Aggregator

A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November 2025, Cisco Talos researchers have shared. “Our analysis indicates that appliances with non-standard configurations (…) are what we have observed as being compromised by the attack,” they noted. According to the accompanying advisory, the attackers exploited CVE-2025-20393, a vulnerability stemming from improper input validation, to execute arbitrary commands with root … More →

The post Cisco email security appliances rooted and backdoored via still unpatched zero-day appeared first on Help Net Security.

The North Korean state-linked threat group Kimsuky has expanded its attack methods by distributing a dangerous mobile malware through weaponized QR codes, targeting users through sophisticated phishing sites that imitate package delivery services. Security researchers discovered the malicious campaign in September 2025, when victims received smishing messages with links that redirected them to fake delivery […]

The post Kimsuky Hackers Attacking Users via Weaponized QR Code to Deliver Malicious Mobile App appeared first on Cyber Security News.

You must login to view this content

Operation ForumTrol, an advanced persistent threat group, has launched a new targeted phishing campaign against Russian political scientists and researchers. This sophisticated operation continues the group’s pattern of cyberattacks that began in March 2025 with the exploitation of CVE-2025-2783, a zero-day vulnerability in Google Chrome. The threat group previously deployed rare malware like the LeetAgent […]

The post Operation ForumTrol Known for Exploiting Chrome 0-Day Attacking Users With New Phishing Campaign appeared first on Cyber Security News.