<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
     xmlns:dc="http://purl.org/dc/elements/1.1/"
     xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
     xmlns:admin="http://webns.net/mvcb/"
     xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
     xmlns:content="http://purl.org/rss/1.0/modules/content/"
     xmlns:media="http://search.yahoo.com/mrss/">
<channel>
    <title>F6D News Magazine &amp; : Thehackernews</title>
    <link>https://friendly6design.com/blog/rss/category/thehackernews</link>
    <description>F6D News Magazine &amp; : Thehackernews</description>
    <dc:language>en</dc:language>
    <dc:creator></dc:creator>
    <dc:rights>Copyright 2024 &amp; All Rights Reserved.</dc:rights>
    <item>
        <title>Researchers Expose SVG and PureRAT Phishing Threats Targeting Ukraine and Vietnam</title>
        <link>https://friendly6design.com/blog/researchers-expose-svg-and-purerat-phishing-threats-targeting-ukraine-and-vietnam</link>
        <guid>https://friendly6design.com/blog/researchers-expose-svg-and-purerat-phishing-threats-targeting-ukraine-and-vietnam</guid>
        <description><![CDATA[ A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader, which is then used to drop Amatera Stealer and PureMiner.
&quot;The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipients into opening harmful attachments,&quot; Fortinet FortiGuard Labs researcher Yurren Wan said in a report shared with The ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoAlwqZyRSOLUD2jXOxiKCOPZAMh081oe9ijFtBbCQqlFj5f_lZrJGiV1gJdkuipyKN_MhD1KpjlpLUG9bXgXxsH5XnLSuvGa3myeul0PlTZ7A6qsrToao7i6Hp68F4O0SghREIqMb3ae8zsJb0PJcKWHhRHpPt9r4pSGqXdFFEIC98sn6s5ezuAuCBdRi/s1600/phishing-malware.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Sat, 27 Sep 2025 16:08:27 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>Researchers, Expose, SVG, and, PureRAT, Phishing, Threats, Targeting, Ukraine, and, Vietnam</media:keywords>
    </item>
    <item>
        <title>New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia&amp;Focused Cyberattacks</title>
        <link>https://friendly6design.com/blog/new-coldriver-malware-campaign-joins-bo-team-and-bearlyfy-in-russia-focused-cyberattacks</link>
        <guid>https://friendly6design.com/blog/new-coldriver-malware-campaign-joins-bo-team-and-bearlyfy-in-russia-focused-cyberattacks</guid>
        <description><![CDATA[ The Russian advanced persistent threat (APT) group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed to deliver two new &quot;lightweight&quot; malware families tracked as BAITSWITCH and SIMPLEFIX.
Zscaler ThreatLabz, which detected the new multi-stage ClickFix campaign earlier this month, described BAITSWITCH as a downloader that ultimately drops SIMPLEFIX, a ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisnJh-FwOR3TIH2wrmMy6LbKODML-Wuy7U6XrUHwH0JS7mIENzHrAcrRMplrmNee_xfdLqgBIb17Pa2M-EAbwNbhveObIkBCXfz2_YNRSbobJE56S8RRu1Lm4kIUXNS8FHolW6_c2fr3fQRwRu6l49yEtQcJxv9R1JodAhb-bbgrWMT6UN2jm3lzLRIo-h/s1600/russian-cyberattack.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Sat, 27 Sep 2025 16:08:27 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>New, COLDRIVER, Malware, Campaign, Joins, Team, and, Bearlyfy, Russia-Focused, Cyberattacks</media:keywords>
    </item>
    <item>
        <title>Crash Tests for Security: Why BAS Is Proof of Defense, Not Assumptions</title>
        <link>https://friendly6design.com/blog/crash-tests-for-security-why-bas-is-proof-of-defense-not-assumptions</link>
        <guid>https://friendly6design.com/blog/crash-tests-for-security-why-bas-is-proof-of-defense-not-assumptions</guid>
        <description><![CDATA[ Car makers don’t trust blueprints. They smash prototypes into walls. Again and again. In controlled conditions.
Because design specs don’t prove survival. Crash tests do. They separate theory from reality. Cybersecurity is no different. Dashboards overflow with “critical” exposure alerts. Compliance reports tick every box. 
But none of that proves what matters most to a CISO:

The ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYJtSnsGL2bE5IBGl6fRHAKxJsPBYP6DnwI9UuUgccYDjOk-fXDUCD971EHNElzJ0uCHg_CFVfSOhVJ7N0CqLuqgxiQhRw9UnPXONa8m3wAWCPGr6Q_lqxc5BFFjNx0arZBFTKILhkL5Vn3k5vCMDMQa_PDwqYzZlOz62hJzLhWiCDqcVMSI0II2R2C3I/s1600/main.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Sat, 27 Sep 2025 16:08:27 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>Crash, Tests, for, Security:, Why, BAS, Proof, Defense, Not, Assumptions</media:keywords>
    </item>
    <item>
        <title>Fortra GoAnywhere CVSS 10 Flaw Exploited as 0&amp;Day a Week Before Public Disclosure</title>
        <link>https://friendly6design.com/blog/fortra-goanywhere-cvss-10-flaw-exploited-as-0-day-a-week-before-public-disclosure</link>
        <guid>https://friendly6design.com/blog/fortra-goanywhere-cvss-10-flaw-exploited-as-0-day-a-week-before-public-disclosure</guid>
        <description><![CDATA[ Cybersecurity company watchTowr Labs has disclosed that it has &quot;credible evidence&quot; of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer (MFT) software as early as September 10, 2025, a whole week before it was publicly disclosed.
&quot;This is not &#039;just&#039; a CVSS 10.0 flaw in a solution long favored by APT groups and ransomware operators – it is a ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEja2kVUoejtSEYQNnkOwnDChkzaGNYeXDK4DJ4hLJKc8iYFRgTiV8Q4ED_5mdnuCzdtg_97Fzes2KZKsM31YPII2tNaxLofo_yF1wLcs_R7k4UCUOlFPTYArbbmS8Ye0GpUswEjAgNgN63xxcp7g12_lG4m9CcPcxT2I3PwKeB1Tzv3lcOoTHGcOKm2gelt/s1600/forta-hack.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Fri, 26 Sep 2025 17:42:32 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>Fortra, GoAnywhere, CVSS, Flaw, Exploited, 0-Day, Week, Before, Public, Disclosure</media:keywords>
    </item>
    <item>
        <title>New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module</title>
        <link>https://friendly6design.com/blog/new-macos-xcsset-variant-targets-firefox-with-clipper-and-persistence-module</link>
        <guid>https://friendly6design.com/blog/new-macos-xcsset-variant-targets-firefox-with-clipper-and-persistence-module</guid>
        <description><![CDATA[ Cybersecurity researchers have discovered an updated version of a known Apple macOS malware called XCSSET that has been observed in limited attacks.
&quot;This new variant of XCSSET brings key changes related to browser targeting, clipboard hijacking, and persistence mechanisms,&quot; the Microsoft Threat Intelligence team said in a Thursday report.
&quot;It employs sophisticated encryption and obfuscation ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1NQZ1_CMdaFHeJjrt-6LSIVEQ7v4DE1j8qVuoGeZ5jZbnLtLKNP0529bksz1qw4VpBFjyvOYj7bw26VzjQ1_IkJOWN1tjHBx6surinXOv5J3BklKlyKMWF48RbwB6MV0AlgaVqOVhLxbMp2oFqivLoeM1zOuw3azsY0TuQsXikV55FPhUwPNs1QiJcZN8/s1600/macos-firefox.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Fri, 26 Sep 2025 17:42:32 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>New, macOS, XCSSET, Variant, Targets, Firefox, with, Clipper, and, Persistence, Module</media:keywords>
    </item>
    <item>
        <title>Cisco ASA Firewall Zero&amp;Day Exploits Deploy RayInitiator and LINE VIPER Malware</title>
        <link>https://friendly6design.com/blog/cisco-asa-firewall-zero-day-exploits-deploy-rayinitiator-and-line-viper-malware</link>
        <guid>https://friendly6design.com/blog/cisco-asa-firewall-zero-day-exploits-deploy-rayinitiator-and-line-viper-malware</guid>
        <description><![CDATA[ The U.K. National Cyber Security Centre (NCSC) has revealed that threat actors have exploited the recently disclosed security flaws impacting Cisco firewalls as part of zero-day attacks to deliver previously undocumented malware families like RayInitiator and LINE VIPER.
&quot;The RayInitiator and LINE VIPER malware represent a significant evolution on that used in the previous campaign, both in ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWfMTQLxeF3RLBZoIJt8nS7Zi6tnOUDgY455SYJUrSBh5FJWNpJQnwz8rXbbEPU9dUSqDjOn1VdAAvsd44JBp34DTdntlA-MQ2YV8PYEk-GEcPS1yiovnVqH7M50ElD5hMtYz7AEPzMbYEfPfwhA7hpum3_sXx4q5gf9x5uK7T85fGbwhaZWLfYjAM7NO0/s1600/cisco-firewall-hack.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Fri, 26 Sep 2025 17:42:32 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>Cisco, ASA, Firewall, Zero-Day, Exploits, Deploy, RayInitiator, and, LINE, VIPER, Malware</media:keywords>
    </item>
    <item>
        <title>Urgent: Cisco ASA Zero&amp;Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive</title>
        <link>https://friendly6design.com/blog/urgent-cisco-asa-zero-day-duo-under-attack-cisa-triggers-emergency-mitigation-directive</link>
        <guid>https://friendly6design.com/blog/urgent-cisco-asa-zero-day-duo-under-attack-cisa-triggers-emergency-mitigation-directive</guid>
        <description><![CDATA[ Cisco is urging customers to patch two security flaws impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software, which it said have been exploited in the wild.
The zero-day vulnerabilities in question are listed below -

CVE-2025-20333 (CVSS score: 9.9) - An improper validation of user-supplied input ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjb62bTFQ5J-V9tH8fTA9NS07AsTjPNVMSznx_nisSoruMwRCXxwy-p9UzEqHwcGveaBix09mJL-kAgY0HUR3bJOQhEgR-fWgL2qwB1PM472WS_juPcOvBMpEPPPfVgpkfmuiMF-UY7OjMr-g1g0XuUy8H5o5DUGw62dxpN4mCU6nFz_0ZOyaUtamXRu7bA/s1600/CISCO.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Fri, 26 Sep 2025 17:42:32 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>Urgent:, Cisco, ASA, Zero-Day, Duo, Under, Attack, CISA, Triggers, Emergency, Mitigation, Directive</media:keywords>
    </item>
    <item>
        <title>Threatsday Bulletin: Rootkit Patch, Federal Breach, OnePlus SMS Leak, TikTok Scandal &amp;amp; More</title>
        <link>https://friendly6design.com/blog/threatsday-bulletin-rootkit-patch-federal-breach-oneplus-sms-leak-tiktok-scandal-more</link>
        <guid>https://friendly6design.com/blog/threatsday-bulletin-rootkit-patch-federal-breach-oneplus-sms-leak-tiktok-scandal-more</guid>
        <description><![CDATA[ Welcome to this week’s Threatsday Bulletin—your Thursday check-in on the latest twists and turns in cybersecurity and hacking.
The digital threat landscape never stands still. One week it’s a critical zero-day, the next it’s a wave of phishing lures or a state-backed disinformation push. Each headline is a reminder that the rules keep changing and that defenders—whether you’re protecting a ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhhcTVBSljV167XcVrNefBX_9E-GKoGEpVyEhbo6JbjPX5fPqIqx4OBCpYxENtfaQ4n_uXaDENQecf1WTXsHknN2_ByI0X9LcJjTTz2ljswXY4QIMhkeqVMiELcZigSJeo1Td9RRmkVmLCItLaZeq21oaZiPPFXThqtEMpXyxncUEzYVeiBjhrIuIZdz8o/s1600/threatsday-bulletin-thehackernews.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Fri, 26 Sep 2025 17:42:32 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>Threatsday, Bulletin:, Rootkit, Patch, Federal, Breach, OnePlus, SMS, Leak, TikTok, Scandal, More</media:keywords>
    </item>
    <item>
        <title>Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network</title>
        <link>https://friendly6design.com/blog/vane-viper-generates-1-trillion-dns-queries-to-power-global-malware-and-ad-fraud-network</link>
        <guid>https://friendly6design.com/blog/vane-viper-generates-1-trillion-dns-queries-to-power-global-malware-and-ad-fraud-network</guid>
        <description><![CDATA[ The threat actor known as Vane Viper has been outed as a purveyor of malicious ad technology (adtech), while relying on a tangled web of shell companies and opaque ownership structures to deliberately evade responsibility.
&quot;Vane Viper has provided core infrastructure in widespread malvertising, ad fraud, and cyberthreat proliferation for at least a decade,&quot; Infoblox said in a technical report ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgACgcY6iS46tSnKsUOplfcpI856B3PBsY1td-4D-AFjBFKOVQkx34QXX3WuWvZ2Q8x_CL_NxG9xumSoYMKLzbLxwp-L4j84zw4YKZK3WGn53o48LG51_1el7oMXH_DayA_tOHP8JcSC5c4KaobwyQEkxqzKxHqRLKU-tvjz6zKOPrTy4gwLUlcjC9RPAnB/s1600/malware-ads.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Fri, 26 Sep 2025 17:42:32 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>Vane, Viper, Generates, Trillion, DNS, Queries, Power, Global, Malware, and, Fraud, Network</media:keywords>
    </item>
    <item>
        <title>Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection</title>
        <link>https://friendly6design.com/blog/salesforce-patches-critical-forcedleak-bug-exposing-crm-data-via-ai-prompt-injection</link>
        <guid>https://friendly6design.com/blog/salesforce-patches-critical-forcedleak-bug-exposing-crm-data-via-ai-prompt-injection</guid>
        <description><![CDATA[ Cybersecurity researchers have disclosed a critical flaw impacting Salesforce Agentforce, a platform for building artificial intelligence (AI) agents, that could allow attackers to potentially exfiltrate sensitive data from its customer relationship management (CRM) tool by means of an indirect prompt injection.
The vulnerability has been codenamed ForcedLeak (CVSS score: 9.4) by Noma Security, ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhW4zsFxo74bTB95c9Yy2f4iRKMQQVMF8x-NuQh-XAeZnUHEsBDcZ3YfzF71UYmDIX0G1W3ypTJov6cuqPPhmEnZN6zwMqrUpvNPlXN0Ad5ipw8UbAR_XtBqIDB4DR71lgn-bMt9lBmvXwsXqifB2lraLt-vplEHtqLxtfzZVkm0r1mhdbnKVJrWpzXulu2/s1600/salesforce-hack.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Fri, 26 Sep 2025 17:42:32 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>Salesforce, Patches, Critical, ForcedLeak, Bug, Exposing, CRM, Data, via, Prompt, Injection</media:keywords>
    </item>
    <item>
        <title>North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers</title>
        <link>https://friendly6design.com/blog/north-korean-hackers-use-new-akdoortea-backdoor-to-target-global-crypto-developers</link>
        <guid>https://friendly6design.com/blog/north-korean-hackers-use-new-akdoortea-backdoor-to-target-global-crypto-developers</guid>
        <description><![CDATA[ The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented backdoor called AkdoorTea, along with tools like TsunamiKit and Tropidoor.
Slovak cybersecurity firm ESET, which is tracking the activity under the name DeceptiveDevelopment, said the campaign targets software developers across all operating systems, Windows, ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKx-m4Llu-JjT5-ZgnVa6xG-2blVESaLBZmOuzGKzZYmWeAX8PQc_114hWtShLw5xtBPqaIea_xsDKVnAL-LBhZHV9x7NRIK1sx4cknhxE2LvzOG1hfAX5VWHhYmIYk_tNB_bYh8JSEUE_HGlXHAHb0dTEXgbCXx_Q9PQEDdbPkU_JA55I3SvLYM2QkcPR/s1600/crypto-hacker.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Fri, 26 Sep 2025 17:42:32 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>North, Korean, Hackers, Use, New, AkdoorTea, Backdoor, Target, Global, Crypto, Developers</media:keywords>
    </item>
    <item>
        <title>CTEM&amp;apos;s Core: Prioritization and Validation</title>
        <link>https://friendly6design.com/blog/ctems-core-prioritization-and-validation</link>
        <guid>https://friendly6design.com/blog/ctems-core-prioritization-and-validation</guid>
        <description><![CDATA[ Despite a coordinated investment of time, effort, planning, and resources, even the most up-to-date cybersecurity systems continue to fail. Every day. Why? 
It’s not because security teams can&#039;t see enough. Quite the contrary. Every security tool spits out thousands of findings. Patch this. Block that. Investigate this. It&#039;s a tsunami of red dots that not even the most crackerjack team on ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-0LE8RZB21DBdjD5890kan0XwMe_QTPquZsIo2FyqD_30tNhGmBsdvbejLU3kk7HI48tcC36jMHokQUjJuJa0VqX54EnZnc_jRbQkDU5IbJ95RiOteU-W_FJMWW4_IxtextHd57x9rJEvIvwjVvLWDfSXDuyW0AL84YmrE4BllnkbUr9ykNqUz5JDJYQ/s1600/picus-main.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Fri, 26 Sep 2025 17:42:32 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>CTEMs, Core:, Prioritization, and, Validation</media:keywords>
    </item>
    <item>
        <title>Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds</title>
        <link>https://friendly6design.com/blog/tech-overtakes-gaming-as-top-ddos-attack-target-new-gcore-radar-report-finds</link>
        <guid>https://friendly6design.com/blog/tech-overtakes-gaming-as-top-ddos-attack-target-new-gcore-radar-report-finds</guid>
        <description><![CDATA[ The latest Gcore Radar report analyzing attack data from Q1–Q2 2025, reveals a 41% year-on-year increase in total attack volume. The largest attack peaked at 2.2 Tbps, surpassing the 2 Tbps record in late 2024. Attacks are growing not only in scale but in sophistication, with longer durations, multi-layered strategies, and a shift in target industries. Technology now overtakes gaming as the most ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJocroYsopaGGyWPc2RaU-XbxD6sK8eW7A7v7iWtMnQV0gLgQ4e_F5l3koZ2pJXGyoV9cFZM88Wu9Jy-O2mQaBoD0tcMntXI85a1bnkNEW-nmvk-Z1UwouKgBGFX84F5XuZfsJlrDxCLeFmMXfJvoQUFNVMqfivdvkk0-h4Dl5seiVLsc5VIbPdV9112Q/s1600/ddos.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Thu, 25 Sep 2025 18:11:53 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>Tech, Overtakes, Gaming, Top, DDoS, Attack, Target, New, Gcore, Radar, Report, Finds</media:keywords>
    </item>
    <item>
        <title>Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed</title>
        <link>https://friendly6design.com/blog/malicious-rust-crates-steal-solana-and-ethereum-keys-8424-downloads-confirmed</link>
        <guid>https://friendly6design.com/blog/malicious-rust-crates-steal-solana-and-ethereum-keys-8424-downloads-confirmed</guid>
        <description><![CDATA[ Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and Ethereum wallet keys from source code.
The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased on May 25, 2025, amassing 8,424 downloads in total, according to software supply chain ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheeB2-qigE_w1q0O91fb_WY3suGleuiLKD6d4I1712YjTGuyR_ZYH0AWl7ELaPvR5JcYqlCAXwuiJYUXR4A6TfLq-00iMwc25HSqrflxzRyAs3O2HkqDuVNC4W_WB-wxI6_rY-TPQeO_NjaQzmOe1Y8WiNMjrwOFhifAROfcxg_6NpfuC0H1yk7daVZ61l/s1600/rust.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Thu, 25 Sep 2025 18:11:53 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>Malicious, Rust, Crates, Steal, Solana, and, Ethereum, Keys, —, 8, 424, Downloads, Confirmed</media:keywords>
    </item>
    <item>
        <title>Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software</title>
        <link>https://friendly6design.com/blog/cisco-warns-of-actively-exploited-snmp-vulnerability-allowing-rce-or-dos-in-ios-software</link>
        <guid>https://friendly6design.com/blog/cisco-warns-of-actively-exploited-snmp-vulnerability-allowing-rce-or-dos-in-ios-software</guid>
        <description><![CDATA[ Cisco has warned of a high-severity security flaw in IOS Software and IOS XE Software that could allow a remote attacker to execute arbitrary code or trigger a denial-of-service (DoS) condition under specific circumstances.
The company said the vulnerability, CVE-2025-20352 (CVSS score: 7.7), has been exploited in the wild, adding it became aware of it &quot;after local Administrator credentials were ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3RfrdWU9VV6G5nkOT2YqkBSMNHoEgz0v1CfVo9ckW_h6d_QwvGwOfZ_5WgN0R2flWTLLac5MvGoH-8cSCzhdIjRYxl_ZeFltaflycMbYlwdf0yg2WcbEXUatlTstCR_kOG6qFLme2BRLSCZ3HM3ixOs3cQTnSNJjKqXVxHHw3vkUI9nm9F2yt_XtTzPgE/s1600/cisco-alert.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Thu, 25 Sep 2025 18:11:53 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>Cisco, Warns, Actively, Exploited, SNMP, Vulnerability, Allowing, RCE, DoS, IOS, Software</media:keywords>
    </item>
    <item>
        <title>Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike</title>
        <link>https://friendly6design.com/blog/chinese-hackers-rednovember-target-global-governments-using-pantegana-and-cobalt-strike</link>
        <guid>https://friendly6design.com/blog/chinese-hackers-rednovember-target-global-governments-using-pantegana-and-cobalt-strike</guid>
        <description><![CDATA[ A suspected cyber espionage activity cluster that was previously found targeting global government and private sector organizations spanning Africa, Asia, North America, South America, and Oceania has been assessed to be a Chinese state-sponsored threat actor.
