Top News

• Squid Werewolf APT Masquerades as Recruiters in Espionage Campaign Targeting Key Employees

"The BI.ZONE Threat Intelligence team has uncovered a new cyber-espionage campaign attributed to Squid Werewolf, also known as APT37, Ricochet Chollima, ScarCruft, and Reaper Group."

Link

TLP¹ : Green

• AWS SNS Exploited for Data Exfiltration and Phishing Attacks

"Amazon Web Services’ Simple Notification Service (AWS SNS) is a versatile cloud-based pub/sub service that facilitates communication between applications and users."

Link

TLP¹ : Green

• Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts

"Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Denmark warns of increased state-sponsored campaigns targeting the European telcos

"Denmark ‘s cybersecurity agency warns of increased state-sponsored campaigns targeting the European telecom companies"

Link

TLP¹ : Green

• Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges

"A 51-year-old dual Russian and Israeli national who is alleged to be a developer of the LockBit ransomware group has been extradited to the United States, nearly three months after he was formally charged in connection with the e-crime scheme."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories

"Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Critical RCE flaw in Apache Tomcat actively exploited in attacks

"A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request."

Link

TLP¹ : Green

• Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year

"An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Get started in a cybersecurity career with this ethical hacking bundle deal

"Are you feeling stagnant at your current job? You're not alone, and you may be due for a career change. Here's a fact that might finally inspire you to switch to cybersecurity: there are about 3.5 million unfilled cybersecurity jobs waiting to be filled, and some of those companies are willing to pay top dollar for experts who can protect their businesses from cyber threats."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Abusing with style: Leveraging cascading style sheets for evasion and tracking

"Cisco Talos has identified actors abusing Cascading Style Sheets (CSS) to 1) evade spam filters and detection engines, and 2) track users’ actions and preferences."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp