Threat actors are exploiting ConnectWise ScreenConnect to deploy AsyncRAT using fileless techniques, leveraging VBScript and PowerShell loaders, and maintain persistence through a fake Skype updater.

Three French regional healthcare agencies—Hauts-de-France, Normandy, and Pays de la Loire—have been targeted in a coordinated cyber-attack campaign that compromised the personal data of patients across public hospitals.

Researchers from multiple institutions analyzed 15,000 websites and found that 91% used JavaScript event listeners to monitor user interactions. Approximately 40% of websites captured keystrokes before users pressed submit.

The town of Vienna, Virginia, experienced a ransomware attack in August 2025, compromising the personal data of 811 individuals. The exposed data includes names, Social Security numbers, financial account details, and passport numbers.

GitLab issued a security advisory (AV25-584) addressing multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE). The affected versions include all releases before 18.3.2, 18.2.6, and 18.1.6.

Adobe has released Security Advisory AV25-583 on September 9, 2025, addressing multiple vulnerabilities across a wide range of its products, including Acrobat, After Effects, Premiere Pro, ColdFusion, and Adobe Commerce.

A China-based advanced persistent threat (APT) group is actively targeting military organizations in the Asia-Pacific region, particularly the Philippines, using a newly discovered fileless malware framework named EggStreme.

This vulnerability enables threat actors to execute arbitrary code, steal credentials and API tokens, modify files, or establish command-and-control channels without any user interaction.

ChillyHell is a modular macOS backdoor malware that remained undetected for four years after being notarized by Apple in 2021. Despite its malicious nature, the sample had passed Apple’s security checks and was publicly hosted on Dropbox since 2021.

A European DDoS mitigation provider was recently targeted in a record-breaking distributed denial-of-service (DDoS) attack that peaked at an unprecedented 1.5 billion packets per second (Bpps).