Recorded Future, which was tracking the activity under the moniker TAG-100, has now graduated it to a hacking group dubbed RedNovember. ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0iOhzf61Kc_RZXJ7Alrha3NW7evktwZ7TFGT-jzz1dzn-dOzO7J3OYQdle9u-MdgqRmh6QJwIa6dJdAY9KDnv5mv2Ht958xHgGRNfx63IeYPlCHtDTgm7YXTGodGWX-mjHsCAuqzuVO_rQ41KP2G47VTHHl-yhCh_nzrosG3KDvP4YFpL1598zd8IKqzU/s1600/chinese-hacjker.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Thu, 25 Sep 2025 18:11:53 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>Chinese, Hackers, RedNovember, Target, Global, Governments, Using, Pantegana, and, Cobalt, Strike</media:keywords>
    </item>
    <item>
        <title>UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors</title>
        <link>https://friendly6design.com/blog/unc5221-uses-brickstorm-backdoor-to-infiltrate-us-legal-and-technology-sectors</link>
        <guid>https://friendly6design.com/blog/unc5221-uses-brickstorm-backdoor-to-infiltrate-us-legal-and-technology-sectors</guid>
        <description><![CDATA[ Companies in the legal services, software-as-a-service (SaaS) providers, Business Process Outsourcers (BPOs), and technology sectors in the U.S. have been targeted by a suspected China-nexus cyber espionage group to deliver a known backdoor referred to as BRICKSTORM.
The activity, attributed to UNC5221 and closely related, suspected China-nexus threat clusters, is designed to facilitate ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVHQRjvC6pO0azWfdLYA74JU51lHJwZMFjS8BvUza34zi3aeUm6Za6F3RlGzVBCHXDzd1ZhRbgC_t1R8NLkAKF0fQWoMUUV2rv0LNPuZSu_cpfiiKSZBKWsFjUsvLOHDufigPy7wEEXmHAbZDr8mLFiLn2XE2ruI9iTJXPwymxLaR92Sk9eGXusBtNJ7DU/s1600/backdoor.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Thu, 25 Sep 2025 18:11:53 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>UNC5221, Uses, BRICKSTORM, Backdoor, Infiltrate, U.S., Legal, and, Technology, Sectors</media:keywords>
    </item>
    <item>
        <title>Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models</title>
        <link>https://friendly6design.com/blog/two-critical-flaws-uncovered-in-wondershare-repairit-exposing-user-data-and-ai-models</link>
        <guid>https://friendly6design.com/blog/two-critical-flaws-uncovered-in-wondershare-repairit-exposing-user-data-and-ai-models</guid>
        <description><![CDATA[ Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the system to artificial intelligence (AI) model tampering and supply chain risks.
The critical-rated vulnerabilities in question, discovered by Trend Micro, are listed below -

CVE-2025-10643 (CVSS score: 9.1) - An authentication bypass vulnerability that ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUpI1_woKGeEOBC3QZqRioClIjmzoEC46RzW5QkC_dkhEfpOnn0QZFkVdOkG4PlK6OYusAhV84YBE-AB_3C-DGsU_tjAVEZPn2gR4E6rgoHOgASoruDML6uRNNy1vXhRjTsVRGfCgWS8haCOh_tcaJFyJPberH4yFoVkZcqCZG_ZPibTm3KHSeylUznS89/s1600/software.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Thu, 25 Sep 2025 18:11:53 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>Two, Critical, Flaws, Uncovered, Wondershare, RepairIt, Exposing, User, Data, and, Models</media:keywords>
    </item>
    <item>
        <title>How One Bad Password Ended a 158&amp;Year&amp;Old Business</title>
        <link>https://friendly6design.com/blog/how-one-bad-password-ended-a-158-year-old-business</link>
        <guid>https://friendly6design.com/blog/how-one-bad-password-ended-a-158-year-old-business</guid>
        <description><![CDATA[ Most businesses don&#039;t make it past their fifth birthday - studies show that roughly 50% of small businesses fail within the first five years. So when KNP Logistics Group (formerly Knights of Old) celebrated more than a century and a half of operations, it had mastered the art of survival. For 158 years, KNP adapted and endured, building a transport business that operated 500 trucks ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirDI8JZwP6M6IcPlbAWjIc_BTmx743WfeHsuot9dG6Mih8VasGHMax_Gj2-zwa6dvBaOtpTPkP6zgp5TJ4KhdXO6Iw0MNA7CVQbF23ifCoYpyz7fRMbo7Ffos036kuK-h6HkTjaYFIqbeoTE82HbPNu5EAttCVTF4IJDiuXA2DG0mqvVmKVfnfsOdBuQ4/s1600/password-lock.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Thu, 25 Sep 2025 18:11:53 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>How, One, Bad, Password, Ended, 158-Year-Old, Business</media:keywords>
    </item>
    <item>
        <title>New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus</title>
        <link>https://friendly6design.com/blog/new-yibackdoor-malware-shares-major-code-overlaps-with-icedid-and-latrodectus</link>
        <guid>https://friendly6design.com/blog/new-yibackdoor-malware-shares-major-code-overlaps-with-icedid-and-latrodectus</guid>
        <description><![CDATA[ Cybersecurity researchers have disclosed details of a new malware family dubbed YiBackdoor that has been found to share &quot;significant&quot; source code overlaps with IcedID and Latrodectus.
