Information security

Information security

A new type of malware called RedTiger has been popping up more and more in recent months. While the tool was originally intended for security testing and red teaming, it is now being actively exploited by cybercriminals to attack gamers and Discord users. The open-source tool, developed in Python and released in 2024, includes modules for network research, phishing, OSINT, and data collection.

Among their discoveries can be OAuth tokens, which these digital assistants then pass on to malicious parties. Datadog uncovered how agents use Microsoft Copilot Studio to assist in phishing campaigns. Copilot Studio enables a pervasive form of automation. To increase their usability, users can share the workflows of these agents, which are called "topics." The Login topic can be configured in such a way that users are misled.

ESU only provides security patches. It is a paid service that extends "critical" and "important" security updates for Windows 10 for a maximum of three years, but does not include technical support, non-security fixes or new features. Additionally, customers experiencing technical issues with Windows 10 that are unrelated to the ESU updates will be advised to upgrade to Windows 11. ESU does not provide complete patching, as vulnerabilities rated as "moderate" or "low" will not be addressed.

The activity "reveals a notable evolution in SideWinder's TTPs, particularly the adoption of a novel PDF and ClickOnce-based infection chain, in addition to their previously documented Microsoft Word exploit vectors," Trellix researchers Ernesto Fernández Provecho and Pham Duy Phuc said in a report published last week. The attacks, which involved sending spear-phishing emails in four waves from March through September 2025, are designed to drop malware families such as ModuleInstaller and StealerBot to gather sensitive information from compromised hosts.

The Log4j vulnerability in 2021 served as a wake-up call for how vulnerable today's supply chains are. Four years later, this remains apparent amid the recent incident at F5 which has impacted a number of businesses globally. These types of attacks continue to expose the increasingly sophisticated cyber threats that exist as a result of a growingly complex landscape. Third-party ecosystems are now one of the most profitable attack avenues as when one supplier is compromised, the effects can quickly ripple through entire industries. All partners are then exposed to fallbacks like revenue loss, reputational damage and operational disruption.

Most organizations using Google Workspace start with an environment built for collaboration, not resilience. Shared drives, permissive settings, and constant integrations make life easy for employees-and equally easy for attackers. The good news is that Google Workspace provides an excellent security foundation. The challenge lies in properly configuring it, maintaining visibility, and closing the blind spots that Google's native controls leave open.

The confusion appears to have started after Have I Been Pwned (HIBP) creator Troy Hunt announced he had added a large dataset of 183 million credentials to the breach notification service. The data was shared with Hunt by Synthient, a threat intelligence platform that collects and analyzes information from infostealer malware logs. As Hunt explained in a blog post, the collection reflects years of infostealer activity rather than a single new compromise - and certainly not a targeted attack on Gmail.

X (formerly Twitter) sparked security concerns over the weekend when it announced users must re-enroll their security keys by November 10 or face account lockouts - without initially explaining why. The cryptic mandate from X Safety on Friday led many to suspect a security breach was behind it. When a platform forcibly rotate security keys, it's often a sign it is working through incident response protocols - eradicating adversaries from a network and keeping them out.

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. We call this digital freedom. And it's not just something we provide our customers. It's something that inspires our company. People don't come here to join a culture that's built on digital freedom. They come to cultivate it. Our intelligent, cloud identity platform lets people shop, work, bank, and interact wherever and however they want. Without friction. Without fear.

"By November 10, we're asking all accounts that use a security key as their two-factor authentication (2FA) method to re-enroll their key to continue accessing X. You can re-enroll your existing security key, or enroll a new one. After November 10, if you haven't re-enrolled a security key, your account will be locked until you: re-enroll; choose a different 2FA method; or elect not to use 2FA (but we always recommend you use 2FA to protect your account!)."

According to PwC's 2025 Global Compliance Survey, [1] more than 40% of global companies reported at least one compliance failure that led to fines, penalties, or back pay. Staying on top of regulatory compliance requirements has only gotten more complex, and the stakes have never been higher. TD Bank's USD 3.1 billion penalty for "pervasive and systemic failure to maintain an adequate" anti-money laundering (AML) compliance program [2] demonstrates this and has incentivized companies of all sizes to invest in compliance training platforms that can be used to demonstrate compliance in audits and regulatory defense scenarios.

