17 Jul, 2026

Google exposes BadAudio malware used in APT24 espionage campaigns

China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage campaign that recently switched to more sophisticated attack methods. Since 2022, the malware has been delivered to victims through multiple methods that include spearphishing, supply-chain compromise, and watering hole attacks. Campaign evolution From November 2022 until at least September 2025, APT24 […]

4 mins read

Hacker claims to steal 2.3TB data from Italian rail group, Almaviva

Data from Italy’s national railway operator, the FS Italiane Group, has been exposed after a threat actor breached the organization’s IT services provider, Almaviva. The hacker claims to have stolen 2.3 terabytes of data and leaked it on a dark web forum. According to the threat actor’s description, the leak includes confidential documents and sensitive company information. […]

2 mins read

GlobalProtect VPN portals probed with 2.3 million scan sessions

Malicious scanning activity targeting Palo Alto Networks GlobalProtect VPN login portals has increased 40 times in 24 hours, indicating a coordinated campaign. Real-time intelligence company GreyNoise reports that activity began climbing on November 14 and hit its highest level in 90 days within a week. “GreyNoise has identified a significant escalation in malicious activity targeting Palo Alto […]

2 mins read

Salesforce investigates customer data theft via Gainsight breach

Salesforce says it revoked refresh tokens linked to Gainsight-published applications while investigating a new wave of data theft attacks targeting customers. The cloud-based software company noted that this doesn’t stem from a vulnerability in its customer relationship management (CRM) platform since all evidence points to the malicious activity being related to the app’s external connection […]

2 mins read

New SonicWall SonicOS flaw allows hackers to crash firewalls

American cybersecurity company SonicWall urged customers today to patch a high-severity SonicOS SSLVPN security flaw that can allow attackers to crash vulnerable firewalls. Tracked as CVE-2025-40601, this denial-of-service vulnerability is caused by a stack-based buffer overflow impacting Gen8 and Gen7 (hardware and virtual) firewalls. “A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a […]

2 mins read

D-Link warns of new RCE flaws in end-of-life DIR-878 routers

D-Link is warning of three remotely exploitable command execution vulnerabilities that affect all models and hardware revisions of its DIR-878 router, which has reached end-of-service but is still available in several markets. Technical details and proof-of-concept (PoC) exploit code demonstrating the vulnerabilities have been published by a researcher using the name Yangyifan. Typically used in homes and small offices, the DIR-878 was […]

2 mins read

TV streaming piracy service with 26M yearly visits shut down

Photocall, a TV piracy streaming platform with over 26 million users annually, has ceased operations following a joint investigation by the Alliance for Creativity and Entertainment (ACE) and DAZN. The piracy service provided users with unauthorized access to 1,127 TV channels from 60 countries, including live sports content. In total, almost 30% of its visitors […]

2 mins read

Crypto mixer founders sent to prison for laundering over $237 million

The founders of the Samourai Wallet (Samourai) cryptocurrency mixing service have been sent to prison for helping criminals launder over $237 million. Samourai CEO Keonne Rodriguez was sentenced to five years in prison on November 6th, while the cryptomixer’s Chief Technology Officer William Lonergan Hill received a four-year sentence on November 19th. Both men were […]

2 mins read

Multi-threat Android malware Sturnus steals Signal, WhatsApp messages

A new Android banking trojan named Sturnus can capture communication from end-to-end encrypted messaging platforms like Signal, WhatsApp, and Telegram, as well as take complete control of the device. Although still under development, the malware is fully functional and has been configured to target accounts at multiple financial organizations in Europe by using “region-specific overlay templates.” Sturnus […]

4 mins read

Sneaky2FA PhaaS kit now uses redteamers’ Browser-in-the-Browser attack

The Sneaky2FA phishing-as-a-service (PhaaS) kit has added browser-in-the-browser (BitB) capabilities that are used in attacks to steal Microsoft credentials and active sessions. Sneaky2FA is a widely used PhaaS platform right now, alongside Tycoon2FA and Mamba2FA, all targeting primarily Microsoft 365 accounts. The kit was known for its SVG-based attacks and attacker-in-the-middle (AitM) tactics, where the authentication process is […]

3 mins read