&quot;The exact connection to YiBackdoor is not yet clear, but it may be used in conjunction with Latrodectus and IcedID during attacks,&quot; Zscaler ThreatLabz said in a Tuesday report. &quot;YiBackdoor is able to execute ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjplUAPDjF0hyphenhyphenyQOrkAsZ8qmoqRF9-oEjd2S_3fPd7EloaNxFEQRUP7I7oHtMyB8LrITqs4BkLUeO84OR7jxedElcNtEVLGbk9v50RvEkNoXxy0yurxaQHE8al9cfSop2SUIffWL7Oael_-cRTHCCejBHW5Mkl82aHX1N2ApbBnn-kEROziezwxcCUOEci1/s1600/malware-code.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Thu, 25 Sep 2025 18:11:53 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>New, YiBackdoor, Malware, Shares, Major, Code, Overlaps, with, IcedID, and, Latrodectus</media:keywords>
    </item>
    <item>
        <title>iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks</title>
        <link>https://friendly6design.com/blog/iframe-security-exposed-the-blind-spot-fueling-payment-skimmer-attacks</link>
        <guid>https://friendly6design.com/blog/iframe-security-exposed-the-blind-spot-fueling-payment-skimmer-attacks</guid>
        <description><![CDATA[ Think payment iframes are secure by design? Think again. Sophisticated attackers have quietly evolved malicious overlay techniques to exploit checkout pages and steal credit card data by bypassing the very security policies designed to stop them.
Download the complete iframe security guide here. 
TL;DR: iframe Security Exposed
Payment iframes are being actively exploited by attackers using ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXiOc_pJXvqXfBKVseXrRh2xKTss_8HZEq93PrHk9wVzIcVgfw1YGKfvFhN6qBViJTonkrZsbvj4YtsslUuU7LpH5ppK62GtoV4CCp0wUTLET5pY8O04cFRWhrc0PxWenOVKbUHIOOVumbjY4ksE_LE5Bdhcd-nQ6V7gqBTiKZrjfHl7YMVABncIjxT1c/s1600/ref.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Thu, 25 Sep 2025 18:11:53 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>iframe, Security, Exposed:, The, Blind, Spot, Fueling, Payment, Skimmer, Attacks</media:keywords>
    </item>
    <item>
        <title>Hackers Exploit Pandoc CVE&amp;2025&amp;51591 to Target AWS IMDS and Steal EC2 IAM Credentials</title>
        <link>https://friendly6design.com/blog/hackers-exploit-pandoc-cve-2025-51591-to-target-aws-imds-and-steal-ec2-iam-credentials</link>
        <guid>https://friendly6design.com/blog/hackers-exploit-pandoc-cve-2025-51591-to-target-aws-imds-and-steal-ec2-iam-credentials</guid>
        <description><![CDATA[ Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services (AWS) Instance Metadata Service (IMDS).
The vulnerability in question is CVE-2025-51591 (CVSS score: 6.5), which refers to a case of Server-Side Request Forgery (SSRF) that allows attackers to ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcKyurAVwFl0xbW7fxmPHdNxWeLJgY1Yae_r4IUGEvwD8a0825wBZI1ntXPxDQhyphenhyphenEgh7Z-mVsIjOCPPsb9Both7X-Qp9fvn6CS-2zXBQcRP5i55_6Zh89eY9LFRBQ1Ac6Cov-299GYptQgS59qKr_jDculJRDg94OoGe1PAHwe3MR5Poy3nKqQ7Fe0ydfU/s1600/aws-hack.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Thu, 25 Sep 2025 18:11:53 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>Hackers, Exploit, Pandoc, CVE-2025-51591, Target, AWS, IMDS, and, Steal, EC2, IAM, Credentials</media:keywords>
    </item>
    <item>
        <title>State&amp;Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability</title>
        <link>https://friendly6design.com/blog/state-sponsored-hackers-exploiting-libraesva-email-security-gateway-vulnerability</link>
        <guid>https://friendly6design.com/blog/state-sponsored-hackers-exploiting-libraesva-email-security-gateway-vulnerability</guid>
        <description><![CDATA[ Libraesva has released a security update to address a vulnerability in its Email Security Gateway (ESG) solution that it said has been exploited by state-sponsored threat actors.
The vulnerability, tracked as CVE-2025-59689, carries a CVSS score of 6.1, indicating medium severity.
&quot;Libraesva ESG is affected by a command injection flaw that can be triggered by a malicious email containing a ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikhC9o89XVtTF8APvUzHWqDjSYVUWJPe2XX1C4SYV-AZpM-D4tG75m5-N8kv1STdI9pXts2I7LgBfZclev07Umd0tUOTXvukSAjVVOhCfMGjm4wW21CR5YmfaPTAdTd0ZoZS_MQGcNYehNqOyywF3TuE-FzoHat71AHET9puQgA0PZDmDO4cqwm31n1AzD/s1600/email-hack.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Thu, 25 Sep 2025 18:11:53 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>State-Sponsored, Hackers, Exploiting, Libraesva, Email, Security, Gateway, Vulnerability</media:keywords>
    </item>
    <item>
        <title>Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security</title>
        <link>https://friendly6design.com/blog/two-new-supermicro-bmc-bugs-allow-malicious-firmware-to-evade-root-of-trust-security</link>
        <guid>https://friendly6design.com/blog/two-new-supermicro-bmc-bugs-allow-malicious-firmware-to-evade-root-of-trust-security</guid>
        <description><![CDATA[ Cybersecurity researchers have disclosed details of two security vulnerabilities impacting Supermicro Baseboard Management Controller (BMC) firmware that could potentially allow attackers to bypass crucial verification steps and update the system with a specially crafted image.
