16 Jul, 2026

Romanian water authority hit by ransomware attack over weekend

Romanian Waters (Administrația Națională Apele Române), the country’s water management authority, was hit by a ransomware attack over the weekend. Officials with the National Cyber Security Directorate (DNSC) said Sunday that the incident impacted approximately 1,000 computer systems at the national water authority and 10 of its 11 regional offices. While the breach affected servers running geographic […]

3 mins read

University of Phoenix data breach impacts nearly 3.5 million individuals

The Clop ransomware gang has stolen the data of nearly 3.5 million University of Phoenix (UoPX) students, staff, and suppliers after breaching the university’s network in August. Headquartered in Phoenix, Arizona, UoPX is a private for-profit university founded in 1976 with over 100,000 enrolled students and nearly 3,000 academic staff. In early December, the university disclosed […]

3 mins read

Not all CISA-linked alerts are urgent: ASUS Live Update CVE-2025-59374

An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or ongoing exploitation. The CVE documents a historic supply-chain attack in an End-of-Life (EoL) software product, not a newly emerging threat. Not all CISA KEVs signal urgency Recent coverage of CVE-2025-59374 has framed the […]

4 mins read

Ukrainian hacker admits affiliate role in Nefilim ransomware gang

A Ukrainian national pleaded guilty on Friday to conducting Nefilim ransomware attacks that targeted high-revenue businesses across the United States and other countries. The defendant, 35-year-old Artem Aleksandrovych Stryzhak, was arrested in Spain in June 2024 and extradited to the U.S. on April 30, 2025. Stryzhak has admitted to computer fraud conspiracy charges brought by U.S. prosecutors in […]

2 mins read

Critical RCE flaw impacts over 115,000 WatchGuard firewalls

Over 115,000 WatchGuard Firebox devices exposed online remain unpatched against a critical remote code execution (RCE) vulnerability actively exploited in attacks. The security flaw, tracked as CVE-2025-14733, affects Firebox firewalls running Fireware OS 11.x and later (including 11.12.4_Update1), 12.x or later (including 12.11.5), and 2025.1 up to and including 2025.1.3. Successful exploitation enables unauthenticated attackers to […]

3 mins read

Docker Hardened Images now open source and available for free

More than a 1,000 Docker Hardened Images (DHI) are now freely available and open source for software builders, under the Apache 2.0 license. Docker is a popular platform that enables developers to build, test, and deploy applications quickly inside container images that include the required dependencies, allowing for predictable and repeatable results across various systems and environments. DHIs, launched in May […]

2 mins read

RansomHouse upgrades encryption with multi-layered data processing

The RansomHouse ransomware-as-a-service (RaaS) has recently upgraded its encryptor, switching from a relatively simple single-phase linear technique to a more complex, multi-layered method. In practice, the upgrades offer stronger encryption results, faster speeds, and better reliability on modern target environments, giving threat actors stronger leverage during post-encryption negotiations. RansomHouse launched in December 2021 as a data extortion […]

2 mins read

Nigeria arrests dev of Microsoft 365 ‘Raccoon0365’ phishing platform

The Nigerian police arrested three individuals linked to targeted Microsoft 365 cyberattacks via Raccoon0365 phishing platform. The attacks led to business email compromise, data breaches, and financial losses affecting organizations worldwide. The law enforcement operation was possible thanks to intelligence from Microsoft, shared with the Nigeria Police Force National Cybercrime Centre (NPF–NCCC) via the FBI. The […]

2 mins read

Clop ransomware targets Gladinet CentreStack in data theft attacks

The Clop ransomware gang (also known as Cl0p) is targeting Internet-exposed Gladinet CentreStack file servers in a new data theft extortion campaign. Gladinet CentreStack enables businesses to securely share files hosted on on-premises file servers through web browsers, mobile apps, and mapped drives without requiring a VPN. According to Gladinet, CentreStack “is used by thousands of businesses from […]

2 mins read

New password spraying attacks target Cisco, PAN VPN gateways

An automated campaign is targeting multiple VPN platforms, with credential-based attacks being observed on Palo Alto Networks GlobalProtect and Cisco SSL VPN. On December 11, threat monitoring platform GreyNoise observed the number of login attempts aimed at GlobalProtect portals peaked at 1.7 million during a period of 16 hours. Collected data showed that the attacks originated from […]

2 mins read