Top News

• Casio and 16 Other Websites Hit by Double-Entry Web Skimming Attack

"Researchers uncover a double-entry website skimming attack targeting Casio and 16 other sites. Learn how cybercriminals exploited vulnerabilities to steal sensitive payment data and evade detection."

Link

TLP¹ : Green

• DeepSeek’s Popularity Sparks Surge in Crypto Phishing and Malware Campaigns

"The rapid rise of DeepSeek, a Chinese artificial intelligence company known for its open-source large language models (LLMs), has sparked not only excitement but also a significant increase in cyber threats."

Link

TLP¹ : Green

• Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists

"Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Google to Iran: Yes, we see you using Gemini for phishing and scripting. We're onto you

"Google says it's spotted Chinese, Russian, Iranian, and North Korean government agents using its Gemini AI for nefarious purposes, with Tehran by far the most frequent naughty user out of the four."

Link

TLP¹ : Green

• U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

"U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Mizuno USA says hackers stayed in its network for two months

"Mizuno USA, a subsidiary of Mizuno Corporation, one of the world's largest sporting goods manufacturers, confirmed in data breach notification letters that unknown attackers stole files from its network between August and October 2024."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• CVE-2025-0851 (CVSS 9.8): Deep Java Library Vulnerability Allows Path Traversal Exploits

"A newly discovered vulnerability in the Deep Java Library (DJL) has been found to leave systems open to potential attacks."

Link

TLP¹ : Green

• CVE-2025-0477 (CVSS 9.8): Critical Security Flaw in Rockwell Automation’s FactoryTalk AssetCentre

"Industrial automation giant Rockwell Automation has issued a security advisory addressing multiple critical vulnerabilities in its FactoryTalk AssetCentre software."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• HTTP Client Tools Exploitation for Account Takeover Attacks

"Proofpoint has observed a rising trend of attackers repurposing legitimate HTTP client tools, such as those emulating XMLHttpRequest and Node.js HTTP requests, to compromise Microsoft 365 environments. Originally sourced from public repositories like GitHub, these tools are increasingly used in attacks like Adversary-in-the-Middle (AitM) and brute force techniques, leading to numerous account takeover (ATO) incidents."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• TRAVERTINE (CVE-2025-24118) An absolutely wild race condition in the macOS kernel.

"It involves a combination of several cutting-edge features in the macOS kernel (XNU)- Safe Memory Reclamation (SMR), read-only page mappings, per-thread credentials, memcpy implementation details, and of course, a race condition tying everything all together."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp