Author: Staff Writer

Summary Points Vulnerability Discovery: Wiz reports an ongoing exploitation of a security flaw (CVE-2025-51591) in the Pandoc utility, enabling attacks on Amazon Web Services’ Instance Metadata Service (IMDS) via SSRF (Server-Side Request Forgery) tactics. Sensitive IAM Credential Theft: Attackers can steal IAM credentials from AWS EC2 instances by exploiting SSRF vulnerabilities, allowing unauthorized access to critical AWS services without direct host interactions. Real-World Attacks: Historical incidents, such as those tracked by Mandiant involving the use of known SSRF flaws, highlight the severity of the threat, showcasing how adversaries have targeted cloud infrastructure for data theft. Mitigation Recommendations: To combat CVE-2025-51591,…

Essential Insights The cyberattack on Collins Aerospace involved the HardBit ransomware, causing major disruptions at European airports, including delays and cancellations. The attack is linked to a HardBit variant, which is described as basic and has proved difficult to eradicate, with reinfections reported despite cleanup efforts. There is potential involvement of actors like BianLian and Scattered Spider, with investigations ongoing; a suspect has been arrested in the UK but released on bail. The attack has impacted key airports in the UK, Germany, and Belgium, highlighting vulnerabilities in critical infrastructure and airport operations. Underlying Problem The recent cyberattack on Collins Aerospace,…

Top Highlights A Chinese state-sponsored threat group, dubbed RedNovember, has been targeting global government and private sector organizations, especially in defense, aerospace, and law firms, using exploits, open-source tools, and VPN services to maintain persistent espionage activity. RedNovember focused on exploiting known security flaws in perimeter appliances (like CVEs in Cisco, Citrix, Fortinet, and others) between June 2024 and July 2025, deploying tools such as Pantegana, Spark RAT, and Cobalt Strike for intrusion, with broad geographic targeting across the US, Asia, Europe, and South America. The hacking group employs tactics like repurposing open-source tools, using legitimate VPNs like ExpressVPN, and…

Top Highlights Thalha Jubair, a 19-year-old UK national and key member of the hacker group The Com’s subset Scattered Spider, was arrested and linked to at least 120 cyberattacks, including significant extortion and attacks on US institutions. Authorities traced over $89.5 million in cryptocurrency payments to Jubair, highlighting his central role in a network responsible for hundreds of attacks across various sectors, with victims paying over $115 million in ransoms. Despite Juilair’s careful operational security using anonymizing tools, law enforcement linked his personal activities to the crimes through blockchain analysis, leading to his arrest in the UK and potential extradition…

Top Highlights Recent social engineering attacks showcase how sophisticated threat groups exploit human behavior to bypass advanced security systems, as detailed in an S&P report. Financially motivated hackers are using voice phishing to compromise Salesforce instances and gain unauthorized access to technology systems. S&P analysts emphasize the urgent need for enhanced awareness, security training, and improved cyber governance to combat these threats. The FBI warns of ongoing data theft campaigns exploiting both human vulnerabilities and compromised applications, underscoring the risks tied to third-party dependencies. The Human Factor in Cybersecurity Social engineering campaigns reveal a troubling truth. Hackers exploit human behavior…

Fast Facts The US cybersecurity agency CISA revealed a recent exploitation of a year-old GeoServer vulnerability (CVE-2024-36401, CVSS 9.8) by threat actors to infiltrate a federal agency, gaining remote code execution access. Attackers exploited the bug on July 11 and 24, moving laterally across servers, uploading web shells like China Chopper, and using living-off-the-land techniques for persistence and privilege escalation, including exploiting the Dirty COW vulnerability. The malicious activity went undetected for three weeks despite the agency’s security measures, highlighting gaps such as lack of third-party procedures, missing endpoint protections on web servers, and missed EDR alerts. The attack aligns…

Fast Facts A man in his 40s was arrested in southern England for an alleged cyberattack that disrupted multiple European airports, including London Heathrow. The suspect was detained by the U.K.’s National Crime Agency for computer misuse but has been released on conditional bail as the investigation continues. The cyberattack, occurring over a weekend, affected Collins Aerospace’s software, causing significant operational disruptions at several airports while others remained unaffected. Authorities are still determining the potential perpetrators, which could include hackers, criminal organizations, or state actors, though aviation safety was not compromised. [gptA technology journalist, write a short news story divided…

Quick Takeaways Boyd Gaming experienced a data breach where hackers accessed employee and limited personal data, but it has not affected operations. The company is investigating the breach with cybersecurity experts and law enforcement, asserting no material impact on its financial health. Boyd Gaming maintains cybersecurity insurance to cover investigation costs, legal actions, and potential fines related to the incident. It remains unclear if the attack was ransomware-related, with no group claiming responsibility, though casinos are common targets for such threats. The Issue Boyd Gaming, a prominent casino entertainment company based in Las Vegas, recently revealed that its internal IT…

Fast Facts AI Limitations in Cybersecurity: Despite AI’s prowess in identifying software vulnerabilities, the challenge of effective patching remains critical, as noted by former U.S. cyber official Rob Joyce. Legacy Software Risks: Unsupported and poorly maintained software is increasingly becoming the primary risk factor as AI outpaces human capability in discovering flaws. AI Exploitation Concerns: Companies integrating AI into their systems face heightened risks, as attackers may leverage AI to locate sensitive data for ransomware and extortion. Emerging Threats from State Actors: Renowned hacker groups, especially from North Korea, are expected to enhance their capabilities to exploit AI systems for…

Essential Insights Huntress analysts discovered a novel ransomware variant named “Obscura” in August 2025, noting its unique use of a Go binary deployed via domain controller shares and GPOs, with limited visibility into its initial access vector due to sparse deployment of detection agents. Obscura’s operation involves creating scheduled tasks across multiple systems, executing the ransomware from the NETLOGON share, and employing an embedded, base64-encoded ransom note within the binary, which also attempts to disable system recovery and manipulate firewall settings. The malware enforces administrative privileges to perform system reconnaissance, terminate security-related processes, assess domain role, and selectively encrypt files—applying…