August 5, 2025

Foreign adversaries are trying to weaponize open-source software, report finds

Nation-state actors from China and Russia are actively attempting to compromise open-source software ecosystems by embedding malicious code and backdoors through trusted contributor roles.

Kremlin goons caught abusing local ISPs to spy on diplomats

Microsoft has confirmed that the Russian state-sponsored threat group Secret Blizzard (aka Turla, VENOMOUS BEAR) is conducting cyber-espionage operations against foreign embassies in Moscow by exploiting local ISPs.

Feds still trying to crack Volt Typhoon hackers’ intentions, goals

Federal cybersecurity officials are continuing to assess the strategic threat posed by the Chinese state-sponsored threat actor Volt Typhoon, which has infiltrated U.S. critical infrastructure networks, including systems on the island of Guam.

Scattered Spider is targeting victims' Snowflake data storage for quick exfiltration

An updated joint advisory from U.S., U.K., Canadian, and Australian cybersecurity agencies warns of ongoing campaigns by Scattered Spider. This group is targeting Snowflake data storage environments to exfiltrate large volumes of sensitive data.
July 29, 2025

GOLD BLADE Remote DLL Sideloading Attack Deploys RedLoader

A new campaign by the GOLD BLADE threat group leverages remote DLL sideloading technique to deploy RedLoader malware. This attack chain combines malicious LNK files and WebDAV-based delivery mechanisms to evade detection and establish persistence.

Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems

Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targeted systems. The attack chains entail the exploitation of CVE-2025-49706 and CVE-2025-49704.

Microsoft SharePoint zero-day attacks pinned on China-linked ‘Typhoon’ threat groups

Two critical zero-day vulnerabilities in Microsoft SharePoint—CVE-2025-53770 and CVE-2025-53771—are being actively exploited by China-linked threat actors Linen Typhoon, Violet Typhoon, and Storm-2603.

Threat actor targets end-of-life SonicWall SMA 100 appliances in ongoing campaign

A sophisticated threat campaign by UNC6148 is actively targeting fully patched but end-of-life SonicWall Secure Mobile Access (SMA) 100 appliances. The targeted appliances are fully patched but have reached end-of-life status.

Iranian ransomware crew promises big bucks for US attacks

An Iranian ransomware group, Pay2Key, has resurfaced as Pay2Key.I2P after a five-year hiatus, operating as a RaaS platform. The group is offering affiliates up to 80% of ransom proceeds for targeting US and Israeli organizations.

China-linked attacker hit France’s critical infrastructure via trio of Ivanti zero-days last year

A China-linked threat actor, UNC5174, exploited three Ivanti CSA zero-days (CVE-2024-8190, CVE-2024-8963, CVE-2024-9380) to target French critical infrastructure sectors from September to November 2024.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags