Alarms sound as Hong Kong financial institutions hit by new wave of SquidLoader backdoor deploying Cobalt Strike Beacon.

Alarms sound as Hong Kong financial institutions hit by new wave of SquidLoader backdoor deploying Cobalt Strike Beacon.

A sophisticated malware campaign involving the SquidLoader backdoor has been actively targeting financial institutions in Hong Kong, raising significant cybersecurity concerns within the region’s critical financial sector. Security researchers report the threat actors employ a highly stealthy, multi-stage infection chain designed to deploy the widely known Cobalt Strike Beacon for persistent remote access.
UNC6148 rolls out new rootkit, OVERSTEP, in suspected zero-day campaign against SonicWall Secure Mobile Access 100 series appliances. Leaked data has already surfaced on World Leaks.

UNC6148 rolls out new rootkit, OVERSTEP, in suspected zero-day campaign against SonicWall Secure Mobile Access 100 series appliances. Leaked data has already surfaced on World Leaks.

A newly discovered malware campaign is targeting legacy SonicWall Secure Mobile Access (SMA) 100 series appliances, deploying a sophisticated user-mode rootkit known as OVERSTEP. The campaign, attributed to the financially motivated threat group UNC6148, has enabled persistent access to enterprise networks, credential theft, and facilitated follow-on extortion activities linked to ransomware operators.
Fortinet’s FortiWeb, a widely deployed web application firewall (WAF) solution, is currently under active exploitation following release of proof-of-concept exploits.

Fortinet’s FortiWeb, a widely deployed web application firewall (WAF) solution, is currently under active exploitation following release of proof-of-concept exploits.

Fortinet’s FortiWeb, a widely deployed web application firewall (WAF) solution, is currently under active exploitation after attackers began targeting a recently disclosed critical vulnerability. Tracked as CVE-2025-25257, the flaw enables unauthenticated remote code execution (RCE) and has been weaponized by threat actors following the public release of proof-of-concept (PoC) exploits on July 11, 2025.
Operation Eastwood takes down more than 100 DDoS servers used to support Russia’s invasion of Ukraine.

Operation Eastwood takes down more than 100 DDoS servers used to support Russia’s invasion of Ukraine.

In a major international effort, law enforcement agencies across 19 countries have successfully disrupted a vast network of servers used to carry out cyberattacks in support of Russia’s invasion of Ukraine. The coordinated action, codenamed Operation Eastwood, targeted the pro-Russian hacktivist group NoName057(16), known for orchestrating large-scale distributed denial-of-service (DDoS) attacks against Ukraine and its allies.
Google patches zero-day in Chrome browser that would have allowed attackers to escape Chrome’s sandbox.

Google patches zero-day in Chrome browser that would have allowed attackers to escape Chrome’s sandbox.

Google has released a security update for its Chrome browser addressing a high-severity zero-day vulnerability that was actively exploited in the wild. The flaw, tracked as CVE-2025-6558, allowed attackers to escape Chrome’s sandbox—a key security feature designed to isolate browser processes from the host operating system.
Air Serbia becomes the next airline under siege as a cyberattack disrupts internal systems.

Air Serbia becomes the next airline under siege as a cyberattack disrupts internal systems.

Air Serbia, the national carrier of Serbia, is currently battling the aftermath of a significant cyberattack that has disrupted internal systems and delayed the issuance of employee payslips. Aviation industry sources confirmed that the airline alerted staff earlier this month about growing cybersecurity concerns, which culminated in a temporary halt to the distribution of payroll documents for June 2025.
Google’s AI “Big Sleep” agent foils exploitation of previously unknown critical software vulnerability.

Google’s AI “Big Sleep” agent foils exploitation of previously unknown critical software vulnerability.

In a groundbreaking development for cybersecurity, Google has announced that its artificial intelligence agent successfully identified and thwarted an attempt to exploit a previously unknown critical vulnerability. This marks the first known instance in which an AI system proactively prevented the exploitation of a zero-day vulnerability, underscoring the growing role of artificial intelligence in safeguarding digital infrastructure.
New threat intelligence assessment says predominant threats to most sectors over the next 12 months will come from domestic violent extremists.

New threat intelligence assessment says predominant threats to most sectors over the next 12 months will come from domestic violent extremists.

According to a recent threat intelligence assessment by the Insikt Group, domestic violent extremists (DVEs) operating within the United States pose a growing and evolving risk to both public and private sector organizations. Over the next twelve months, the predominant threats from these actors are expected to take the form of targeted attacks against individuals and sabotage of critical facilities—tactics that reflect a shift away from mass-casualty events toward more calculated and disruptive actions.