Nicolas Krassas
@dinosn.bsky.social
28th July – Threat Intelligence Report research.checkpoint.com/2025/28th-ju...
28th July – Threat Intelligence Report - Check Point Research
For the latest discoveries in cyber research for the week of 28th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The US Energy Department, including its National Nucl...
research.checkpoint.com
July 28, 2025 at 1:23 PM
28th July – Threat Intelligence Report research.checkpoint.com/2025/28th-ju...
MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted thehackernews.com/2025/06/move...
MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted
Surge in scanning activity targets MOVEit Transfer systems, raising concerns over possible exploitation.
thehackernews.com
June 27, 2025 at 9:22 AM
MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted thehackernews.com/2025/06/move...
BeyondTrust warns of pre-auth RCE in Remote Support software www.bleepingcomputer.com/news/securit...
BeyondTrust warns of pre-auth RCE in Remote Support software
BeyondTrust has released security updates to fix a high-severity flaw in its Remote Support (RS) and Privileged Remote Access (PRA) solutions that can let unauthenticated attackers gain remote code ex...
www.bleepingcomputer.com
June 18, 2025 at 10:28 AM
BeyondTrust warns of pre-auth RCE in Remote Support software www.bleepingcomputer.com/news/securit...
Asana warns MCP AI feature exposed customer data to other orgs www.bleepingcomputer.com/news/securit...
Asana warns MCP AI feature exposed customer data to other orgs
Work management platform Asana is warning users of its new Model Context Protocol (MCP) feature that a flaw in its implementation potentially led to data exposure from their instances to other users a...
www.bleepingcomputer.com
June 18, 2025 at 7:54 AM
Asana warns MCP AI feature exposed customer data to other orgs www.bleepingcomputer.com/news/securit...
Is b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform labs.watchtowr.com/is-b-for-bac...
Is b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform
Welcome to June! We’re back—this time, we're exploring Sitecore’s Experience Platform (XP), demonstrating a pre-auth RCE chain that we reported to Sitecore in February 2025.
We’ve spent a bit of time...
labs.watchtowr.com
June 17, 2025 at 12:56 PM
Is b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform labs.watchtowr.com/is-b-for-bac...
Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report www.securityweek.com/googles-32-b...
Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report
According to reports, the US Department of Justice will assess whether the deal would harm competition in the cybersecurity market.
www.securityweek.com
June 16, 2025 at 6:00 PM
Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report www.securityweek.com/googles-32-b...
Washington Post's email system hacked, journalists' accounts compromised www.bleepingcomputer.com/news/securit...
Washington Post's email system hacked, journalists' accounts compromised
Email accounts of several Washington Post journalists were compromised in a cyberattack believed to have been carried out by a foreign government.
www.bleepingcomputer.com
June 16, 2025 at 5:13 PM
Washington Post's email system hacked, journalists' accounts compromised www.bleepingcomputer.com/news/securit...
High-Severity Vulnerabilities Patched in Tenable Nessus Agent www.securityweek.com/high-severit...
High-Severity Vulnerabilities Patched in Tenable Nessus Agent
Three high-severity Tenable Agent vulnerabilities could allow users to overwrite and delete files, or execute arbitrary code.
www.securityweek.com
June 16, 2025 at 9:04 AM
High-Severity Vulnerabilities Patched in Tenable Nessus Agent www.securityweek.com/high-severit...
CISA Releases Ten Industrial Control Systems Advisories www.cisa.gov/news-events/...
CISA Releases Ten Industrial Control Systems Advisories | CISA
www.cisa.gov
June 12, 2025 at 5:40 PM
CISA Releases Ten Industrial Control Systems Advisories www.cisa.gov/news-events/...
GitLab patches high severity account takeover, missing auth issues www.bleepingcomputer.com/news/securit...
GitLab patches high severity account takeover, missing auth issues
GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in futur...
www.bleepingcomputer.com
June 12, 2025 at 12:45 PM
GitLab patches high severity account takeover, missing auth issues www.bleepingcomputer.com/news/securit...
'Major compromise' at NHS temping arm exposed gaping security holes go.theregister.com/feed/www.the...
'Major compromise' at NHS temping arm never disclosed
Exclusive: Incident responders suggested sweeping improvements following Active Directory database heist
go.theregister.com
June 12, 2025 at 10:40 AM
'Major compromise' at NHS temping arm exposed gaping security holes go.theregister.com/feed/www.the...
Ivanti Workspace Control hardcoded key flaws expose SQL credentials www.bleepingcomputer.com/news/securit...
Ivanti Workspace Control hardcoded key flaws expose SQL credentials
Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company's Workspace Control (IWC) solution.
www.bleepingcomputer.com
June 10, 2025 at 5:02 PM
Ivanti Workspace Control hardcoded key flaws expose SQL credentials www.bleepingcomputer.com/news/securit...
OpenAI working to fix ChatGPT outage affecting users worldwide www.bleepingcomputer.com/news/technol...
OpenAI working to fix ChatGPT outage affecting users worldwide
OpenAI is working to fix an ongoing outage impacting ChatGPT users worldwide and preventing them from accessing the chatbot on the web or via mobile and desktop apps.
www.bleepingcomputer.com
June 10, 2025 at 1:58 PM
OpenAI working to fix ChatGPT outage affecting users worldwide www.bleepingcomputer.com/news/technol...
