Top News

• Hackers use fake Ledger apps to steal Mac users’ seed phrases

"Cybercriminal campaigns are using fake Ledger apps to target macOS users and their digital assets by deploying malware that attempts to steal seed phrases that protect access to digital cryptocurrency wallets."

Link

TLP¹ : Green

• TikTok videos now push infostealer malware in ClickFix attacks

"Cybercriminals are using TikTok videos to trick users into infecting themselves with Vidar and StealC information-stealing malware in ClickFix attacks."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Police takes down 300 servers in ransomware supply-chain crackdown

"In the latest phase of Operation Endgame, an international law enforcement operation, national authorities from seven countries seized 300 servers and 650 domains used to launch ransomware attacks."

Link

TLP¹ : Green

• US indicts leader of Qakbot botnet linked to ransomware attacks

"The U.S. government has indicted Russian national Rustam Rafailevich Gallyamov, the leader of the Qakbot botnet malware operation that compromised over 700,000 computers and enabled ransomware attacks."

Link

TLP¹ : Green

• Police arrests 270 dark web vendors, buyers in global crackdown

"Police arrested 270 suspects following an international law enforcement action codenamed 'Operation RapTor' that targeted dark web vendors and customers from ten countries."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Coca-Cola, Bottling Partner Named in Separate Ransomware and Data Breach Claims

"Coca-Cola and its bottling partner CCEP targeted in separate cyber incidents, with the Everest ransomware gang and the Gehenna hacking group claiming data breaches involving sensitive employee and CRM data."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts

"Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites."

Link

TLP¹ : Green

• Fortinet Zero-Day Under Attack: PoC Now Publicly Available

"FortiGuard Labs released an urgent advisory detailing a critical vulnerability, CVE-2025-32756, affecting several Fortinet products, including FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• InfoSec4TC lifetime cybersecurity training is down to $53 this week

"If you’ve spent any time in cybersecurity, you know the learning never really stops. New threats pop up, tools evolve, and what was cutting-edge last year might be outdated today. But keeping up doesn’t mean you have to spend a fortune or chase down every trending course individually."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Threat Brief: CVE-2025-31324 (Updated May 23)

"We have added further details and indicators of compromise (IoC) to this post, to provide defenders additional information to hunt with. This information can be found in the Appendix section."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp