Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog – Page 4

Get the latest international news and world events from around the world.

Log in for authorized contributors

Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation

In a report published earlier this week, Fortra said phishing kits associated with the Smishing Triad are being used to increasingly target brokerage accounts to obtain banking credentials and authentication codes, with attacks targeting these accounts witnessing a fivefold jump in the second quarter of 2025 compared to the same period last year.

“Once compromised, attackers manipulate stock market prices using ‘ramp and dump’ tactics,” security researcher Alexis Ober said. “These methods leave almost no paper trail, further heightening the financial risks that arise from this threat.”

The adversarial collective is said to have evolved from a dedicated phishing kit purveyor into a “highly active community” that brings together disparate threat actors, each of whom plays a crucial role in the phishing-as-a-service (PhaaS) ecosystem.

Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation

Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild.

The vulnerability in question is CVE-2025–59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant as part of its Patch Tuesday update published last week.

APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign

A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT.

The activity, observed in August and September 2025 by Sekoia, has been attributed to Transparent Tribe (aka APT36), a state-sponsored hacking group known to be active since at least 2013. It also builds upon a prior campaign disclosed by CYFIRMA in August 2025.

The attack chains involve sending phishing emails containing a ZIP file attachment, or in some cases, a link pointing to an archive hosted on legitimate cloud services like Google Drive. Present within the ZIP file is a malicious Desktop file embedding commands to display a decoy PDF (“CDS_Directive_Armed_Forces.pdf”) using Mozilla Firefox while simultaneously executing the main payload.

Hackers launch mass attacks exploiting outdated WordPress plugins

A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code execution (RCE).

WordPress security firm Wordfence says that it blocked 8.7 million attack attempts against its customers in just two days, October 8 and 9.

The campaign expoits three flaws, tracked as CVE-2024–9234, CVE-2024–9707, and CVE-2024–11972, all rated critical (CVSS 9.8).

Amazon: This week’s AWS outage caused by major DNS failure

Amazon says a major DNS failure was behind a massive AWS (Amazon Web Services) outage that took down many websites and online services on Monday.

As BleepinComputer reported earlier this week, this incident impacted a critical Northern Virginia data center in the US-EAST-1 region, affecting users worldwide, including the United States and Europe, for over 14 hours.

According to a post-mortem published on Thursday, a race condition caused a major DNS failure in Amazon DynamoDB’s infrastructure, specifically within its DNS management system that controls how user requests are routed to healthy servers, which led to the accidental deletion of all IP addresses for the database service’s regional endpoint.

/* */