Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.

government-backed attacks

mobile spyware
iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200)

A zero-click attack leveraging a freshly disclosed Messages vulnerability (CVE-2025-43200) has infected the iPhones of two European journalists with Paragon’s Graphite …

ConnectWise
Attackers breached ConnectWise, compromised customer ScreenConnect instances

A suspected “sophisticated nation state actor” has compromised ScreenConnect cloud instances of a “very small number” of ConnectWise customers, the …

hand
Microsoft, Dutch security agencies lift veil on Laundry Bear cyber espionage group

The Dutch intelligence and security services have identified a new Russia-affiliated threat group that has been breaching government organizations and commercial entities in …

Ivanti
Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations

CVE-2025-4427 and CVE-2025-4428 – the two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have been exploited in the wild as zero-days and patched by Ivanti …

0-day exploits
44% of the zero-days exploited in 2024 were in enterprise solutions

In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety of …

Microsoft 365 phishing
Attackers phish OAuth codes, take over Microsoft 365 accounts

Suspected Russian threat actors are using OAuth-based phishing attacks to get targets to grant them access to their Microsoft 365 (M365) accounts. “The primary tactics …

Microsoft 365 phishing
Threat actors are using legitimate Microsoft feature to compromise M365 accounts

Suspected Russian threat actors have been taking advantage of Microsoft Device Code Authentication to trick targets into granting them access to their Microsoft 365 (M365) …

U.S. Department of the Treasury
CISA says Treasury was the only US agency breached via BeyondTrust

The US Cybersecurity and Infrastructure Security Agency (CISA) has shared on Monday that the Treasury Department was the only US federal agency affected by the recent …

eyes
How widespread is mercenary spyware? More than you think

A targeted hunt on 2,500 mobile devices for indicators of compromise associated with mercenary spyware has revealed that its use is not as rare as one would hope. The results …

wireless
Faraway Russian hackers breached US organization via Wi-Fi

Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems …

North Korea
Private US companies targeted by Stonefly APT

Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat …

FBI
FBI forced Flax Typhoon to abandon its botnet

A botnet operated by the Chinese state-sponsored threat actor known as Flax Typhoon has been disrupted by the law enforcement agency and abandoned by the group, FBI Director …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools