A newly discovered campaign, active since at least 2021, targeted 70 Microsoft Exchange servers worldwide using sophisticated keylogger malware.

A newly discovered campaign, active since at least 2021, targeted 70 Microsoft Exchange servers worldwide using sophisticated keylogger malware.

A recent, significant cyberattack campaign has targeted over 70 Microsoft Exchange servers across 26 countries, with the aim of stealing user credentials using sophisticated keylogger malware. The attacks have been documented by cybersecurity researchers, particularly Positive Technologies, who identified two main types of keylogger code injected into the Outlook login pages of compromised servers.
Researchers reveal novel technique for disrupting malicious cryptominer campaigns using Bad Shares or XMRogue tool.

Researchers reveal novel technique for disrupting malicious cryptominer campaigns using Bad Shares or XMRogue tool.

Cybersecurity researchers have developed and demonstrated two novel techniques to disrupt and even shut down malicious cryptominer campaigns, significantly reducing attackers’ revenues and freeing infected machines from exploitation. These methods were detailed in recent reports by Akamai and have shown real-world effectiveness against large-scale botnets.
U.S. House of Representatives officially bans the use of WhatsApp on all government-issued devices

U.S. House of Representatives officially bans the use of WhatsApp on all government-issued devices

The U.S. House of Representatives has officially banned the use of WhatsApp on all government-issued devices for congressional staff, effective immediately. This decision follows a memo from the House’s Chief Administrative Officer (CAO), which classified WhatsApp as a “high-risk” application due to several cybersecurity concerns.
Siemens has informed its customers about a significant problem with Microsoft Defender that could allow discovered malware to remain unnoticed.

Siemens has informed its customers about a significant problem with Microsoft Defender that could allow discovered malware to remain unnoticed.

Siemens recently notified its customers about a significant issue affecting the integration between Microsoft Defender Antivirus (MDAV) and its industrial process control systems, specifically Simatic PCS 7 and PCS Neo products. The core problem identified is that Microsoft Defender Antivirus currently lacks an “alert only” functionality in its configuration settings.
Russia’s APT28 (Fancy Bear) uses Signal to deploy BEARDSHELL and COVENANT malware on Ukranian targets.

Russia’s APT28 (Fancy Bear) uses Signal to deploy BEARDSHELL and COVENANT malware on Ukranian targets.

Russian state-sponsored hackers APT28 (also known as Fancy Bear or UAC-0001) have deployed a sophisticated malware campaign against Ukrainian government targets using Signal messenger to deliver malicious payloads. This operation leverages two previously undocumented malware families—BEARDSHELL and COVENANT—disguised within seemingly harmless files.
A severe privilege escalation vulnerability has been discovered in the popular Notepad++ version 8.8.1.

A severe privilege escalation vulnerability has been discovered in the popular Notepad++ version 8.8.1.

A severe local privilege escalation vulnerability, tracked as CVE-2025-49144, was discovered in Notepad++ version 8.8.1, released on May 5, 2025. This flaw resides in the Notepad++ installer and allows unprivileged users to gain SYSTEM-level privileges on Windows systems through an uncontrolled executable search path, also known as binary planting.
China-linked APT group has built an ORB network (LapDogs) comprising > 1,000 compromised devices for cyber-espionage targeting the United States.

China-linked APT group has built an ORB network (LapDogs) comprising > 1,000 compromised devices for cyber-espionage targeting the United States.

A China-linked advanced persistent threat (APT) group has built a large-scale Operational Relay Box (ORB) network named LapDogs, comprising over 1,000 compromised devices globally. This infrastructure supports covert cyber-espionage operations targeting entities in the United States and Southeast Asia, with a focus on sectors like real estate, IT, networking, and media.