Top News

• MostereRAT Targets Windows Users With Stealth Tactics

A phishing campaign delivering a new strain of malware, MostereRAT, has been uncovered by cybersecurity researchers. The Remote Access Trojan (RAT) targets Microsoft Windows systems and gives attackers complete control over compromised machines.

Link

TLP¹ : Green

• GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets

A supply chain attack involving malicious GitHub Action workflows has impacted hundreds of repositories and thousands of secrets, developer security firm GitGuardian revealed on Friday.

Link

TLP¹ : Green

• iCloud Calendar abused to send phishing emails from Apple’s servers

iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple's email servers, making them more likely to bypass spam filters to land in targets' inboxes.

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Czech cyber agency NUKIB flags Chinese espionage risks to critical infrastructure

Czech cybersecurity agency NUKIB warns of Chinese cyber threats to critical infrastructure, citing the cyberespionage group APT31 and risky devices.

Link

TLP¹ : Green

• Two arrested in Egypt as authorities take down Streameast sports piracy platform

The popular Streameast illegal sports streaming site was taken down on Wednesday as officials in Egypt arrested two men allegedly involved in the effort.

Link

TLP¹ : Green

• Chinese Spies Impersonated US Lawmaker to Deliver Malware to Trade Groups: Report

Chinese hackers are believed to be behind a recent attempt to spy on trade groups and other organizations ahead of US-China trade talks, the Wall Street Journal reported.

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Nexar dashcam video database hacked

A hacker cracked into a database of video recordings taken from Nexar-branded cameras, which are built to be placed drivers’ cars.

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• CISA orders federal agencies to patch Sitecore zero-day following hacking reports

Federal civilian agencies have until September 25 to patch a vulnerability in popular content management system Sitecore after incident responders said they disrupted a recent attack involving the bug.

Link

TLP¹ : Green

• Microsoft now enforces MFA on Azure Portal sign-ins for all tenants

Microsoft says it has been enforcing multifactor authentication (MFA) for Azure Portal sign-ins across all tenants since March 2025. The company's Azure MFA enforcement efforts were announced in May 2024 when Redmond began implementing mandatory MFA for all users signing into Azure to administer resources.

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Rogue AI Agents In Your SOCs and SIEMs – Indirect Prompt Injection via Log Files

AI agents (utilizing LLMs and RAG) are being used within SOCs and SIEMS to both help identify attacks and assist analysts with working more efficiently

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked. According to a post-incident evaluation by Wiz researchers, the Nx compromise has resulted in the exposure of 2,180 accounts and 7,200 repositories across three distinct phases.

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp