Critical Golden dMSA attack in Windows Server 2025 lets attackers enable cross-domain lateral movement.

Critical Golden dMSA attack in Windows Server 2025 lets attackers enable cross-domain lateral movement.

Windows Server 2025 introduces delegated Managed Service Accounts (dMSA), designed to bolster identity security in Active Directory environments. However, recent research from Semperis and Akamai, supported by industry analysis, has revealed a critical flaw known as the "Golden dMSA attack." This vulnerability threatens to undermine foundational identity controls across large enterprises and government networks.
Computer hacker with Android robot on desk

A counterfeit Android Telegram app is being spread from more than 600 malicious domains.

A newly observed Android malware campaign is leveraging more than 600 malicious domains to distribute counterfeit versions of the Telegram messaging app. The operation, which primarily targets Chinese-speaking users, has raised concerns in the cybersecurity community due to its scale, sophistication, and exploitation of old Android vulnerabilities.
Ex-U.S. Soldier Cameron Wagenius Pleads Guilty in Telecom Hacking and Extortion Case.

Ex-U.S. Soldier Cameron Wagenius Pleads Guilty in Telecom Hacking and Extortion Case.

Cameron John Wagenius, a 21-year-old former U.S. Army soldier from Texas, has pleaded guilty to federal charges stemming from a wide-ranging cybercrime and extortion scheme that targeted major telecommunications providers, including AT&T and Verizon. The admissions of guilt follow a federal investigation into a coordinated hacking operation that spanned from April 2023 through December 2024.
Dark Web Abacus Market goes offline under suspicious circumstances, leading to speculation of a coordinated exit scam.

Dark Web Abacus Market goes offline under suspicious circumstances, leading to speculation of a coordinated exit scam.

Abacus Market, once the dominant darknet marketplace operating in the Western world, has gone offline under suspicious circumstances, leading to widespread speculation of a coordinated exit scam. The marketplace’s sudden disappearance marks a significant turn in the ongoing volatility of darknet ecosystems, where trust, anonymity, and financial stakes collide in unpredictable and often short-lived ventures.
Next Level Finance Partners discloses breach that has compromised sensitive personal information belonging to more than 160,000 individuals.

Next Level Finance Partners discloses breach that has compromised sensitive personal information belonging to more than 160,000 individuals.

Next Level Finance Partners, LLC, doing business as Century Support Services, has disclosed a significant data security incident that has compromised sensitive personal information belonging to more than 160,000 individuals. The Pennsylvania-based debt settlement company filed notice of the breach with the Maine Attorney General’s Office, marking the formal public disclosure of the event.
AsyncRAT’s open-source code has led to a dramatic increase in malicious cyber activity around the world.

AsyncRAT’s open-source code has led to a dramatic increase in malicious cyber activity around the world.

Originally developed as a legitimate remote administration tool, AsyncRAT has become a favorite foundation for cybercriminals due to its flexible architecture, ease of modification, and powerful functionality. As threat actors continue to build upon and customize the tool, the cybersecurity landscape faces a growing risk from increasingly sophisticated and evasive malware variants.
New phishing campaign leverages Scalable Vector Graphics (SVG) files to bypass conventional email security mechanisms.

New phishing campaign leverages Scalable Vector Graphics (SVG) files to bypass conventional email security mechanisms.

Security researchers at Ontinue have uncovered a sophisticated phishing campaign that leverages Scalable Vector Graphics (SVG) files to bypass conventional email security mechanisms. This emerging technique embeds obfuscated JavaScript code within SVG files to initiate malicious redirects—without requiring attachments, downloads, or user interaction beyond previewing the file.
Microsoft issues an out-of-band security update to fix a critical issue affecting Azure VMs running Windows 11.

Microsoft issues an out-of-band security update to fix a critical issue affecting Azure VMs running Windows 11.

Microsoft has issued an out-of-band update, KB5064489, to address a critical issue affecting specific Azure Virtual Machines (VMs) running Windows 11 version 24H2. This emergency patch resolves startup failures impacting VMs with certain configuration parameters and integrates previous security updates released earlier this month.
Atlassian’s July 2025 Security Bulletin outlines resolution of 20 high-severity vulnerabilities.

Atlassian’s July 2025 Security Bulletin outlines resolution of 20 high-severity vulnerabilities.

Atlassian has released its July 2025 Security Bulletin, outlining the resolution of 20 high-severity vulnerabilities impacting multiple Data Center and Server products. Atlassian says the bulletin—published on July 15—reaffirms their ongoing commitment to transparency and the proactive mitigation of security risks across its extensive product portfolio.