Adversaries frequently abuse the Windows Run and RunOnce registry keys to establish persistence, ensuring payload execution at logon or startup while blending in with legitimate autostart behavior. This technique, long used by both commodity malware and APTs, offers stealth, durability, and low privilege requirements, making detection difficult without strong baselining
Apt41
TRENDING TOPICS SEPT 10, 2025 China-Linked APT41 Hackers Target U.S. Trade Officials Amid 2025 Negotiations The House Select Committee on China has issued a formal advisory warning of an ongoing cyber espionage campaign attributed to the China-linked threat group APT41, surfacing during a period of heightened U.
npm Packages
TRENDING TOPICS SEPT 09, 2025 Largest NPM Supply-Chain Attack Targets Crypto Transactions Hackers have hijacked 18 widely used npm packages, with a combined weekly download volume exceeding two billion, and injected them with obfuscated malware that directly targets cryptocurrency users and developers. The breach was traced to a phishing
macOS
TRENDING TOPICS SEPT 08, 2025 Hackers Exploit Fake Microsoft Teams Site to Spread Odyssey macOS Stealer Security researchers have uncovered a large-scale campaign abusing a fraudulent Microsoft Teams download site to distribute the newly identified Odyssey stealer, a macOS malware family with extensive data theft capabilities. Hosted on the
Delivery and Initial Access Phishing Attachments or Links Malicious documents, compressed files, or URLs designed to lure targets into executing spyware payloads. Malvertising and SEO Poisoning Fake ads and manipulated search results leading to trojanized installers or compromised websites. Cracked Software and Bundles Spyware hidden inside pirated applications or repacked
CVE-2025-48543
CVE-2025-9074 Critical Docker Desktop CONTAINER ESCAPE A flaw in Docker Desktop allows local Linux containers to access the Docker Engine API at 192.168.65.7:2375, enabling control over other containers, image management, and in some cases, host drive access. This represents a significant container escape vulnerability.
PagerDuty
TRENDING TOPICS SEPT 04, 2025 Update: PagerDuty Drawn into Salesloft OAuth Fallout PagerDuty has confirmed that it was impacted by the ongoing Salesloft Drift OAuth breach, which has already affected several high-profile companies. The compromise was traced back to August 20, 2025, when Salesloft first alerted PagerDuty to a
Iran
TRENDING TOPICS SEPT 03, 2025 Iranian Hackers Exploit Embassy Email Accounts in Coordinated Phishing Campaign Iranian-aligned threat actors tied to the Homeland Justice cluster have carried out a coordinated, multi-wave spear-phishing campaign targeting embassies, consulates, and diplomatic organizations across the Americas, Africa, the Middle East, Asia, and
Monthly Wrap
MONTHLY WRAP MONTHLY WRAP Overview Adversaries doubled down on trusted channels, identity systems, and edge infrastructure. Campaigns abused Telegram, Microsoft Teams, OAuth consent, and link-wrapping services to bypass controls; mobile banking and RAT operations surged via malvertising and fake app stores; and cloud-n
UNC6395
TRENDING TOPICS SEPT 02, 2025 Update: Palo Alto Networks Confirmed in OAuth Supply-Chain Breach Palo Alto Networks has confirmed that it was among the companies affected by the ongoing OAuth supply-chain campaign, which first came to light with the Salesloft Drift breach. Attackers leveraged compromised tokens to infiltrate
CVE-2025-52970 High Fortinet FortiWeb AUTHENTICATION BYPASS Improper parameter handling flaw in FortiWeb allows unauthenticated attackers with certain non-public information to log in as any user via crafted requests. Affects versions 7.6.0–7.6.3, 7.4.0–7.4.7, 7.2.0–7.2.
Storm-0501
TRENDING TOPICS AUG 28, 2025 Update: Storm-0501 Shifts to Cloud-Based Ransomware and Data Extortion Storm-0501, a financially motivated threat actor active since at least 2021, has shifted from traditional on-premises ransomware to a new model centered on cloud-based data theft, encryption, and extortion. Historically tied