The common thread behind the Qantas, Allianz Life, and LVMH attacks – ShinyHunters.
Posted inCybersecurity News

The common thread behind the Qantas, Allianz Life, and LVMH attacks – ShinyHunters.

In 2025, a sophisticated wave of data breaches shook some of the world’s most recognized companies—Qantas, Allianz Life, and LVMH. Investigations reveal these incidents are connected by a common thread: the ShinyHunters cyber extortion group. These attacks have been notable not only for the caliber of targeted organizations but for their focus on Salesforce-connected customer relationship management (CRM) platforms. Importantly, the breaches did not stem from vulnerabilities in Salesforce’s own infrastructure; rather, they exploited weaknesses at the user and organizational level.
Microsoft’s DragonV2.1Neural approaches near instantaneous vocal generation, raising security concerns over AI-driven speech synthesis.
Posted inCybersecurity News

Microsoft’s DragonV2.1Neural approaches near instantaneous vocal generation, raising security concerns over AI-driven speech synthesis.

Microsoft’s DragonV2.1Neural represents a significant leap forward in zero-shot text-to-speech (TTS) technology, now powering the Azure AI Speech Service. By combining scalability, expressiveness, and multilingual proficiency, DragonV2.1Neural is redefining the standards in AI-driven speech synthesis—while also raising urgent ethical and security considerations.
Microsoft to pay big(ger) bucks for .Net bug bounty rewards. Up to $40k for critical vulnerabilities!
Posted inCybersecurity News

Microsoft to pay big(ger) bucks for .Net bug bounty rewards. Up to $40k for critical vulnerabilities!

Microsoft has significantly increased its bug bounty rewards for researchers who discover and responsibly disclose high-impact security vulnerabilities within the .NET and ASP.NET Core platforms. Under the latest update to its bug bounty program, the tech giant now offers rewards of up to $40,000 for the most severe vulnerabilities, such as those enabling remote code execution and privilege escalation.
It’s a malware evasion technique called “Shade BIOS” – and it’s going to rock your world.
Posted inCybersecurity News

It’s a malware evasion technique called “Shade BIOS” – and it’s going to rock your world.

At Black Hat USA 2025, Kazuki Matsuo, a security researcher at FFRI Security, is set to introduce the cybersecurity community to a groundbreaking new technique in attack stealth: “Shade BIOS.” This presentation promises to shed light on how the next wave of UEFI (Unified Extensible Firmware Interface) malware can evade even the most robust security mechanisms, setting a new bar in the ongoing arms race between attackers and defenders.
Storm-2603 Exploits SharePoint Flaws to Deliver Dual Ransomware via DNS-Controlled Backdoor
Posted inCybersecurity News

Storm-2603 Exploits SharePoint Flaws to Deliver Dual Ransomware via DNS-Controlled Backdoor

A sophisticated and likely China-based threat actor, tracked as Storm-2603, has emerged at the forefront of recent cyberattacks exploiting critical Microsoft SharePoint Server vulnerabilities. Leveraging flaws identified as CVE-2025-49706 and CVE-2025-49704 (collectively known as the ToolShell exploits), Storm-2603 has orchestrated a wave of attacks deploying both Warlock (a.k.a. X2anylock) and LockBit Black ransomware.
New report finds that in nearly all cases, threat actors target devices weeks before relevant vulnerabilities are made public.
Posted inCybersecurity News

New report finds that in nearly all cases, threat actors target devices weeks before relevant vulnerabilities are made public.

A recent report published by GreyNoise on July 31 has brought new urgency to how organizations view and respond to emerging cyber threats. The study reveals a disconcerting trend: in 80% of observed cases, attackers began targeting enterprise edge devices—such as VPN gateways and firewalls—weeks before relevant vulnerabilities were made public and assigned a Common Vulnerabilities and Exposures (CVE) identifier.
Unprecedented $1 million prize offered at Pwn2Own Ireland 2025 for zero-click WhatsApp exploit.
Posted inCybersecurity News

Unprecedented $1 million prize offered at Pwn2Own Ireland 2025 for zero-click WhatsApp exploit.

In a groundbreaking move for cybersecurity research, Trend Micro’s Zero Day Initiative (ZDI), with co-sponsorship from Meta, has announced an unprecedented $1 million prize for a successful zero-click exploit targeting WhatsApp at Pwn2Own Ireland 2025. This event, scheduled for October 21–24, 2025, in Cork, Ireland, sets a new record for the highest single bounty offered in the history of the prestigious hacking contest.
Flashpoint 2025 midyear threat intelligence shows worrying surge in credential theft, vulnerabilities, and ransomware attacks.
Posted inCybersecurity News

Flashpoint 2025 midyear threat intelligence shows worrying surge in credential theft, vulnerabilities, and ransomware attacks.

Flashpoint’s 2025 Midyear Threat Intelligence Index paints a compelling, and deeply concerning, picture of the current cyber risk environment. According to the report, organizations worldwide are contending with unprecedented rises in credential theft, vulnerability disclosures, and ransomware incidents—each amplifying the overall threat landscape.