Top News

• 150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms

"An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to date."

Link

TLP¹ : Green

• New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims' DNS Email Records

"Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands."

Link

TLP¹ : Green

• Threat Actors Abuse Trust in Cloud Collaboration Platforms

"Threat actors constantly evolve with new mechanisms to bypass multiple secure email gateways (SEGs). A specific mechanism to evade detection is using online documents, such as Adobe, DocuSign, Dropbox, Canva, and Zoho."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Chinese FamousSparrow hackers deploy upgraded malware in attacks

"A China-linked cyberespionage group known as 'FamousSparrow' was observed using a new modular version of its signature backdoor 'SparrowDoor' against a US-based trade organization."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• StreamElements discloses third-party data breach after hacker leaks data

"Cloud-based streaming company StreamElements confirms it suffered a data breach at a third-party service provider after a threat actor leaked samples of stolen data on a hacking forum."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Mozilla fixed critical Firefox vulnerability CVE-2025-2857

"Mozilla addressed a critical vulnerability, tracked as CVE-2025-2857, impacting its Firefox browser for Windows."

Link

TLP¹ : Green

• CVE-2025-31103: Zero-Day Vulnerability Discovered in a-blog cms, Act Now to Protect Your Web Server

"A critical security vulnerability has been discovered in a-blog cms, a web content management system developed by appleple inc.."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• With the cybersecurity job market booming, this CISSP training deal may help

"In a job market riddled with uncertainty, one sector continually stands out as a beacon of stability and growth: cybersecurity. With cyber threats escalating daily, businesses are scrambling to secure their digital assets, creating an unprecedented demand for skilled professionals. Sounds great, right? But you need the right credentials to get hired."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Cloud Threats on the Rise: Alert Trends Show Intensified Attacker Focus on IAM, Exfiltration

"The attacks against cloud-hosted infrastructure are increasing, and the proof is in the analysis of security alert trends. Recent research reveals that organizations saw nearly five times as many daily cloud-based alerts at the end of 2024 compared to the start of the year. This means attackers have significantly intensified their focus on targeting and breaching cloud infrastructure."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp