Iranian Hackers Launch ‘SpearSpecter’ Spy Operation (APT42) Iran-linked APT42 is running “SpearSpecter,” a spear-phishing and social-engineering campaign against high-value defence and government officials, sometimes extending to family members. Lures include conference invites and meeting requests. The operation uses personalised pretexts and custom tooling (e.g., TAMECAT) to gather credentials and maintain access. The Israel National Digital […]

Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT Elastic observed the Dragon Breath group using RONINGLOADER, a multi-stage loader inside trojanised NSIS installers, to disable endpoint security (including Microsoft Defender via PPL/EDR-Freeze tricks) and deploy a modified Gh0st RAT. The loader kills AV processes, abuses drivers, tampers with firewalls, and side-loads […]

5 Reasons Why Attackers Are Phishing Over LinkedIn The Hacker News explains why phishing is booming on LinkedIn and other non-email channels. Attackers like LinkedIn because it bypasses email security, is cheap and scalable, enables convincing impersonation, and supports long-game social engineering with credible profiles and DMs. Metrics undercount the problem because most controls (and […]

3,000 YouTube Videos as Malware Traps (“YouTube Ghost Network”) Check Point uncovered a YouTube Ghost Network of compromised accounts pushing over 3,000 malicious videos since 2021, with volumes tripling in 2025. Content focuses on cracked software and Roblox cheats, luring users to malware via links (MediaFire/Drive/Google Sites/Blogger/Telegraph), often masked by shorteners. The operation uses role-based […]

ChatGPT Atlas Browser “Tainted Memories” Exploit LayerX researchers detail a CSRF-based attack against ChatGPT Atlas that writes malicious instructions into the browser’s persistent memory. The tainted memory persists across sessions/devices, enabling later code execution, privilege escalation, or data theft when normal prompts are run. The chain: user logged in → lure link → CSRF memory […]

One naughty URL, and your Chromium browser keels over A bug in Chromium’s Blink engine, dubbed Brash, can crash Chromium-based browsers within seconds via a crafted URL. The issue abuses the lack of rate-limiting on document.title updates, flooding the DOM with millions of mutations per second. The three-stage attack—hash preparation, burst injection, UI thread saturation—freezes […]

VMware Tools + Aria Ops: a small toggle, a big problem CISA added CVE-2025-41244 to its KEV list: a Broadcom VMware Tools/Aria Operations vulnerability enabling local privilege escalation to root on VMs where Tools is managed by Aria Operations with SDMP enabled. NVISO says the bug was exploited as a zero-day from mid-October 2024; Mandiant […]

CISA & NSA Urgent Guidance to Secure WSUS and Microsoft Exchange CISA and NSA, with partners, issued hardening guidance for on-prem Exchange: restrict admin access, enforce MFA, apply baselines, enable security features (AMSI/ASR/EDR), and harden TLS/HSTS, EPA, Kerberos/SMB over NTLM. They also updated an alert for CVE-2025-59287 (WSUS) exploited days after Microsoft’s patch—threat actors used […]

Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks Proofpoint reports a campaign targeting trucking and logistics firms to steal physical cargo, focusing on food and beverages. Attackers hijack email threads and post bogus load listings; victims who click receive signed installers that deploy legitimate RMM tools (e.g., ScreenConnect, SimpleHelp, PDQ Connect, N-able). […]