North Korean operatives that dupe job seekers into installing malicious code on their devices have been spotted using new malware strains and techniques, resulting in the theft of credentials or cryptocurrency and ransomware deployment, according to researchers from Cisco Talos and Google Threat Intelligence Group. Cisco Talos said it observed an attack linked to Famous Chollima that involved the use of BeaverTail and OtterCookie, separate but complementary malware strains. READ MORE...
More than 600,000 F5 network security devices running the company's flagship BIG-IP software are sitting unpatched on the internet one day after the company revealed that nation-state hackers had accessed its networks and source code. The figure, which Palo Alto Networks provided on Thursday, highlights how many organizations could be vulnerable to cyberattacks exploiting vulnerabilities that the unidentified hackers discovered. READ MORE...
More than 17 million individuals were likely impacted by a data breach at peer-to-peer lending marketplace Prosper, data breach notification service Have I Been Pwned warns. Prosper disclosed the incident last month, noting that hackers accessed its network and stole confidential, proprietary, and personal information from its systems. According to the US-based company, the attackers queried its database containing customer information and applicant data to exfiltrate the information. READ MORE...
Hacking groups-at least one of which works on behalf of the North Korean government-have found a new and inexpensive way to distribute malware from "bulletproof" hosts: stashing them on public cryptocurrency blockchains. In a Thursday post, members of the Google Threat Intelligence Group said the technique provides the hackers with their own "bulletproof" host, a term that describes cloud platforms that are largely immune from takedowns by law enforcement and pressure from security researchers. READ MORE...
Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. Zendesk is an automated help desk service designed to make it simple for people to contact companies for customer support issues. Earlier this week, KrebsOnSecurity started receiving thousands of ticket creation notification messages through Zendesk in rapid succession. READ MORE...
Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability (CVE-2025-11371) that threat actors have leveraged as a zero-day since late September. Researchers at cybersecurity platform Huntress disclosed the exploitation activity last week saying that the flaw was a bypass for mitigations Gladinet implemented for the deserialization vulnerability leading to remote code execution (RCE) identified as CVE-2025-30406. READ MORE...
By revoking 200 software-signing certificates, Microsoft has hampered the activities of Vanilla Tempest, a ransomware-wielding threat actor that has been targeting organizations with malware posing as Microsoft Teams. In this latest campaign, spotted by Microsoft's researchers in late September 2025, Vanilla Tempest used signed files made to look like the official Teams installer. The files were actually loader malware that downloaded a signed Oyster backdoor. READ MORE...
Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in Cisco networking devices to deploy a rootkit and target unprotected Linux systems. The security issue leveraged in the attacks affects the Simple Network Management Protocol (SNMP) in Cisco IOS and IOS XE and leads to RCE if the attacker has root privileges. According to cybersecurity company Trend Micro, the attacks exploited the flaw in Cisco 9400, 9300, and legacy 3750G series devices. READ MORE...
Major password managers are being impersonated in a spate of recent phishing attacks, including LastPass, Bitwarden, and 1Password, and enterprise users should be on notice. In a three-week span, all of them have been dealing with impersonation attacks by threat actors trying to con users into handing over their master password - and with it, troves of sensitive credentials. Password management vendors have long been among hackers' favorite brands to impersonate, for good reason. READ MORE...