Photo: Vadim Artyukhin Cyber Watch Crypto Theft Campaign Exploits NuGet Packages for Months Security researchers uncovered 14 malicious NuGet packages that impersonated legitimate cryptocurrency tools to steal funds and OAuth tokens. The campaign ran undetected from July through October 2025, using social engineering tactics. Editorial Team • 4 min read
Photo by Pankaj Patel Cyber Watch WhatsApp-Stealing Malware Lurked in NPM Package With 56,000 Downloads Researchers at Koi Security have uncovered a malicious npm package that stole WhatsApp credentials and messages while functioning perfectly as a legitimate API library. The lotusbail package accumulated over 56,000 downloads in six months. Editorial Team • 3 min read
Illustration - Hacking group with Iran flag GeoSphere Iranian Hacking Group Puts $30,000 Bounties on Israeli Defense Engineers The Handala hacking group claims to have exposed 14 Israeli engineers working on drone programs, offering $30,000 rewards for each. The threats follow attacks on politicians including Bennett, whose Telegram was compromised. Israeli security sources haven't verified the claims. Editorial Team • 3 min read
Illustration (Credit: Security.land) Business Shield Quantum, 6G, and AI: Decoding the 2025 NCS Guide Seven years after its debut, the National Cybersecurity Strategy (NCS) Guide enters its 3rd edition. This 2025 update marks a pivotal shift from "planning" to "sustainable execution," introducing new mandates for funding and resource management. SC • 6 min read
Illustration (Credit: Security.land) Threat Horizon Cybercriminals Impersonate Trend Micro in Multi-Sector Attack A sophisticated threat actor with possible links to Russian hybrid-threat groups impersonated Trend Micro security advisories to target defense contractors, energy companies, and cybersecurity firms. The attack chain was stopped before final payload deployment. Editorial Team • 5 min read
Watchguard Logo (Photo: Watchguard, Edit: Security.land) Cyber Watch Inside CVE-2025-14733: The Unauthenticated RCE Hitting WatchGuard Firewalls Analysis of CVE-2025-14733, a critical WatchGuard Firebox vulnerability. Learn why unauthenticated RCE persists even after deleting vulnerable VPN configurations. Editorial Team • 3 min read
Photo: Kvistholt cisco Cisco Email Gateways Under Attack by Chinese APT Group Chinese threat actor UAT-9686 deploys AquaShell backdoor on Cisco Secure Email Gateway appliances with custom persistence. SC • 4 min read
Illustration of Threat Actor BlindEagle with Colombia flag in background Threat Horizon BlindEagle APT Deploys Dual Remote Access Trojans Against Colombian Government Infrastructure Zscaler documents BlindEagle APT's attack on Colombian government using steganography and dual RAT deployment in September 2025. Editorial Team • 5 min read
Red Hat Red Hat Strengthens AI Security Portfolio with Chatterbox Labs Acquisition Red Hat acquires Chatterbox Labs to integrate model-agnostic AI safety testing and guardrails into enterprise AI platform. Editorial Team • 4 min read
Infected PNG image (Illustration) Threat Horizon GhostPoster Campaign: How Malicious Firefox Extensions Hide Code in Logo Files Security researchers discover 17 Firefox extensions using PNG steganography to hide multi-stage malware affecting 50,000+ users. SL • 5 min read
SAP Logo (Photo: SAP, Edit: Security.land) Cyber Watch SAP December Patches Address 15 Flaws Including Solution Manager RCE SAP's December 2025 patches fix 15 vulnerabilities including critical 9.9 CVSS Solution Manager code injection and Tomcat flaws in Commerce Cloud. Editorial Team • 9 min read
Photo: Growtika Cyber Watch Active Exploitation of CVE-2025-59718 Raises Urgency for Fortinet Users Active exploitation of a Fortinet authentication bypass highlights the need to review SSO settings and apply updates promptly. Editorial Team • 3 min read
Photo: Glen Carrie Skills Lab Weaponizing Shodan: From Adversarial Recon to Continuous Defense Learn how to weaponize dorks for red teaming or automate perimeter defense. Editorial Team • 3 min read
GeoSphere China's AI Justice Pipeline: New Research Maps Surveillance Infrastructure ASPI exposes how Chinese LLMs systematically censor images and text while AI powers mass surveillance across justice systems. Editorial Team • 6 min read
ReliaQuest Logo (Photo: ReliaQuest, Edit: Security.land) Threat Horizon How Storm-0249 Abuses EDR Trust: A Breakdown of New ReliaQuest Findings New ReliaQuest research reveals IAB Storm-0249 is sideloading malicious DLLs via legitimate EDR processes to evade detection. SL • 4 min read
ESET Logo (Photo: Eset, Edit: Security.land) Business Shield AI-Powered Ransomware Emerges as Cyber Threats Surge in H2 2025 ESET uncovers PromptLock, first AI-driven ransomware, as cyber threats evolve rapidly. CloudEyE surges 30x while ransomware victims jump 40%. SL • 5 min read
