Russia-linked hackers are using Microsoft 365 device code phishing to hijack accounts — tricking users into entering authentication codes that hand over valid access tokens. Stay vigilant with meeting invites and phishing lures! 🔗

Cracked software and YouTube videos are being used to spread CountLoader & GachiLoader malware. These loaders can deliver data-stealing payloads and compromise systems. Stay safe—avoid pirated software! 🔗

WatchGuard warns of active exploitation of a critical Fireware OS VPN flaw (CVE-2025-14733)! Attackers can execute arbitrary code on Firebox devices via IKEv2 VPN. Patch now! 🔗

Arrest made in major Microsoft 365 phishing case! Nigeria Police, with help from Microsoft & FBI, detained the main developer of the RaccoonO365 phishing toolkit used to steal Microsoft 365 credentials via fake login pages. 🔗

Cisco warns of active attacks on unpatched AsyncOS 0-day (CVE-2025-20393)! China-linked actors are exploiting a critical flaw in Secure Email Gateway & Web Manager appliances. Restrict exposure & harden now — no patch yet. 🔗

North Korea-linked hackers stole $2.02B in crypto in 2025, accounting for most global thefts and marking a record year for state-affiliated cybercrime. https://t.co/vUdvC8KzRI

China-aligned threat actor uses Windows Group Policy to spread malware LongNosedGoblin deploys custom espionage tools like NosyHistorian & NosyDoor across compromised government networks using Group Policy, with C&C via OneDrive/Google Drive. 🔗

Critical HPE OneView RCE (CVSS 10.0) Unauthenticated attackers can execute code remotely on HPE OneView systems (all versions before v11.00). Patch ASAP — hotfixes & v11.00 available. 🔗

Kimsuky mobile malware alert The North Korea-linked group is spreading DocSwap Android malware via QR phishing disguised as a delivery app — granting remote access once installed. 🔗

CISA flags ASUS Live Update flaw (CVE-2025-59374) This critical vulnerability — tied to a past supply chain compromise and now actively exploited in the wild — was added to CISA’s KEV catalog. Discontinue or patch ASUS Live Update ASAP. 🔗

SonicWall security update SonicWall patched CVE-2025-40602 — an actively exploited privilege escalation bug in SMA 1000 appliances that could lead to root RCE when chained with another flaw. Patch ASAP. 🔗

Kimwolf botnet hijacks ~1.8 M Android TVs! Threat actors are using compromised Android TV boxes to launch huge DDoS attacks, proxy traffic, and more. Patch/secure your devices now. 🔗

APT28 phishing campaign targeting UKR(.)net users! Russian state-linked APT28 is running a long-running credential-harvesting operation using fake https://t.co/s4TSbzUjRU login pages and PDF lures to steal credentials and 2FA codes. 🔗

ForumTroll phishing attacks hitting Russian scholars Fake eLibrary emails are being used to steal credentials and spread malware. Be cautious, verify senders! 🔗

GhostPoster malware in Firefox add-ons! 17 compromised extensions (50,000+ downloads) hid malicious JS inside logo icons to hijack links, inject tracking, and commit ad fraud. Remove suspicious extensions now! 🔗

China-linked Ink Dragon cyber espionage uncovered Govts targeted using ShadowPad & FINALDRAFT malware; compromised servers turned into covert C2 nodes. Patch and monitor now. 🔗

AWS crypto mining campaign uncovered Compromised IAM credentials are being used to fuel a large-scale crypto mining operation in AWS. Monitor usage and lock down IAM access now. 🔗

Malicious NuGet package alert A fake Tracer Fody NuGet package is stealing cryptocurrency wallet data. Developers should audit dependencies and remove rogue packages immediately. 🔗

FortiGate under active attack A SAML SSO authentication bypass is being actively exploited in Fortinet FortiGate devices. Patch immediately and review access logs. 🔗

React2Shell security alert Active exploitation of React2Shell is being used to deploy Linux backdoors. Patch exposed applications and monitor servers urgently. 🔗