UNC6384 Targets European Diplomatic Entities With Windows Exploit
UNC6384, a China-linked threat actor, has been targeting European diplomatic entities in Hungary and Belgium in a cyber-espionage campaign since September. The group incorporated the exploitation of CVE-2025-9491, a high-severity Windows vulnerability, in its attacks, alongside what Arctic Wolf researchers are referring to as "refined social engineering." The researchers note that the group's willingness to use vulnerabilities that are publicly known and have been actively exploited. READ MORE...
China-linked hackers exploited Lanscope flaw as a zero-day in attacks
China-linked cyber-espionage actors tracked as 'Bronze Butler' (Tick) exploited a Motex Lanscope Endpoint Manager vulnerability as a zero-day to deploy an updated version of their Gokcpdoor malware. The discovery of this activity comes from Sophos researchers, who observed the threat actors exploiting the vulnerability in mid-2025 before it was patched to steal confidential information. The flaw exploited in these attacks is CVE-2025-61932, a critical request origin verification flaw. READ MORE...
Penn hacker claims to have stolen 1.2 million donor records in data breach
A hacker has taken responsibility for last week's University of Pennsylvania "We got hacked" email incident, saying it was a far more extensive breach that exposed data on 1.2 million donors and internal documents. On Friday, University of Pennsylvania alumni and students began receiving multiple offensive emails from Penn.edu addresses claiming the university had been hacked and data stolen. READ MORE...
Chinese APT Uses 'Airstalk' Malware in Supply Chain Attacks
A suspected Chinese state-sponsored threat actor has been deploying an AirWatch API-abusing malware family in supply chain attacks, Palo Alto Networks reports. The APT, tracked as CL-STA-1009, has been targeting business process outsourcing (BPO) entities, which typically have access to critical business systems within their clients' networks. According to Palo Alto Networks, organizations specializing in BPO have been increasingly targeted by cybercriminals and state-sponsored hackers. READ MORE...
Alleged Jabber Zeus Coder 'MrICQ' in U.S. Custody
A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States, KrebsOnSecurity has learned. Sources close to the investigation say Yuriy Igorevich Rybtsov, a 41-year-old from the Russia-controlled city of Donetsk, Ukraine, was previously referenced in U.S. federal charging documents only by his online handle "MrICQ." READ MORE...
Claude AI APIs Can Be Abused for Data Exfiltration
Attackers can use indirect prompt injections to trick Anthropic's Claude into exfiltrating data the AI model's users have access to, a security researcher has discovered. The attack, Johann Rehberger of Embrace The Red explains, abuses Claude's Files APIs, and is only possible if the AI model has network access (a feature enabled by default on certain plans and meant to allow Claude to access certain resources, such as code repositories and Anthropic APIs). READ MORE...
- ...in 1908, Cincinnati-born William Howard Taft is elected as the 27th President of the United States of America.
- ...in 1931, the first commercially produced synthetic rubber manufactured.
- ...in 1952, Clarence Birdseye first markets frozen peas.
- ...in 1957, The Soviet Union launches Sputnik 2. On board is the first animal to enter orbit: a dog named Laika.
