Sophos Counter Threat Unit has observed a campaign where attackers weaponized the open‑source digital forensics and incident response (DFIR) tool Velociraptor as part of a living‑off‑the‑land (LotL) intrusion. The operation chained multiple legitimate components—Windows msiexec, Cloudflare Workers, and Visual Studio Code remote tunneling—to establish stealthy remote access and enable remote code execution without deploying noisy … Read more

Check Point analysts warn that threat actors are discussing the use of HexStrike AI to accelerate exploitation of recent n‑day vulnerabilities in Citrix NetScaler ADC/Gateway, notably CVE‑2025‑7775, CVE‑2025‑7776, and CVE‑2025‑8424. According to Shadowserver Foundation, as of 2 September 2025 roughly 8,000 endpoints remained exposed to CVE‑2025‑7775, down from at least 28,000 the prior week—evidence of … Read more

Bridgestone Americas (BSA) is investigating a cyberattack that disrupted operations at select manufacturing sites. The incident became public on September 2, 2025, after interruptions were reported at two plants in Aiken County, South Carolina. On September 3, Canadian outlets noted similar issues at the Bridgestone facility in Joliette, Quebec. The company describes the event as … Read more

Kaspersky researchers report a fresh surge in activity by the OldGremlin ransomware group in the first half of 2025. At least eight large Russian organizations were compromised, primarily in the industrial sector, with additional victims in healthcare, retail, and IT. The campaign underscores a familiar pattern for the actor: prolonged, low-noise compromise followed by disruptive … Read more

Cloudflare reports it has mitigated the largest distributed denial‑of‑service (DDoS) attack observed to date, peaking at 11.5 Tbps and 5.1 billion packets per second (pps). The burst lasted roughly 35 seconds, a profile consistent with “hit‑and‑run” volumetric assaults designed to overwhelm bandwidth and packet processing capacity before traditional defenses can react. Record‑setting DDoS metrics: 11.5 … Read more

The U.S. Department of Justice (DOJ), acting on a referral from the Federal Trade Commission (FTC), has filed a complaint against Apitor Technology, the maker of children’s robotics kits, alleging that its Android app collected and shared minors’ precise geolocation data without adequate parental notice or consent. Regulators say a third‑party software development kit (SDK) … Read more

WhatsApp has released security updates for iOS and macOS addressing a 0‑day vulnerability, CVE‑2025‑55177, that the company says was used in highly targeted attacks. The flaw resided in the app’s linked devices synchronization logic and carries a CVSS score of 8.0, indicating high severity. Users are urged to update via the App Store and Mac … Read more

Egyptian law enforcement, working with the Alliance for Creativity and Entertainment (ACE), disrupted operations linked to Streameast, a prominent pirate sports streaming ecosystem, and detained two suspects in Giza. ACE characterized the operation as targeting one of the world’s largest illicit sports-streaming infrastructures, which monetized high-definition broadcasts without licenses through aggressive advertising. Scale and monetization: … Read more

Click Studios has issued an urgent update for the Passwordstate enterprise password manager, addressing a critical authentication bypass in the Emergency Access mechanism. The fix, released as Passwordstate 9.9 Build 9972, prevents attackers from potentially obtaining administrative control through a crafted URL. A CVE identifier is pending, and technical specifics have not been disclosed to … Read more

Researchers at Guardio Labs have identified a novel malvertising technique on X that abuses the platform’s integrated AI assistant, Grok, to surface malicious links that would otherwise be blocked. The method—dubbed “grokking”—has already achieved substantial reach, including campaigns with millions of ad impressions, and demonstrates how attackers can weaponize AI trust signals and moderation gaps … Read more