InfoSec News 20250721
Top News
-
Arch Linux pulls AUR packages that installed Chaos RAT malware
"Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS remote access trojan (RAT) on Linux devices."
TLP1 : Green
-
Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack
"A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals."
TLP1 : Green
-
3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics
"A new attack campaign has compromised more than 3,500 websites worldwide with JavaScript cryptocurrency miners, marking the return of browser-based cryptojacking attacks once popularized by the likes of CoinHive."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Russia Linked to New Malware Targeting Email Accounts for Espionage
"Russian military intelligence (GRU)-linked threat actors have been using previously unknown malicious software to enable espionage against victim email accounts, the UK’s National Cyber Security Centre (NCSC) has reported."
TLP1 : Green
-
Google Sues Operators of 10-Million-Device Badbox 2.0 Botnet
"Google has filed a lawsuit against the Badbox 2.0 botnet operators, after identifying over 10 million infected Android devices."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Dell confirms breach of test lab platform by World Leaks extortion group
"A newly rebranded extortion gang known as "World Leaks" breached one of Dell's product demonstration platforms earlier this month and is now trying to extort the company into paying a ransom."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
New CrushFTP zero-day exploited in attacks to hijack servers
"CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers."
TLP1 : Green
-
Microsoft SharePoint servers under attack via zero-day vulnerability (CVE-2025-53770)
"Attackers are exploiting a zero-day variant (CVE-2025-53770) of a SharePoint remote code execution vulnerability (CVE-2025-49706) that Microsoft patched earlier this month, the company has confirmed on Saturday."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
UK ties GRU to stealthy Microsoft 365 credential-stealing malware
"The UK National Cyber Security Centre (NCSC) has formally attributed ‘Authentic Antics’ espionage malware attacks to APT28 (Fancy Bear), a threat actor already linked to Russia’s military intelligence service (GRU)."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
LARVA-208’s New Campaign Targets Web3 Developers
"LARVA-208, known for its phishing attacks and social engineering tactics targeting English-speaking IT staff through phone calls, has adopted a new technique in its operations."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.