Illustration (Credit: Security.land) Threat Horizon Npm Registry Weaponized in Spearphishing Campaign Against Critical Infrastructure A five-month spearphishing operation has transformed the npm registry into a durable hosting layer for AiTM credential theft, specifically targeting sales teams in the manufacturing and healthcare industries. Editorial Team • 3 min read
Photo by Kenjiro Yagi Breach Breakdown Nissan Japan Data Breach Affects 21,000 Fukuoka Customers Nissan Motor Co. confirms a data breach affecting 21,000 customers in Japan following a security incident at third-party vendor Red Hat. No financial data was stolen. Editorial Team • 4 min read
Photo: Vadim Artyukhin Cyber Watch Crypto Theft Campaign Exploits NuGet Packages for Months Security researchers uncovered 14 malicious NuGet packages that impersonated legitimate cryptocurrency tools to steal funds and OAuth tokens. The campaign ran undetected from July through October 2025, using social engineering tactics. Editorial Team • 4 min read
Photo by Pankaj Patel Cyber Watch WhatsApp-Stealing Malware Lurked in NPM Package With 56,000 Downloads Researchers at Koi Security have uncovered a malicious npm package that stole WhatsApp credentials and messages while functioning perfectly as a legitimate API library. The lotusbail package accumulated over 56,000 downloads in six months. Editorial Team • 3 min read
Illustration - Hacking group with Iran flag GeoSphere Iranian Hacking Group Puts $30,000 Bounties on Israeli Defense Engineers The Handala hacking group claims to have exposed 14 Israeli engineers working on drone programs, offering $30,000 rewards for each. The threats follow attacks on politicians including Bennett, whose Telegram was compromised. Israeli security sources haven't verified the claims. Editorial Team • 3 min read
Illustration (Credit: Security.land) Threat Horizon Cybercriminals Impersonate Trend Micro in Multi-Sector Attack A sophisticated threat actor with possible links to Russian hybrid-threat groups impersonated Trend Micro security advisories to target defense contractors, energy companies, and cybersecurity firms. The attack chain was stopped before final payload deployment. Editorial Team • 5 min read
Watchguard Logo (Photo: Watchguard, Edit: Security.land) Cyber Watch Inside CVE-2025-14733: The Unauthenticated RCE Hitting WatchGuard Firewalls Analysis of CVE-2025-14733, a critical WatchGuard Firebox vulnerability. Learn why unauthenticated RCE persists even after deleting vulnerable VPN configurations. Editorial Team • 3 min read
Illustration of Threat Actor BlindEagle with Colombia flag in background Threat Horizon BlindEagle APT Deploys Dual Remote Access Trojans Against Colombian Government Infrastructure Zscaler documents BlindEagle APT's attack on Colombian government using steganography and dual RAT deployment in September 2025. Editorial Team • 5 min read
Red Hat Red Hat Strengthens AI Security Portfolio with Chatterbox Labs Acquisition Red Hat acquires Chatterbox Labs to integrate model-agnostic AI safety testing and guardrails into enterprise AI platform. Editorial Team • 4 min read
SAP Logo (Photo: SAP, Edit: Security.land) Cyber Watch SAP December Patches Address 15 Flaws Including Solution Manager RCE SAP's December 2025 patches fix 15 vulnerabilities including critical 9.9 CVSS Solution Manager code injection and Tomcat flaws in Commerce Cloud. Editorial Team • 9 min read
Photo: Growtika Cyber Watch Active Exploitation of CVE-2025-59718 Raises Urgency for Fortinet Users Active exploitation of a Fortinet authentication bypass highlights the need to review SSO settings and apply updates promptly. Editorial Team • 3 min read
Photo: Glen Carrie Skills Lab Weaponizing Shodan: From Adversarial Recon to Continuous Defense Learn how to weaponize dorks for red teaming or automate perimeter defense. Editorial Team • 3 min read
GeoSphere China's AI Justice Pipeline: New Research Maps Surveillance Infrastructure ASPI exposes how Chinese LLMs systematically censor images and text while AI powers mass surveillance across justice systems. Editorial Team • 6 min read
Arkime Logo Skills Lab Arkime: Practical Network Traffic Visibility at Scale Arkime captures and indexes network traffic so teams can search, review, and understand activity across large environments. Editorial Team • 3 min read
Cyber Watch Roundcube Webmail Vulnerabilities Prompt Urgent Updates Roundcube Webmail vulnerabilities fixed in new releases address XSS and data leakage risks. Users are urged to update immediately. Editorial Team • 2 min read
Cyber Watch CISA Flags Active Exploitation of WinRAR and Windows Vulnerabilities CISA adds CVE-2025-6218 WinRAR and CVE-2025-62221 Windows vulnerabilities to KEV catalog after confirming active exploitation in attacks. Editorial Team • 4 min read
