Cyber News & Articles

SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug and password reuse.
“We now have high confidence that the recent SSL VPN activity is not connected to a zero-day vulnerability,” the company said. “Instead, there is a significant correlation with threat activity related to CVE-2024-40766.”

Python is everywhere in modern software. From machine learning models to production microservices, chances are your code—and your business—depends on Python packages you didn’t write.
But in 2025, that trust comes with a serious risk.
Every few weeks, we’re seeing fresh headlines about malicious packages uploaded to the Python Package Index (PyPI)—many going undetected until after they’ve caused

Cybersecurity researchers have demonstrated an “end-to-end privilege escalation chain” in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment.
The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, who presented the findings today at the

The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google’s official app storefronts under the guise of seemingly useful applications.
These apps masquerade as VPNs, device “monitoring” apps, RAM cleaners, dating services, and spam blockers, DNS threat intelligence firm Infoblox said in an exhaustive

Collapsed company’s founder says that its fortunes were hampered by the refusal of authorities to release the criminals’ seized funds to victims.

Read more in my article on the Fortra blog.

Ukraine’s Defence Intelligence agency (HUR) claims that its hackers have successfully stolen secret files and classified data on a state-of-the-art Russian nuclear submarine, the “Knyaz Pozharsky.”

Read more in my article on the Hot for Security blog.

On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the unnamed suspect, but the consensus is that he is a pivotal figure in the crime forum scene who goes by the hacker handle “Toha.” Here’s a deep dive on what’s knowable about Toha, and a short stab at who got nabbed.

As the volume and sophistication of cyber threats and risks grow, cybersecurity has become mission-critical for businesses of all sizes. To address this shift, SMBs have been urgently turning to vCISO services to keep up with escalating threats and compliance demands. A recent report by Cynomi has found that a full 79% of MSPs and MSSPs see high demand for vCISO services among SMBs.
How are

Microsoft on Tuesday announced an autonomous artificial intelligence (AI) agent that can analyze and classify software without assistance in an effort to advance malware detection efforts.
The large language model (LLM)-powered autonomous malware classification system, currently a prototype, has been codenamed Project Ire by the tech giant.
The system “automates what is considered the gold

A hospital in Thailand has been fined after patient’s printed records were recycled as snack bags to hold crispy crepes.