Update: Dumping Entra Connect Sync Credentials posts.specterops.io/update-dumpi...
Update: Dumping Entra Connect Sync Credentials
Recently, Microsoft changed the way the Entra Connect Connect Sync agent authenticates to Entra ID. These changes affect attacker tradecraft, as we can no longer export the sync account credentials…
posts.specterops.io
June 9, 2025 at 5:44 PM
Update: Dumping Entra Connect Sync Credentials posts.specterops.io/update-dumpi...
Supply chain attack hits Gluestack NPM packages with 960K weekly downloads www.bleepingcomputer.com/news/securit...
Supply chain attack hits Gluestack NPM packages with 960K weekly downloads
A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT).
www.bleepingcomputer.com
June 8, 2025 at 6:12 AM
Supply chain attack hits Gluestack NPM packages with 960K weekly downloads www.bleepingcomputer.com/news/securit...
HMRC: Crooks broke into 100k accounts, stole £43M from British taxpayer in late 2024 go.theregister.com/feed/www.the...
Crims breached 100k UK tax accounts to steal £43M from HMRC
: It’s definitely not a cyberattack though! Really!
go.theregister.com
June 5, 2025 at 10:40 AM
HMRC: Crooks broke into 100k accounts, stole £43M from British taxpayer in late 2024 go.theregister.com/feed/www.the...
US offers $10M for tips on state hackers tied to RedLine malware www.bleepingcomputer.com/news/securit...
US offers $10M for tips on state hackers tied to RedLine malware
The U.S. Department of State has announced a reward of up to $10 million for any information on government-sponsored hackers with ties to the RedLine infostealer malware operation and its suspected cr...
www.bleepingcomputer.com
June 5, 2025 at 8:00 AM
US offers $10M for tips on state hackers tied to RedLine malware www.bleepingcomputer.com/news/securit...
Vodafone Germany Fined $51 Million Over Privacy, Security Failures www.securityweek.com/vodafone-ger...
Vodafone Germany Fined $51 Million Over Privacy, Security Failures
Germany fined Vodafone $51 million for failing to protect user data from partners and unauthorized third-parties.
www.securityweek.com
June 5, 2025 at 7:59 AM
Vodafone Germany Fined $51 Million Over Privacy, Security Failures www.securityweek.com/vodafone-ger...
Exclusive: Hackers Leak 86 Million AT&T Records with Decrypted SSNs hackread.com/hackers-leak...
Exclusive: Hackers Leak 86 Million AT&T Records with Decrypted SSNs
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
June 4, 2025 at 7:23 PM
Exclusive: Hackers Leak 86 Million AT&T Records with Decrypted SSNs hackread.com/hackers-leak...
Sleeper Sound: LayerX Uncovers Malicious “Sleeper” Sound Management Extensions with Nearly 1.5 Million Users Worldwide layerxsecurity.com/blog/sleeper...
Sleeper Sound: LayerX Uncovers Malicious “Sleeper” Sound Management Extensions with Nearly 1.5 Million Users Worldwide - LayerX
LayerX has unearthed network of malicious “sleeper agent” extensions that appear to serve as infrastructure for future malicious activity, currently installed on nearly 1.5 million users worldwide. ...
layerxsecurity.com
June 4, 2025 at 11:38 AM
Sleeper Sound: LayerX Uncovers Malicious “Sleeper” Sound Management Extensions with Nearly 1.5 Million Users Worldwide layerxsecurity.com/blog/sleeper...
Vulnerability leaks Vanta customer info www.scworld.com/brief/vulner...
Vulnerability leaks Vanta customer info
TechCrunch reports that leading trust management platform Vanta had private information from less than 4% of its over 10,000 clients inadvertently exposed to other customers due to a product code chan...
www.scworld.com
June 3, 2025 at 3:08 PM
Vulnerability leaks Vanta customer info www.scworld.com/brief/vulner...
Police takes down AVCheck site used by cybercriminals to scan malware www.bleepingcomputer.com/news/securit...
Police takes down AVCheck site used by cybercriminals to scan malware
An international law enforcement operation has taken down AVCheck, a service used by cybercriminals to test whether their malware is detected by commercial antivirus software before deploying it in th...
www.bleepingcomputer.com
May 30, 2025 at 5:33 PM
Police takes down AVCheck site used by cybercriminals to scan malware www.bleepingcomputer.com/news/securit...
Threat Actor Claims TikTok Breach, Puts 428 Million Records Up for Sale hackread.com/threat-actor...
Threat Actor Claims TikTok Breach, Puts 428 Million Records Up for Sale
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
May 30, 2025 at 2:22 PM
Threat Actor Claims TikTok Breach, Puts 428 Million Records Up for Sale hackread.com/threat-actor...
Adidas confirms criminals stole data from customer service provider go.theregister.com/feed/www.the...
Adidas confirms data swiped from customer service provider
: Hackers take personal data bytes from the brand with three stripes
go.theregister.com
May 27, 2025 at 2:49 PM
Adidas confirms criminals stole data from customer service provider go.theregister.com/feed/www.the...
Alleged AT&T breach compromises 31M records www.scworld.com/brief/allege...
Alleged AT&T breach compromises 31M records
AT&T had a database purportedly including 31 million sensitive user records exposed on a popular hacking forum, reports Cybernews.
www.scworld.com
May 27, 2025 at 2:48 PM
Alleged AT&T breach compromises 31M records www.scworld.com/brief/allege...