threat actors

Subscribe to threat actors via RSS

For those of you who are on Facebook, beware of a new malvertising ad campaign identified by Bitdefender analysis. The campaign “coerces unsuspecting users into installing a fake ‘Meta Verified’ browser extension” that includes video tutorials designed to “harvest sensitive user data, including session cookies, access tokens and IP addresses.” If victims follow the tutorial

On July 29, 2025, the Cybersecurity & Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation, Canadian Centre for Cyber Security, Royal Canadian Mounted Police, the Australian Cyber Security Centre’s Australian Signals Directorate, and the Australian Federal Police and National Cyber Security Centre, issued an updated advisory on threat actor Scattered Spider, which

If you own an electric vehicle, keep an eye on cybersecurity issues that may affect your car and its accessories. You wouldn’t think that an electric vehicle charger could include a vulnerability that allows threat actors to access information, but the Cybersecurity & Infrastructure Security Agency (CISA) issued an Alert on July 15, 2025, warning

Google recently issued its June Android Security Bulletin that is designed to patch 34 vulnerabilities, all of which Google designates as high-severity defects. The most serious flaw the patch is designed to fix in the Android system would allow threat actors “to achieve local escalation of privilege with no additional privileges required.” The bulletin contains

Threat actors are leveraging the publicity around AI tools to trick users into downloading the malware known as Noodlophile through social media sites. 

Researchers from Morphisec have observed threat actors, believed to originate from Vietnam, posting on Facebook groups and other social media sites touting free AI tools. Users are tricked into believing that the

SAP Netweaver Visual Composer users are urged to patch a critical vulnerability that attackers are actively exploiting. According to ReliaQuest, which detected the vulnerability, the attacks allow full system compromise through unauthenticated file uploads. Although SAP has issued an emergency patch, security researchers report that the vulnerability is being exploited throughout critical industries, and

WhatsApp users should update the application for vulnerability CVE-2025-30401, which Meta recently patched when WhatsApp was released for Windows version 2.2450.6.

Meta cautions Windows users to update to the latest version due to the vulnerability that it is calling a “spoofing” issue that could allow attackers to execute malicious code on devices. The attackers