China-Based APTs Deploy Fake Dalai Lama Apps to Spy on Tibetan Community The Hacker [email protected] (The Hacker News)
July 24, 2025

The Tibetan community has been targeted by a China-nexus cyber espionage group as part of two campaigns conducted last month ahead of the Dalai Lama's 90th birthday on July 6, …


Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems The Hacker [email protected] (The Hacker News)
July 24, 2025

Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targeted systems. The tech giant, in an update shared Wednesday, …


Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cybercrime Marketplace The Hacker [email protected] (The Hacker News)
July 23, 2025

Europol on Monday announced the arrest of the suspected administrator of XSS.is (formerly DaMaGeLaB), a notorious Russian-speaking cybercrime platform. The arrest, which took place in Kyiv, Ukraine, on July 222, 2025, …


Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access The Hacker [email protected] (The Hacker News)
July 23, 2025

Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the "mu-plugins" directory in WordPress sites to grant threat actors persistent access and allow them to perform arbitrary actions. Must-use plugins …


New Tool: ficheck.py, (Thu, Jul 24th) SANS Internet Storm Center, InfoCON: green
July 23, 2025

As I mention every time I teach FOR577, I have been a big fan of file integrity monitoring tools (FIM) since Gene Kim first released Tripwire well over 30 years …


ISC Stormcast For Thursday, July 24th, 2025 https://isc.sans.edu/podcastdetail/9540, (Thu, Jul 24th) SANS Internet Storm Center, InfoCON: green
July 23, 2025

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.  ​Read More


Fixed Ivanti Bugs Still Haunt Japan Orgs 6 Months Later darkreadingNate Nelson, Contributing Writer
July 23, 2025

Chinese threat actors have been feeding off the same Ivanti RCE vulnerabilities we've known about since last year, partly thanks to complications in patching. Chinese threat actors have been feeding off …


Banking Trojan Coyote Abuses Windows UI Automation darkreadingJai Vijayan, Contributing Writer
July 23, 2025

It's the first known instance of malware that abuses the UIA framework and has enabled dozens of attacks against banks and crypto exchanges in Brazil. It's the first known instance of …


Dark Web Hackers Moonlight as Travel Agents darkreadingAlexander Culafi
July 23, 2025

Hackers are using stolen goods such as credit cards and loyalty points to book travel for sometimes unsuspecting clients, and remote workers, SMBs, travel brands, and others are at risk. Hackers …


Department of Education Site Mimicked in Phishing Scheme darkreadingAlexander Culafi
July 23, 2025

An ongoing phishing campaign is using fake versions of the department's G5 grant portal, taking advantage of political turmoil associated with the DoE's 1,400 layoffs. An ongoing phishing campaign is using …