Bots, Bread and the Battle for the Web

AI-powered malicious SEO is rapidly transforming the digital threat landscape, enabling threat actors to manipulate search engine algorithms at scale. This undermines the visibility of legitimate content, erodes trust in online information.

ClickFix: An Adaptive Social Engineering Technique

Between January and October 2025, two major ClickFix campaigns were tracked, including an Interlock ransomware incident in August targeting a U.S. SLTT entity. It has been used to deliver malware such as Lumma Stealer, NetSupport RAT, and SocGholish.

New CoPhish attack steals OAuth tokens via Copilot Studio agents

CoPhish abuses the flexibility of Microsoft Copilot Studio, which allows users to create and share chatbot agents hosted on copilotstudio.microsoft.com. These agents can be customized using "topics"—automated workflows that include login prompts.

Mem3nt0 mori – The Hacking Team is back!

A sophisticated APT campaign, dubbed Operation ForumTroll, has been linked to the use of advanced spyware tools including LeetAgent and Dante, developed by Memento Labs (formerly Hacking Team).

Strings in the maze: Finding hidden strengths and gaps in your team

The cybersecurity landscape has seen a significant shift in threat actor behavior, with a marked increase in the exploitation of public-facing applications, evolving ransomware tactics, and targeted cyber-espionage campaigns.

Microsoft disables File Explorer preview for downloads to block attacks

Microsoft has implemented a security enhancement in File Explorer that disables the preview pane for files downloaded from the internet. This change is designed to prevent credential theft attacks that exploit NTLM hash leakage.

Shadow Escape 0-Click Attack in AI Assistants Puts Trillions of Records at Risk

A newly discovered zero-click attack, dubbed Shadow Escape, exploits MCP used by AI assistants. This attack enables the silent exfiltration of sensitive data—including SSNs, financial records, and medical identifiers—without any user interaction.

F5 BIG-IP Source Code Leak Tied to State-Linked Campaigns Using BRICKSTORM Backdoor

A China-linked threat actor, UNC5221, has compromised F5 BIG-IP systems, stealing source code and vulnerability data. The attackers deployed the BRICKSTORM backdoor, a sophisticated Go-based malware, enabling stealthy C2 and data exfiltration.

New Phishing Emails Pretend to Offer Jobs to Steal Facebook Logins

A new report from cybersecurity research firm Sublime Security reveals yet another widespread credential phishing campaign where scammers try to get your login information, specifically by stealing victims’ Facebook login details.

PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign

PolarEdge was first documented by Sekoia in February 2025, attributing it to a campaign targeting routers from Cisco, ASUS, QNAP, and Synology with the goal of corralling them into a network for an as-yet-undetermined purpose.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags