Cyber Attack

Mysterious Elephant is an active APT group identified by Kaspersky GReAT in 2023. It continually evolves its tactics to avoid detection. The group’s recent campaign, starting in early 2025, shows a notable change in their tactics, focusing more on new custom tools and open-source tools like BabShell and MemLoader. The …

A critical vulnerability was discovered in Smithery.ai, a well-known registry for Model Context Protocol (MCP) servers. This flaw could have let hackers steal data from over 3,000 AI servers and access API keys of thousands of users. MCP connects AI apps to external tools and data, such as local files …

A security researcher has unveiled a major vulnerability in a popular payment terminal that could allow attackers to take full control of the device in less than a minute. The Worldline Yomani XR model is used in grocery stores, cafes, repair shops, and various businesses in Switzerland. The terminal’s maintenance …

After its investigation in collaboration with leading IR Firm, Mandiant into the scope of a recent cloud backup security incident, SonicWall confirm that an unauthorized party accessed firewall configuration backup files for all customers who have used SonicWall’s cloud backup service. The files contain encrypted credentials and configuration data; while …

Researchers monitoring for larger .ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in zero-day attacks at the beginning of the year. ICS files, or iCalendar files, store plain text calendar information, like meetings and events, and allow exchange between different calendar apps. Threat actors …

Researchers at Google Mandiant and GTIG are monitoring a suspected Cl0p ransomware affiliate conducting a mass extortion campaign against Oracle E-Business Suite customers. The attackers allege they have stolen sensitive corporate data and are demanding ransoms up to $50 million, as reported by the incident response firm Halcyon, which is …

50k Cisco ASA and FTD devices on the internet are at risk due to two vulnerabilities being exploited by hackers. Flaws CVE-2025-20333 and CVE-2025-20362 allow remote code execution and access to restricted VPN URLs without authentication. On September 25, Cisco warned that the issues were actively exploited in attacks that …

Security researchers found a zero-click vulnerability in WhatsApp that lets remote code execution (RCE) on iOS, macOS, and iPadOS. The attack chain uses two vulnerabilities, CVE-2025-55177 and CVE-2025-43300, to compromise a device without user interaction. Researchers from DarkNavyOrg demonstrated a “zero-click” exploit that targets WhatsApp. This attack involves sending a …

Arctic Wolf noted a significant rise in Akira ransomware attacks since late July 2025, focusing on SonicWall SSL VPN accounts. This campaign is still active, with new infrastructure spotted as recently as September 20, 2025. Akira affiliates are exploiting stolen credentials, even in environments where multi-factor authentication (MFA) is enabled. …

Archer Health, a US provider of in-home and palliative care, left an unsecured database online, exposing sensitive personal and health information to anyone who could find it, experts say. Cybersecurity researcher Jeremiah Fowler alerted WebsitePlanet after discovering the database and assisting in securing it. Fowler discovered an unprotected database with …