- Iran-linked MuddyWater deploys Dindoor malware against U.S. organizations
Iran-linked APT MuddyWater targeted U.S. organizations, deploying the new Dindoor backdoor across sectors including banks, airports, and nonprofits. Broadcom’s Symantec Threat Hunter Team uncovered a campaign by the Iran-linked MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) APT group targeting several U.S. organizations. “Activity associated with Iranian APT group Seedworm has been spotted on the networks of multiple
- Cisco flags ongoing exploitation of two recently patched Catalyst SD-WAN flaws
Cisco warns that two recently patched Catalyst SD-WAN flaws, CVE-2026-20128 and CVE-2026-20122, are already being actively exploited in the wild. Cisco warned customers that threat actors are actively exploiting two recently patched Catalyst SD-WAN vulnerabilities, CVE-2026-20128 and CVE-2026-20122. The networking giant urged organizations to apply the latest security updates to reduce the risk of compromise.
- Microsoft warns of ClickFix campaign exploiting Windows Terminal to deliver Lumma Stealer
Microsoft warns of ClickFix campaign using Windows Terminal to deliver Lumma Stealer via social engineering attacks. Microsoft revealed a new ClickFix campaign where attackers exploit Windows Terminal to run a complex attack chain, ultimately deploying Lumma Stealer malware. The campaign uses social engineering to trick users into executing malicious commands, highlighting growing risks to Windows
- Iran-nexus APT Dust Specter targets Iraq officials with new malware
A campaign by Iran-linked group Dust Specter is targeting Iraqi officials with phishing emails delivering new malware families. Zscaler ThreatLabz researchers linked the Iran-nexus group Dust Specter to a campaign targeting Iraqi government officials. Threat actors impersonated the country’s Ministry of Foreign Affairs in phishing messages that delivered previously unseen malware, including SPLITDROP, TWINTASK, TWINTALK,
- U.S. CISA adds Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2023-43000 is a use-after-free issue in the WebKit component. Apple
- Google GTIG: 90 zero-day flaws exploited in 2025 as enterprise targets grow
Google’s GTIG reports 90 zero-day vulnerabilities exploited in the wild in 2025, up from 78 in 2024, with a growing share targeting enterprise systems. Google’s Threat Intelligence Group (GTIG) identified 90 zero-day vulnerabilities exploited in the wild in 2025. While slightly below the 100 observed in 2023, the number increased from 78 in 2024, with
- Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
- Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
- Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
English 
Français