Threat researchers at Trend Micro have documented Operation ZeroDisco, a targeted campaign abusing the recently patched but widely exploited CVE-2025-20352 in Cisco IOS and IOS XE. The operators focus on legacy and unpatched network switches and routers, including the Cisco 9400, 9300, and 3750G series, to deploy a stealthy rootkit and maintain long-term access in … Read more

GreyNoise is tracking a new surge of Remote Desktop Protocol (RDP) activity targeting U.S. networks, driven by a botnet exceeding 100,000 unique IP addresses. The campaign’s active phase began on 8 October 2025 and exhibits synchronized timing and uniform behavior across sources, strongly indicating centralized command-and-control of the attacking infrastructure. Global scale and origin of … Read more

Threat actors behind the Beamglea campaign are co‑opting trusted JavaScript infrastructure—specifically the npm registry and the unpkg content delivery network—to deliver phishing pages via simple client‑side redirects. Instead of embedding malware inside packages, the adversaries publish benign‑looking modules that only perform a redirect, allowing them to blend into legitimate traffic and bypass many domain‑reputation and … Read more

SonicWall has confirmed that attackers gained unauthorized access to cloud-stored firewall configuration backups associated with the MySonicWall portal, affecting all customers who used the cloud backup feature. The company conducted the investigation with Mandiant’s incident response team. While SonicWall states that configuration and credential data within backups are protected with AES‑256 encryption, the exposure of … Read more

Security researchers from the United States have disclosed Pixnapping, a side‑channel attack that lets an unprivileged Android app infer visual content currently displayed on the screen—including messenger messages and one‑time 2FA codes—without requesting sensitive permissions. In testing on recent devices, the method recovered 2FA digits in under 30 seconds, demonstrating a practical path to on‑screen … Read more

Apple has announced a major upgrade to its bug bounty program, raising top payouts, expanding categories, and tightening validation of exploit capabilities. The centerpiece is a higher ceiling for zero-click exploit chains, alongside a new Target Flags system that programmatically verifies researcher impact. The changes are designed to make responsible disclosure competitive with the gray … Read more

A new Astaroth banking trojan campaign documented by McAfee Labs shows attackers abusing GitHub as a resilient configuration channel, using steganography to hide settings inside images hosted in public repositories. This approach extends operational continuity: even if command-and-control (C2) endpoints are blocked, the malware can fetch updated configuration data from GitHub and remain active. GitHub … Read more

Researchers from the University of California San Diego and the University of Maryland report that a significant portion of geostationary (GEO) satellite communications is still transmitted in the clear. Over a three‑year project dubbed “Don’t Look Up,” the team passively captured unencrypted traffic from corporations, government entities, and everyday users using affordable, commercially available radio … Read more

Microsoft Threat Intelligence has linked a wave of account‑takeover campaigns against U.S. universities to the threat group Storm‑2657, active since March 2025. The actors compromise faculty and staff accounts, tamper with payroll profiles, and redirect salaries to attacker‑controlled bank accounts. Similar activity has been documented by Silent Push, Malwarebytes, and Hunt.io under the moniker Payroll … Read more

Google has declined to issue a fix for ASCII smuggling in Gemini, a technique that hides machine-readable instructions using Unicode “tag” and formatting characters that are invisible to users but parsed by large language models (LLMs). Researchers warn that this gap between human-visible content and model interpretation enables prompt injection, undermines guardrails, and can facilitate … Read more