Operators linked to the Medusa ransomware operation allegedly attempted to recruit a BBC employee for insider access, offering a substantial payout and combining social engineering with a multi-factor authentication (MFA) “bombing” tactic. The approach underscores a broader trend in which extortion crews monetize trusted insider pathways to bypass perimeter defenses and accelerate lateral movement inside … Read more

Arctic Wolf is tracking an evolution in the Akira ransomware campaign against SonicWall SSL VPN in which attackers successfully authenticate despite multi-factor authentication (MFA) being enabled. Logs show multiple one-time password (OTP) challenges that ultimately end in a successful login—behavior consistent with compromised OTP seed keys or an alternative mechanism to generate valid codes. From … Read more

Afghanistan experienced a nationwide internet blackout on 29 September 2025, confirmed by monitoring platforms NetBlocks and Cloudflare Radar. The disruption unfolded in phases over September, beginning with regional fiber outages and culminating in a countrywide loss of connectivity across fixed and mobile networks. De facto authorities linked to the Taliban said the measure aimed to … Read more

Researchers from the Georgia Institute of Technology have disclosed multiple privacy weaknesses in Tile Bluetooth trackers that could enable long-term tracking of users. The team reports that Tile devices broadcast key identifiers in the clear, rely on static MAC addresses, and send telemetry that the vendor can access without end‑to‑end encryption (E2EE), increasing the risk … Read more

Google has rolled out an AI-driven ransomware defense for Drive for desktop on Windows and macOS that detects behaviors typical of file-encrypting malware, temporarily pauses synchronization, and guides users to restore clean file versions in just a few clicks. The company says its model is trained on millions of real ransomware samples and continuously cross-references … Read more

The Python Software Foundation (PSF) has invalidated all PyPI tokens compromised during the GhostAction supply chain campaign uncovered in early September. While no evidence of malicious package publication has been found, PSF executed a precautionary, platform-wide revocation to reduce exposure and prevent secondary attacks. GhostAction explained: GitHub Actions abuse and secret exfiltration Researchers at GitGuardian … Read more

Threat actors are abusing search engine optimization (SEO) to seed fake GitHub repositories that impersonate well-known macOS software and redirect victims to installers for Atomic Stealer (AMOS). LastPass reports that the scheme specifically targeted macOS users and relied on GitHub’s reputation and high search rankings to bypass user skepticism. SEO-poisoning on GitHub: how macOS users … Read more

Security researchers at Rapid7 have disclosed a critical flaw in multiple versions of OxygenOS, the Android-based firmware used on OnePlus devices. Tracked as CVE-2025-10184, the issue allows any installed application to read SMS content and metadata without requesting SMS permissions or user interaction. At publication time, the bug remained unpatched. Rapid7 reports that outreach to … Read more

At the start of September 2025, Kaspersky researchers observed a renewed campaign by the hacktivist collective BO Team—also tracked as Black Owl, Lifting Zmiy and Hoody Hyena—against Russian organizations across several sectors. The operators’ objectives remain disruption of IT infrastructure, data theft and extortion, with prioritization of the public sector and large enterprises. Initial access: … Read more

Cisco has disclosed an actively exploited zero‑day vulnerability, CVE‑2025‑20352, that affects all supported releases of IOS and IOS XE. The flaw resides in SNMP processing and can trigger a stack overflow, leading to remote denial of service (DoS) or, under certain conditions, remote code execution (RCE) on network devices. Cisco PSIRT reports in‑the‑wild attacks and … Read more