The medium-severity vulnerabilities, both of which stem from improper verification of a cryptographic signature, are ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEha20McHRa6QM9_cLc5Zt0tgtjRrsac1WMDmrRCwhyphenhyphenZDOgR9xL9btaZ6kzvvX3O1qceOw6fEkSwDCvv-5lhAw7FHGAHgCtFH_yMRbmkD6cCiHmTInnVxWNUA2-SmYefabOsra8y_v49M7aDTFMuT52Tt7CWhbFC9wWiYLeQ8fZ-hVYdWCKntdz_vx82qf8U/s1600/bmc-exploit.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Thu, 25 Sep 2025 18:11:53 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>Two, New, Supermicro, BMC, Bugs, Allow, Malicious, Firmware, Evade, Root, Trust, Security</media:keywords>
    </item>
    <item>
        <title>Eurojust Arrests 5 in €100M Cryptocurrency Investment Fraud Spanning 23 Countries</title>
        <link>https://friendly6design.com/blog/eurojust-arrests-5-in-100m-cryptocurrency-investment-fraud-spanning-23-countries</link>
        <guid>https://friendly6design.com/blog/eurojust-arrests-5-in-100m-cryptocurrency-investment-fraud-spanning-23-countries</guid>
        <description><![CDATA[ Law enforcement authorities in Europe have arrested five suspects in connection with an &quot;elaborate&quot; online investment fraud scheme that stole more than €100 million ($118 million) from over 100 victims in France, Germany, Italy, and Spain.
According to Eurojust, the coordinated action saw searches in five places across Spain and Portugal, as well as in Italy, Romania and Bulgaria. Bank accounts ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5oobatV3_B4-rl-GvoauJLZh74T_AWJBmpkvoHXLBa2t-1Q4kdvwCvup0TWxAUQcKIv_f2kQauo9GNQva0b3uVpRo-fGW905t4OztMgGfC8x-sea5OR3l-cjQx7CLDuulCme8_uUalLbpelvZ_YImLAZfR9Pz_KvXPiI7KNL3IT_u0Iy1VkanfxYsVpO8/s1600/crypto-scam.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Thu, 25 Sep 2025 18:11:53 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>Eurojust, Arrests, €100M, Cryptocurrency, Investment, Fraud, Spanning, Countries</media:keywords>
    </item>
    <item>
        <title>U.S. Secret Service Seizes 300 SIM Servers, 100K Cards Threatening U.S. Officials Near UN</title>
        <link>https://friendly6design.com/blog/us-secret-service-seizes-300-sim-servers-100k-cards-threatening-us-officials-near-un</link>
        <guid>https://friendly6design.com/blog/us-secret-service-seizes-300-sim-servers-100k-cards-threatening-us-officials-near-un</guid>
        <description><![CDATA[ The U.S. Secret Service on Tuesday said it took down a network of electronic devices located across the New York tri-state area that were used to threaten U.S. government officials and posed an imminent threat to national security.
&quot;This protective intelligence investigation led to the discovery of more than 300 co-located SIM servers and 100,000 SIM cards across multiple sites,&quot; the Secret ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixeu37lL22sPnYhdiM_5-D-Lihlza-gAEkWEe_sLqDytglogJB1lVDkBr2W87r8HNS6asH-TfqFzhHOHIfjVbbEDbtl-YLAkjoCLl_ItjGAatv9GpC_epDLJ-FHgwjsHCkpX8Ggjf2X8ac9YqHiecSeNl4ejNMwT6ey5L_SrAv6LGlAfQbTazQeAK9IJkN/s1600/sim.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Thu, 25 Sep 2025 18:11:53 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>U.S., Secret, Service, Seizes, 300, SIM, Servers, 100K, Cards, Threatening, U.S., Officials, Near</media:keywords>
    </item>
    <item>
        <title>SolarWinds Releases Hotfix for Critical CVE&amp;2025&amp;26399 Remote Code Execution Flaw</title>
        <link>https://friendly6design.com/blog/solarwinds-releases-hotfix-for-critical-cve-2025-26399-remote-code-execution-flaw</link>
        <guid>https://friendly6design.com/blog/solarwinds-releases-hotfix-for-critical-cve-2025-26399-remote-code-execution-flaw</guid>
        <description><![CDATA[ SolarWinds has released hot fixes to address a critical security flaw impacting its Web Help Desk software that, if successfully exploited, could allow attackers to execute arbitrary commands on susceptible systems.
