Latest Threat Intel

Data from Italy’s national railway operator, the FS Italiane Group, has been exposed after a threat actor breached the organization’s IT services provider, Almaviva. The hacker claims to have stolen 2.3 terabytes of data and leaked it on a dark web forum. According to the threat actor’s description, the leak includes confidential documents and sensitive company information.

Malicious scanning activity targeting Palo Alto Networks GlobalProtect VPN login portals has increased 40 times in 24 hours, indicating a coordinated campaign. Real-time intelligence company GreyNoise reports that activity began climbing on November 14 and hit its highest level in 90 days within a week. “GreyNoise has identified a significant escalation in malicious activity targeting Palo Alto

China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage campaign that recently switched to more sophisticated attack methods. Since 2022, the malware has been delivered to victims through multiple methods that include spearphishing, supply-chain compromise, and watering hole attacks. Campaign evolution From November 2022 until at least September 2025, APT24

Data from Italy’s national railway operator, the FS Italiane Group, has been exposed after a threat actor breached the organization’s IT services provider, Almaviva. The hacker claims to have stolen 2.3 terabytes of data and leaked it on a dark web forum. According to the threat actor’s description, the leak includes confidential documents and sensitive company information.

American cybersecurity company SonicWall urged customers today to patch a high-severity SonicOS SSLVPN security flaw that can allow attackers to crash vulnerable firewalls. Tracked as CVE-2025-40601, this denial-of-service vulnerability is caused by a stack-based buffer overflow impacting Gen8 and Gen7 (hardware and virtual) firewalls. “A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows

The founders of the Samourai Wallet (Samourai) cryptocurrency mixing service have been sent to prison for helping criminals launder over $237 million. Samourai CEO Keonne Rodriguez was sentenced to five years in prison on November 6th, while the cryptomixer’s Chief Technology Officer William Lonergan Hill received a four-year sentence on November 19th. Both men were

Thousands of ASUS WRT routers, mostly end-of-life or outdated devices, have been hijacked in a global campaign called Operation WrtHug that exploits six vulnerabilities. Over the past six months, scanners looking for ASUS devices compromised in Operation WrtHug identified “roughly 50,000 unique IPs” around the globe. Most of the compromised devices have IP addresses located in

Today, the United States, the United Kingdom, and Australia announced sanctions targeting Russian bulletproof hosting (BPH) providers that have supported ransomware gangs and other cybercrime operations. BPH providers that lease servers to cybercriminals to help them hinder disruption efforts targeting their malicious activities, including phishing attacks, malware delivery, command and control operations, and illicit content

The Sneaky2FA phishing-as-a-service (PhaaS) kit has added browser-in-the-browser (BitB) capabilities that are used in attacks to steal Microsoft credentials and active sessions. Sneaky2FA is a widely used PhaaS platform right now, alongside Tycoon2FA and Mamba2FA, all targeting primarily Microsoft 365 accounts. The kit was known for its SVG-based attacks and attacker-in-the-middle (AitM) tactics, where the authentication

A critical flaw in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload. The vulnerability, tracked as CVE-2025-9501, affects all versions of the W3TC plugin prior to 2.8.13 and is described as an unauthenticated command injection. W3TC is installed on more than