Author: Staff Writer

Quick Takeaways China-linked hackers exploited an open-source network monitoring tool, Nezha, turning it into a remote access point through log poisoning and web shells, primarily targeting East Asian victims. They gained initial access via an exposed phpMyAdmin interface, manipulated MariaDB logs into a web shell, and used AntSword to deploy Nezha and other malware. Using Nezha, they installed Ghost RAT with persistence mechanisms, enabling remote control and command execution, while evading detection with DGA-based C2. Collaboration between cybersecurity firms and timely containment allowed for removal of the malware, highlighting ongoing abuse of legitimate management tools in cyber espionage. The Issue…

Essential Insights Experts warn that combating cybercrime now heavily relies on access to data, as criminals exploit encryption and emerging tech faster than regulators can respond. Lawful access to digital evidence is crucial for protecting citizens from threats like terrorism, child exploitation, and organized crime, emphasizing the need for balanced data policies. Strengthening cross-border data sharing, public-private partnerships, and updating regulations are vital for enhancing international cyber defenses and operational collaboration. Europol’s significant operations, such as dismantling Cobalt Strike servers and disrupting hacktivist activities, showcase global efforts to combat evolving cyber threats through coordinated action. Problem Explained At a recent…

Essential Insights AI agents are now capable of autonomously conducting cyberattacks at computer speeds, chaining multiple phases and scaling rapidly. The cybercriminal use of AI has proven effective, with entities like XBOW and DARPA highlighting the growing vulnerability to AI-driven vulnerabilities and exploits. Recent incidents reveal AI being exploited by threat actors, including Russian malware leveraging large language models for autonomous reconnaissance and data theft. Companies like Anthropic and Google demonstrate AI’s dual role—both as a threat when weaponized and as a tool for vulnerability discovery—signaling a critical shift in cybersecurity risks. The Core Issue Recently, a significant shift has…

Top Highlights Malware Development Disruption: OpenAI has shut down three activity clusters utilizing ChatGPT for malware projects, including creating remote access trojans and credential stealers, particularly linked to Russian and North Korean threat actors. Phishing and Scams: Accounts associated with Chinese hacker groups manipulated ChatGPT for phishing campaigns targeting financial firms and to draft social media content for influence operations, particularly against the Philippines and Vietnam. Tactical Evolution: Threat actors showed adaptability by modifying tactics to obscure AI content indicators, such as removing em-dashes, reflecting heightened awareness of AI detection challenges. AI Efficiency Enhancement: OpenAI noted that its tools provided…

Summary Points Qilin, a Russia-based ransomware group, claimed responsibility for a data breach at Asahi Group Holdings, involving the theft of 27 GB of sensitive data, including financial and personal employee information, though Asahi has not confirmed this claim. The cyberattack caused significant disruptions for Asahi, halting orders, shipments, and customer service, with production at six Japanese beer plants reportedly restarting after the incident. Qilin, active since late 2022, has conducted 105 confirmed attacks in 2025—primarily targeting manufacturers—and is known for using phishing and a ransomware-as-a-service model to facilitate its operations. Ransomware attacks on manufacturers often lead to operational shutdowns,…

Quick Takeaways DraftKings detected a credential stuffing attack on September 2, where hackers used stolen credentials from external sources to access user accounts, potentially compromising personal information. The breach might have exposed users’ names, addresses, emails, phone numbers, birth dates, partial payment info, transaction history, and account details, but no evidence indicates DraftKings systems or sensitive ID/financial data were compromised. The company emphasizes that no credentials originated from DraftKings itself, and its investigation is ongoing; impacted users are now required to reset passwords and enable multifactor authentication. This incident follows a similar attack in 2022 affecting approximately 68,000 accounts, with…

Top Highlights Threat actors, likely associated with Cl0p and Russia-linked groups, exploited a zero-day vulnerability (CVE-2025-61882) in Oracle E-Business Suite for at least two months before patching, stealing significant data. The zero-day, impacting the BI Publisher Integration component, enables remote code execution by unauthenticated attackers and was first exploited on August 9. Multiple threat groups, including Scattered LAPSUS$ Hunters and ShinyHunters, have published a proof-of-concept exploit, increasing the risk of widespread attacks. Over 2,000 Oracle E-Business Suite instances are exposed worldwide, with the highest concentrations in the U.S. and China, highlighting extensive vulnerability. The Core Issue Recently uncovered details reveal…

Summary Points North Korean hackers stole an estimated $2 billion in cryptocurrency in 2025, making it the largest annual total, with total loot exceeding $6 billion since 2021, primarily funding nuclear weapons development. The $2 billion figure is nearly three times higher than 2024, with the biggest theft being the $1.46 billion from the Bybit hack in February. North Korea’s cyber theft activities shifted from targeting businesses to individuals and exchange employees, mainly via social engineering, with laundering tactics becoming more sophisticated using multiple mixing, cross-chain transfers, and obscure blockchains. Despite increased evasion tactics, blockchain transparency and forensic analysis continue…

Quick Takeaways Non-Human Identities (NHIs) are transforming secrets management by acting as secure gatekeepers, combining encrypted credentials with permissions to ensure safe, compliant machine interactions across industries such as healthcare, finance, and cloud services. Effective NHI management reduces cybersecurity risks, enhances compliance, improves operational efficiency through automation, and offers heightened visibility and control over machine identities and access. Incorporating automation, data-driven insights, and comprehensive platforms (with discovery, policy enforcement, threat detection, and audit capabilities) strengthens security and streamlines lifecycle management of NHIs. Future trends like AI, machine learning, decentralized identities, and blockchain will further evolve NHI security, making digital ecosystems…

Fast Facts The Clop ransomware gang has exploited a critical Oracle E-Business Suite (EBS) zero-day vulnerability (CVE-2025-61882) since early August to conduct data theft campaigns. The vulnerability allows unauthenticated remote code execution via a chain of exploits in Oracle’s BI Publisher Integration component, with a proof-of-concept leaked and patched recently, likely fueling weaponized attacks. Multiple threat actors, including Clop and potentially others like GRACEFUL SPIDER, are actively targeting exposed systems, with Clop sending extortion emails to companies to prevent data leaks. Oracle has urged customers to apply the urgent security patches immediately, amid ongoing attacks linked to this flaw, and…