Beautiful photo. Difficult to capture, this mysterious, squid-shaped interstellar cloud spans nearly three full moons in planet Earth’s sky. Discovered in 2011 by French astro-imager Nicolas Outters, the Squid Nebula’s bipolar shape is distinguished here by the telltale blue emission from doubly ionized oxygen atoms. Though apparently surrounded by theRead More »Friday Squid Blogging: The Giant Squid Nebula
Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that’s used by law enforcement authorities in China to gather information from seized mobile devices. The hacking tool, believed to be a successor of MFSocket, is developed by a Chinese company named SDIC Intelligence Xiamen Information Co., Ltd.,Read More »China’s Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones
Multiple sectors in China, Hong Kong, and Pakistan have become the target of a threat activity cluster tracked as UNG0002 (aka Unknown Group 0002) as part of a broader cyber espionage campaign. “This threat entity demonstrates a strong preference for using shortcut files (LNK), VBScript, and post-exploitation tools such asRead More »UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns
Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure (ICS) appliances. According to a report published by JPCERT/CC today, the threat actors behind the exploitation of CVE-2025-0282 and CVE-2025-22457 in intrusions observedRead More »Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks
Mobile threats are growing and evolving as malicious actors engage in mobile-first attack strategies.
Noteworthy stories that might have slipped under the radar: powerful US law firm hacked by China, Symantec product flaw, $10,000 Meta AI hack, cryptocurrency thieves bypassing FIDO keys. The post In Other News: Law Firm Hacked by China, Symantec Flaw, Meta AI Hack, FIDO Key Bypass appeared first on SecurityWeek.
AI-native email security firm StrongestLayer has emerged from stealth mode with $5.2 million in seed funding. The post Email Protection Startup StrongestLayer Emerges From Stealth Mode appeared first on SecurityWeek.
The Department of Defense has discovered the National Guard Systems have been hacked by Salt Typhoon.
Cybersecurity researchers have disclosed a critical container escape vulnerability in the NVIDIA Container Toolkit that could pose a severe threat to managed AI cloud services. The vulnerability, tracked as CVE-2025-23266, carries a CVSS score of 9.0 out of 10.0. It has been codenamed NVIDIAScape by Google-owned cloud security company Wiz.Read More »Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a phishing campaign that’s designed to deliver a malware codenamed LAMEHUG. “An obvious feature of LAMEHUG is the use of LLM (large language model), used to generate commands based on their textual representation (description),” CERT-UA said in aRead More »CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign
