In October 2025, Microsoft revealed new research into a wave of cyberattacks it calls "Payroll Pirate", in an attack campaign targeting university employees across the United States. The attackers behind it are not after student data or research secrets. Instead, they aim to redirect staff paychecks
ClayRat, a newly discovered Android spyware family, has emerged as a sophisticated and rapidly proliferating threat that researchers say primarily targets Russian-speaking users. Security analysts at Zimperium first cataloged the campaign and published detailed technical notes and indicators of comp
In September 2025, security researchers disclosed a critical vulnerability in Fortra's GoAnywhere Managed File Transfer (MFT) platform. Tracked as CVE-2025-10035, the flaw has rapidly become a favored target for ransomware actors, particularly those deploying Medusa ransomware. The vulnerability an
In late September 2025, a wave of extortion emails began arriving at executives and IT leaders of organizations running Oracle's E-Business Suite (EBS). The messages claimed that attackers had stolen sensitive enterprise data and demanded payment to prevent public disclosure. The emails surfaced on
In recent months, cybersecurity researchers have raised concerns about a sophisticated and rapidly evolving Akira ransomware campaign targeting SonicWall SSL VPN appliances. The attackers have demonstrated an unsettling ability to bypass one-time password multifactor authentication (MFA), move later
Cybercriminals have increasingly weaponized trust: instead of exploiting zero-day flaws, they trick users into installing malicious software that impersonates legitimate apps. In a large-scale campaign observed by Malwarebytes in 2025, threat actors published convincing GitHub pages that posed as do
FileFix's latest evolutions show how a clever user-interaction trick plus a dusting of steganography can turn familiar OS features into a stealthy malware-delivery pipeline. Security researchers observed an active campaign that hides a second-stage PowerShell script and encrypted payloads inside see
On 12 September 2025, the U.S. Federal Bureau of Investigation (FBI) issued a FLASH Advisory, FLASH‐20250912, describing two cyber criminal threat clusters, UNC6040 and UNC6395, that have compromised Salesforce environments to steal data and extort companies. The advisory provides indicators o
In early September 2025, Panama's Ministry of Economy and Finance (MEF) disclosed that it had suffered a cyberattack. The disclosure came after the INC ransomware group claimed responsibility for breaching the ministry's systems. According to the MEF's official statement, the incident involved only
Since the public disclosure of the "s1ngularity" incident on August 26, 2025, the Wiz Research team has investigated the attack and developed a mitigation response for affected organizations. These approximately 2180 organizations had GitHub accounts compromised. With the immediate threat now subsid