The following advisories/alerts from Novacoast are intended to brief users and administrators on newly discovered threats, vulnerabilities, and critical software updates.
Weekly Top 10: 07.28.2025: CryptoJacking is Dead; Coyote in the Wild: First-Ever Malware That Abuses UI Automation; SharePoint Under Siege, and More.
CryptoJacking is Dead; Coyote in the Wild: First-Ever Malware That Abuses UI Automation; SharePoint Under Siege
Weekly Top 10: 07.21.2025: Hackers Use GitHub to Host Malware Payload; Critical Cisco Zero-Day Allows Root Access Without Password; Google Patches Chrome Zero-Day Used for Sandbox Escape, and More.
Hackers Use GitHub to Host Malware Payload; Critical Cisco Zero-Day Allows Root Access Without Password; Google…
Weekly Top 10: 07.14.2025: DoNot APT Group Targets European Government Entities; McDonald’s AI Hiring System Exposed 64 Million Applicants; Malicious Browser Extensions Infect 2.3 Million Users, and More.
DoNot APT Group Targets European Government Entities; McDonald's AI Hiring System Exposed 64 Million Applicants;…
Weekly Top 10: 07.07.2025: 600,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability; FoxyWallet: 40+ Malicious Firefox Extensions Exposed; Filefix Part 2: Social Engineering via HTML Applications, and More.
600,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability; FoxyWallet: 40+ Malicious Firefox…
Weekly Top 10: 06.30.2025: Cybercrime Surging Across Africa; New Exploits Target CitrixBleed-2 Vulnerability; Microsoft 365 Abuse Enables Phishing from Trusted Sources, and More.
Cybercrime Surging Across Africa; New Exploits Target CitrixBleed-2 Vulnerability; Microsoft 365 Abuse Enables…
Weekly Top 10: 06.23.2025: Initial Access Broker of Ransomware Group Ryuk Extradited to the U.S.; Cloudflare Blocked a Record 7.3 Tbps DDoS Attack; Record 16 Billion Credentials Leaked on Hacking Forum, and More.
Initial Access Broker of Ransomware Group Ryuk Extradited to the U.S.; Cloudflare Blocked a Record 7.3 Tbps DDoS…
Weekly Top 10: 06.16.2025: Fog Ransomware: Unusual Toolset Used in Recent Attack; EchoLeak: Critical Zero-Click AI Vulnerability in Microsoft 365 Copilot; Stealth Falcon’s Exploit of Microsoft Zero-Day Vulnerability, and More.
Fog Ransomware: Unusual Toolset Used in Recent Attack; EchoLeak: Critical Zero-Click AI Vulnerability in Microsoft…
Weekly Top 10: 06.09.2025: PathWiper Malware Targets Ukrainian Infrastructure; Zero-Click iMessage Exploit Used Against EU and U.S. Officials; Fake AI Tools Used to Distribute Ransomware and More.
PathWiper Malware Targets Ukrainian Infrastructure; Zero-Click iMessage Exploit Used Against EU and U.S. Officials;…
Weekly Top 10: 06.02.2025: Threat Actors Abuse Google Apps Script in Evasive Phishing Attacks; Cybercriminals Camouflaging Threats as AI Tool Installers; Mark Your Calendar: APT41 Innovative Tactics, and More.
Threat Actors Abuse Google Apps Script in Evasive Phishing Attacks; Cybercriminals Camouflaging Threats as AI Tool…
Weekly Top 10: 05.26.2025: Botnets Disrupted Worldwide… Operation Endgame Is Back; Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks; M&S’ $400 Million Cyberattack Upheaval to Linger Into July; and More.
Botnets Disrupted Worldwide… Operation Endgame Is Back; Chinese Hackers Exploit Ivanti EPMM Bugs in Global…
Weekly Top 10: 05.19.2025: Two 0-Day Exploits in Ivanti Endpoint Management Used in the Wild; Windows 10 Updates Cause Bootlocker Encryption; AI Vishing Campaign Impersonates Government Officials; and More.
Two 0-Day Exploits in Ivanti Endpoint Management Used in the Wild; Windows 10 Updates Cause Bootlocker Encryption; AI…
Weekly Top 10: 05.12.2025: Critical Code Execution Flaw Patched in LangFlow; CISA Warns Threat Actors are Targeting Energy and Transportation Systems Sectors, Google Patches Zero-Click RCE Flaw on Android, and More.
Critical Code Execution Flaw Patched in LangFlow; CISA Warns Threat Actors are Targeting Energy and Transportation…