UNC6148: The Crew That Keeps Sneaking Back Into “Fully Patched” SonicWall Boxes Google’s Threat Intelligence Group (GTIG) has linked a campaign against fully-patched yet end-of-life SonicWall SMA 100 series remote-access appliances to a threat cluster it tracks as UNC6148. The attackers are re-entering appliances by using stolen administrator credentials and one-time-password (OTP) seeds lifted during […]

Fake “IT Help Desk” Teams Calls Drop Sneaky Matanbuchus 3.0 Malware Researchers have spotted Matanbuchus 3.0, an upgraded malware‑as‑a‑service loader, being pushed through Microsoft Teams calls that pose as helpful IT staff. Targets are tricked into launching Quick Assist, granting attackers remote access so they can run a PowerShell script that drops the loader. Matanbuchus 3.0 boasts […]

Google rushes out fix for active Chrome zero-day CVE-2025-6554 – a critical vulnerability in Chrome’s V8 engine – is being exploited right now, so Google has released an out-of-band patch. What happened? • A type-confusion bug lets an attacker craft a web page that reads or writes arbitrary memory, paving the way for full code […]

Why “Innocent” Network Traffic May Be Your Biggest Cyber Risk Threat actors increasingly disguise malicious activity as normal network traffic: 80 % of attacks in CrowdStrike’s 2025 report were “malware-free,” relying on credential theft, DLL hijacking and other living-off-the-land tactics. Traditional edge devices and EDR miss much of this traffic—Verizon notes breaches via VPNs and […]

Chinese hackers weaponise new Ivanti CSA bugs to hit French public and private sector Chinese threat group “Houken” (overlapping Google Mandiant’s UNC5174) exploited three zero-day flaws in Ivanti Cloud Services Appliance (CSA) – CVE-2024-8963, CVE-2024-9380 and CVE-2024-8190 – to breach French government, telecoms, media, finance and transport bodies in September 2024. According to France’s cyber-security […]

The hidden weaknesses in AI SOC tools AI-driven Security Operations Centre (SOC) platforms promise faster triage and fewer false alarms, yet most depend on pre-trained models that only recognise a narrow set of threats. These fixed models can’t keep up with today’s constantly shifting alert landscape, forcing analysts back to manual work whenever an unfamiliar […]

Critical Sudo Bugs Hand Attackers Root Access – Patch Now Security researchers have uncovered two flaws in the ubiquitous Sudo utility that let any local user on vulnerable Linux and Unix-like systems gain root. • CVE-2025-32462 (CVSS 2.8) – a 12-year-old bug in the -h host option lets commands permitted for a different host run […]

Iranian attackers recently manipulated a small U.S. water-treatment station simply by logging in with the factory-set password “1111”. The incident led CISA to repeat years-old advice: default credentials remain one of the most abused weaknesses in operational-technology (OT) and IoT environments. Default passwords survive because they simplify initial set-up and bulk provisioning, yet they invite […]

Veeam rushes out fix for critical backup flaw Veeam has issued updates for Backup & Replication after researchers from CODE WHITE and watchTowr disclosed CVE-2025-23121, a remote-code-execution bug scored 9.9/10.0 on the CVSS scale. The flaw affects every Version 12 build up to 12.3.1.1139 and lets an authenticated Windows domain user run arbitrary code on […]