulted in the takedown of the market’s infrastructure and the arrest of its administrator in Barcelona. This action disrupts a significant supply line for some of the world’s most dangerous substances and sends a strong message to cybercriminals exploiting the dark web for illicit gains.
Read more
GCHQ Intern Jailed for Seven Years After Data Theft
A former intern at the UK’s intelligence agency GCHQ has been sentenced to seven and a half years in prison for illegally copying top secret files onto his personal devices. Hasaan Arshad, 25, smuggled classified data—including the identities of 17 GCHQ staff—out of a secure facility, risking national security. The breach was discovered during a police raid at his home, with prosecutors warning of the severe risk posed if such information had fallen into the wrong hands.
Read more
Scania Financial Services Hit by Data Breach
Sweden’s Scania Financial Services has confirmed a significant data breach after a threat actor known as “hensi” claimed to have accessed and exfiltrated 34,000 sensitive files from the company’s insurance platform. The breach, which exploited credentials stolen from an external IT partner, exposed documents related to insurance claims—potentially including personal, financial, and medical data of customers and partners. The full scope of the incident is under investigation.
Read more
FBI Dismantles Ransomware Gang Responsible for 43 Attacks
The FBI has successfully taken down the Radar/Dispossessor ransomware gang, responsible for hacking at least 43 companies. The operation involved seizing the group’s servers and domains in the UK and Germany. Radar, previously affiliated with LockBit, had developed a dual model of ransomware and data resale, profiting from both ransom payments and the sale of stolen data. Their dismantling marks a significant win in the ongoing fight against ransomware.
Read more
Krispy Kreme Confirms Customer Data Compromised in Ransomware Attack
Krispy Kreme has begun notifying customers that their personal information was compromised in a ransomware attack by the Play group in late 2024. The breach, which disrupted online ordering systems, was only confirmed to have impacted personal data in May 2025. While the exact nature of the compromised data remains undisclosed, the company is offering affected individuals complimentary identity monitoring. The incident highlights the growing risks to companies with significant digital operations.
Read more
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations worldwide about active exploitation…
A sophisticated malware campaign targeting WordPress sites has emerged, utilizing PHP variable functions and cookie-based…
An international ecosystem of sophisticated scam operations has emerged, targeting vulnerable populations through impersonation tactics…
TransparentTribe, a Pakistani-nexus intrusion set active since at least 2013, has intensified its cyber espionage…
As the festive season approaches, organizations are witnessing a disturbing increase in targeted attacks on…
The cybersecurity landscape experienced a significant shift in July 2025 when threat actors associated with…