Two Windows vulnerabilities-one a zero-day that has been known to attackers since 2017 and the other a critical flaw that Microsoft initially tried and failed to patch recently-are under active exploitation in widespread attacks targeting a swath of the Internet, researchers say. The zero-day went undiscovered until March, when security firm Trend Micro said it had been under active exploitation since 2017, by as many as 11 separate advanced persistent threats (APTs).

The vulnerability, tracked as CVE-2025-61932 (CVSS score: 9.3), allows remote attackers to execute arbitrary commands with SYSTEM privileges on on-premise versions of the program. JPCERT/CC, in an alert issued this month, said that it has confirmed reports of active abuse of the security defect to drop a backdoor on compromised systems. Tick, also known as Bronze Butler, Daserf, REDBALDKNIGHT, Stalker Panda,

The cybersecurity company said PHP servers have emerged as the most prominent targets of these attacks owing to the widespread use of content management systems like WordPress and Craft CMS. This, in turn, creates a large attack surface as many PHP deployments can suffer from misconfigurations, outdated plugins and themes, and insecure file storage. Some of the prominent weaknesses in PHP frameworks that have been exploited by threat actors are listed below - CVE-2017-9841 - A Remote code execution vulnerability in PHPUnit CVE-2021-3129 - A Remote code execution vulnerability in Laravel CVE-2022-47945 - A Remote code execution vulnerability in ThinkPHP Framework

"Airstalk misuses the AirWatch API for mobile device management (MDM), which is now called Workspace ONE Unified Endpoint Management," security researchers Kristopher Russo and Chema Garcia said in an analysis. "It uses the API to establish a covert command-and-control (C2) channel, primarily through the AirWatch feature to manage custom device attributes and file uploads."

Ribbon supplies software, IP, and optical networking systems to telecoms service providers, businesses, and critical infrastructure organizations including BT, Verizon, CenturyLink, Deutsche Telekom, and Tata, as well as public-sector bodies such as the US Defense Department and the City of Los Angeles. In a with the US Securities and Exchange Commission (SEC), the company has revealed that "unauthorized persons, reportedly associated with a nation-state actor" had gained access to its network in December 2024.

Attackers are increasingly shifting from email to LinkedIn to spread phishing attempts. Security company Push intercepted an advanced LinkedIn phishing attack that combines multiple evasion techniques to circumvent detection. Phishing via LinkedIn is on the rise, although it often goes unnoticed. This is because much of the phishing data comes from email security providers. LinkedIn falls outside the scope of traditional anti-phishing controls, while employees often use the platform via business devices. This creates a security blind spot that attackers cleverly exploit.

"With the threat to Exchange servers remaining persistent, enforcing a prevention posture and adhering to these best practices is crucial for safeguarding our critical communication systems," Andersen said. "This guidance empowers organizations to proactively mitigate threats, protect enterprise assets, and ensure the resilience of their operations." Anderson added that CISA recommends organizations also "evaluate the use of cloud-based email services" rather than "managing the complexities" of hosting their own.

The only difference in this case is that attackers optimize for AI crawlers from various providers by means of a trivial user agent check that leads to content delivery manipulation. "Because these systems rely on direct retrieval, whatever content is served to them becomes ground truth in AI Overviews, summaries, or autonomous reasoning," security researchers Ivan Vlahov and Bastien Eymery said. "That means a single conditional rule, 'if user agent = ChatGPT, serve this page instead,' can shape what millions of users see as authoritative output."

The next major breach won't be a phished password. It will be the result of a massive, unmanaged identity debt. This debt takes many forms: it's the "ghost" identity from a 2015 breach lurking in your IAM, the privilege sprawl from thousands of new AI agents bloating your attack surface, or the automated account poisoning that exploits weak identity verification in financial systems. All of these vectors-physical, digital, new, and old-are converging on one single point of failure: identity.