Israeli cybersecurity firm Check Point has issued a response after a hacker claimed to have stolen valuable information from the company's systems. Over the weekend, a threat actor using the name CoreInjection announced in a BreachForums post that they were selling data allegedly stolen from Check Point for 5 Bitcoin (approximately $430,000). The threat actor claimed the theft of a broad range of data from the security firm, including project documentation, credentials, network maps and more. READ MORE...
The threat actor that claimed responsibility for an alleged data breach at Oracle Cloud is threatening to release or sell the data, according to security researchers. The threat actor, identified as Rose87168, posted a threat Sunday to leak stolen data and claimed Oracle is not cooperating with the hacker's demands, according to a LinkedIn post by Alon Gal, co-founder and CTO at Hudson Rock. READ MORE...
A phishing-as-a-service (PhaaS) platform named 'Lucid' has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android). Lucid, which has been operated by Chinese cybercriminals known as the 'XinXin group' since mid-2023, is sold to other threat actors via a subscription-based model that gives them access to over 1,000 phishing domains, tailored auto-generated phishing sites, and pro-grade spamming tools. READ MORE...
North Korea's Lazarus threat is the latest cybercriminal group to adopt the increasingly popular "ClickFix" attack method in its ongoing campaign to target job seekers, in an effort to steal cryptocurrency and other sensitive data. The dangerous advanced persistent threat (APT) group is employing the sophisticated social engineering attack in a new campaign dubbed ClickFake Interview, which researchers believe is related to its previous Contagious Interview campaign. READ MORE...
Since last fall, well-known backdoor malware SmokeLoader has been upgraded with a new second-stage payload dropper called CoffeeLoader that's tricked out with techniques to beat endpoint security software. New research from Zscaler ThreatLabz provides a deep technical dive into CoffeeLoader's new eyebrow-raising evasion techniques. At the moment, CoffeeLoader is being used to deliver shellcode for the Rhadamanthys infostealer, the analysis showed. READ MORE...
Owners of Ivanti's Connect Secure, Policy Secure, and ZTA Gateway products have a new strain of malware to fend off, according to the US Cybersecurity and Infrastructure Security Agency, aka CISA. If you haven't yet patched your vulnerable Ivanti kit, you now have one more reason to wipe and update it. Uncle Sam dubbed the latest software nasty Resurge, and warned it infects devices by exploiting a critical stack-overflow bug. READ MORE...
A new security issue is putting WordPress-powered websites at risk. Hackers are abusing the "Must-Use" plugins (MU-plugins) feature to hide malicious code and maintain long-term access on hacked websites. In earlier 2025, security researchers at Sucuri noticed cybercriminals using the tactic, and they say that it has been increasingly used the technique in the months since. In WordPress, MU-plugins are plugins that are automatically enabled on a WordPress-powered site. READ MORE...
Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. The security vulnerability (CVE-2025-2825) was reported by Outpost24, and it allows remote attackers to gain unauthenticated access to devices running unpatched CrushFTP v10 or v11 software. ?The warning comes days after ProjectDiscovery published technical details and a proof-of-concept exploit. READ MORE...
Microsoft's offensive security team has warned Canon about a critical vulnerability affecting some printer drivers. According to an advisory published last week by Canon, drivers associated with several production printers, office multifunction printers, and laser printers are affected by an out-of-bounds vulnerability. The security hole is tracked as CVE-2025-1268 and it has a CVSS severity score of 9.4. READ MORE...