Cyber News & Articles

A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector in Kazakhstan.
The activity, codenamed Operation BarrelFire, is tied to a new threat group tracked by Seqrite Labs as Noisy Bear. The threat actor has been active since at least April 2025.
“The campaign is targeted towards employees of KazMunaiGas or KMG where the threat entity

A new set of four malicious packages have been discovered in the npm package registry with capabilities to steal cryptocurrency wallet credentials from Ethereum developers.
“The packages masquerade as legitimate cryptographic utilities and Flashbots MEV infrastructure while secretly exfiltrating private keys and mnemonic seeds to a Telegram bot controlled by the threat actor,” Socket researcher

The chairman of the Federal Trade Commission (FTC) last week sent a letter to Google’s CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media reports accusing Gmail of disproportionately flagging messages from the GOP fundraising platform WinRed and sending them to the spam folder. But according to experts who track daily spam volumes worldwide, WinRed’s messages are getting blocked more because its methods of blasting email are increasingly way more spammy than that of ActBlue, the fundraising platform for Democrats.

Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the discovery of a security flaw that has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2025-53690, carries a CVSS score of 9.0 out of a maximum of 10.0, indicating critical severity.
“Sitecore Experience Manager (XM), Experience

A 30‑year‑old man has been charged with launching a cyberattack on the German subsidiary of Russia’s state-owned oil giant Rosneft. The cyberattack, which happened in March 2022 in the aftermath of Russia’s invasion of Ukraine, crippled the company’s operations and cost millions of euros in damages.

Read more in my article on the Exponential-e blog.

The threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan known as CastleRAT.
“Available in both Python and C variants, CastleRAT’s core functionality consists of collecting system information, downloading and executing additional payloads, and executing commands via CMD and PowerShell,” Recorded Future Insikt Group

Parents are being reminded to exercise caution about the toys that they purchase their children, after the United States Federal Trade Commission (FTC) announced it had taken action against a robot toy maker.

Read more in my article on the Hot for Security blog.

A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild.
The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month.
“SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module

Pentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn’t kept pace.
Most organizations still rely on traditional reporting methods—static PDFs, emailed documents, and spreadsheet-based tracking. The problem? These outdated workflows introduce delays,

Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics (SVG) files as part of phishing attacks impersonating the Colombian judicial system.
The SVG files, according to VirusTotal, are distributed via email and designed to execute an embedded JavaScript payload, which then decodes and injects a Base64-encoded HTML phishing page masquerading as a