UK Student Sentenced to Prison for Selling Phishing Kits. Ollie Holman, a 21-year-old from West London, was sentenced to seven years in prison for creating and selling over 1,000 phishing kits used to impersonate 69 financial institutions across 24 countries. His kits, sold via

New Koske Linux malware hides in cute panda images. Koske is a sophisticated Linux malware suspected to be AI-assisted, using polyglot JPEG images of pandas to stealthily deliver malicious payloads. It targets misconfigured JupyterLab instances, executing a C-based rootkit and a

Hacker sneaks infostealer malware into early access Steam game. Threat actor EncryptHub (aka Larva-208) compromised the early-access Steam game Chemia to distribute info-stealing malware. On July 22, they injected HijackLoader, which downloads Vidar stealer, followed by Fickle

Hackers breach Toptal GitHub account, publish malicious npm packages. Hackers compromised Toptal’s GitHub organization on July 20, publishing 10 malicious NPM packages containing data-stealing and destructive scripts. These packages, including modified versions of Picasso

Mitel warns of critical MiVoice MX-ONE authentication bypass flaw. Mitel has patched a critical authentication bypass flaw in its MiVoice MX-ONE communications platform, caused by improper access control in the Provisioning Manager component. Affecting versions 7.3 to 7.8 SP1,

SharePoint flaws exploited in Warlock ransomware attacks. China-based hacking group Storm-2603 is exploiting the ToolShell zero-day chain (CVE-2025-49706, CVE-2025-49704, CVE-2025-53770) to deploy Warlock ransomware on unpatched Microsoft SharePoint servers. Over 420 servers

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks. SonicWall patched CVE-2025-40599 (CVSS 9.1), a critical file upload flaw in SMA 100 appliances exploited by threat group UNC6148. Using stolen admin credentials, the group deployed OVERSTEP, a

France Announces Arrest of XSS Cybercrime Forum Administrator in Ukraine. French authorities announced the arrest of an alleged administrator of the Russian-language cybercrime forum http://XSS[.]is in Ukraine on July 22, as part of a four-year investigation. Assisted by Europol

CISA warns of hackers exploiting SysAid vulnerabilities in attacks. CISA has warned that attackers are actively exploiting two unauthenticated XML External Entity (XXE) vulnerabilities in SysAid ITSM software (CVE-2025-2775 and CVE-2025-2776) to hijack administrator accounts.

NPM package ‘is’ with 2.8M weekly downloads infected devs with malware. The NPM package 'is' was compromised in a supply chain attack after its maintainer’s account was hijacked via phishing. Versions 3.3.1 to 5.0.0 included malware enabling full device access through a.

Threat Actor "Mimo" Exploits Magento and Docker to Deploy Crypto Miners and Proxyware. Threat actor Mimo (aka Hezb) has shifted from targeting Craft CMS to exploiting Magento and misconfigured Docker instances to deploy crypto miners and proxyware. Mimo abuses PHP-FPM

Hackers Plant Stealth Backdoor in WordPress Must-Use Plugins to Retain Admin Access. Cybersecurity researchers have discovered a stealthy backdoor hidden in WordPress "mu-plugins" to maintain persistent admin access. Mu-plugins, auto-loaded and invisible in the plugin dashboard,

US nuclear weapons agency hacked in Microsoft SharePoint attacks. Unknown threat actors exploited a Microsoft SharePoint zero-day vulnerability chain, breaching the U.S. National Nuclear Security Administration (NNSA) and other agencies. The Department of Energy confirmed limited

Sophos fixed two critical Sophos Firewall vulnerabilities. Sophos has patched five vulnerabilities in its Firewall product, including two critical flaws—CVE-2025-6704 and CVE-2025-7624 (CVSS 9.8)—that enable pre-auth remote code execution via the SPX feature and legacy SMTP

Last Chance to Save Your Memories: AT&T Cloud Storage Shutting Down Permanently. AT&T is retiring its Photo Storage service, which allowed subscribers to back up photos and videos via an app powered by Asurion. File backups will stop on October 20, 2025, and the service will shut

Creams Cafe Data Breach Exposes 160,000 Customer Records. In May 2025, a data breach allegedly compromised 160,000 customer records from Creams Cafe, a popular UK dessert chain. The stolen data included email addresses, names, phone numbers, and physical addresses. Despite

Lumma infostealer malware returns after law enforcement disruption. The Lumma infostealer malware operation is resurging after a major May 2025 law enforcement takedown that seized 2,300 domains. Despite the disruption, Lumma quickly began rebuilding, regaining trust in

CISA and FBI warn of escalating Interlock ransomware attacks. CISA, FBI, HHS, and MS-ISAC warned of rising Interlock ransomware attacks targeting businesses and critical infrastructure, especially in healthcare. Active since September 2024, Interlock uses double

Major European healthcare network discloses security breach. AMEOS Group, a major healthcare provider in Central Europe, disclosed a data breach potentially affecting patient, employee, and partner information. Despite existing security measures, external actors accessed its IT

Coyote malware abuses Windows accessibility framework for data theft. New variant of the Coyote banking trojan is actively abusing Microsoft’s UI Automation (UIA) framework—a Windows accessibility feature—to identify banking and cryptocurrency websites visited by users, primarily