The vulnerability, tracked as CVE-2025-26399 (CVSS score: 9.8), has been described as an instance of deserialization of untrusted data that could result in code execution. It affects ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFO1p2qWLIaLkEjXvBexuWL8MRzvAn8rhnkmU8V__Gge5ajRgr8Hz1rgLcSPqi5igX4xCZ5_NMO8XjmonjH2PXyDK7ADHR3zlRfwUDZxrQDoIV5LkcVG7LseBYfLT5rkBM8bC1kyWcB5_2ndJ3Ijt-1LYzjr5D9lIIx2xM_4JtRQfPsI8mFvhzUtFYxnGi/s1600/solar.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Thu, 25 Sep 2025 18:11:53 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>SolarWinds, Releases, Hotfix, for, Critical, CVE-2025-26399, Remote, Code, Execution, Flaw</media:keywords>
    </item>
    <item>
        <title>Lean Teams, Higher Stakes: Why CISOs Must Rethink Incident Remediation</title>
        <link>https://friendly6design.com/blog/lean-teams-higher-stakes-why-cisos-must-rethink-incident-remediation</link>
        <guid>https://friendly6design.com/blog/lean-teams-higher-stakes-why-cisos-must-rethink-incident-remediation</guid>
        <description><![CDATA[ Big companies are getting smaller, and their CEOs want everyone to know it. Wells Fargo has cut its workforce by 23% over five years, Bank of America has shed 88,000 employees since 2010, and Verizon&#039;s CEO recently boasted that headcount is &quot;going down all the time.&quot; What was once a sign of corporate distress has become a badge of honor, with executives celebrating lean operations and AI-driven ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQlVnvGq-IDC0o8qlVR75e_SyyVTvZDkhJIRS4ZuxmS9zUR9Mp2T0lf6T_eci1fwcPPvOkxLuKnbcMer8w5n5t25i-Hbc7tz-I8GP3ALBJITweD0L04L9V2b0HvGs4XeUSqu8xQuxKmUhRu5q5eRHBpoZqLPyDxMC2s9XeORr8-xrusCb4nlHC88yC0bs/s1600/GitGuardian.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Thu, 25 Sep 2025 18:11:53 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>Lean, Teams, Higher, Stakes:, Why, CISOs, Must, Rethink, Incident, Remediation</media:keywords>
    </item>
    <item>
        <title>ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS&amp;for&amp;Hire Service</title>
        <link>https://friendly6design.com/blog/shadowv2-botnet-exploits-misconfigured-aws-docker-containers-for-ddos-for-hire-service</link>
        <guid>https://friendly6design.com/blog/shadowv2-botnet-exploits-misconfigured-aws-docker-containers-for-ddos-for-hire-service</guid>
        <description><![CDATA[ Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service (DDoS) attacks against targets of interest.
The ShadowV2 botnet, according to Darktrace, predominantly targets misconfigured Docker containers on Amazon Web Services (AWS) cloud servers to deploy a Go-based malware that turns infected systems into attack nodes ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhub7jH_O-c4YORGMXuQAj_gkVE4mGHcG3R8hUmwiWpN0x9GAWcO6Ldo7z234xmlS4ozxYaGBbA3gZGY5Qaa3yg7U3DRvHMWD73PwzbcoPHcmdNcPHgYfCtppwPDG4KdUOomVrrcjAubZBxw5_mKERXadP3H5dpXz7shgwiwSXOL03LlrpZaEO5zH45KQe5/s1600/code.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Thu, 25 Sep 2025 18:11:53 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>ShadowV2, Botnet, Exploits, Misconfigured, AWS, Docker, Containers, for, DDoS-for-Hire, Service</media:keywords>
    </item>
    <item>
        <title>GitHub Mandates 2FA and Short&amp;Lived Tokens to Strengthen npm Supply Chain Security</title>
        <link>https://friendly6design.com/blog/github-mandates-2fa-and-short-lived-tokens-to-strengthen-npm-supply-chain-security</link>
        <guid>https://friendly6design.com/blog/github-mandates-2fa-and-short-lived-tokens-to-strengthen-npm-supply-chain-security</guid>
        <description><![CDATA[ GitHub on Monday announced that it will be changing its authentication and publishing options &quot;in the near future&quot; in response to a recent wave of supply chain attacks targeting the npm ecosystem, including the Shai-Hulud attack.
This includes steps to address threats posed by token abuse and self-replicating malware by allowing local publishing with required two-factor authentication (2FA), ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZQ-xcQ5PKzdd6Juz8x_31GctkkivtZYfhVKlnZ5tFKbTtwJTtmajAEiqsdZZslnaRPS9Vd3LH4mQTo9agSCG6_cEuoUU_7WCvb1e-MmDytS4hQ1x1xur0u-DTQOYAydatYghaAZjPeBttRMTKNJKmJjWtvxfYOE1UvyltBh-K5fRWNwXIsLh-lv7af27Q/s1600/github-npm.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Thu, 25 Sep 2025 18:11:53 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>GitHub, Mandates, 2FA, and, Short-Lived, Tokens, Strengthen, npm, Supply, Chain, Security</media:keywords>
    </item>
    <item>
        <title>BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells</title>
        <link>https://friendly6design.com/blog/badiis-malware-spreads-via-seo-poisoning-redirects-traffic-plants-web-shells</link>
        <guid>https://friendly6design.com/blog/badiis-malware-spreads-via-seo-poisoning-redirects-traffic-plants-web-shells</guid>
        <description><![CDATA[ Cybersecurity researchers are calling attention to a search engine optimization (SEO) poisoning campaign likely undertaken by a Chinese-speaking threat actor using a malware called BadIIS in attacks targeting East and Southeast Asia, particularly with a focus on Vietnam.
The activity, dubbed Operation Rewrite, is being tracked by Palo Alto Networks Unit 42 under the moniker CL-UNK-1037, where &quot; ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirdKfCc8HShMN7EGpgQG5yltyAaQJauvEcasz01SXuoSQ8wd6eCr8dTYDTvo1H4XDpfZ4iaGshW7IXhHa2CmHi4m73apl6FFJs9swY03Fqaz-SlqTVthbxaRu9Vsbba-GhWkqCg7yCk_Wmu2fIyBplzyVI1pHBJtMm-_cGmWhtzhd4a7PrXbmgat14nzgG/s1600/seo-malware.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Thu, 25 Sep 2025 18:11:53 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>BadIIS, Malware, Spreads, via, SEO, Poisoning, —, Redirects, Traffic, Plants, Web, Shells</media:keywords>
    </item>
    <item>
        <title>ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks</title>
        <link>https://friendly6design.com/blog/comicform-and-sectorj149-hackers-deploy-formbook-malware-in-eurasian-cyberattacks</link>
        <guid>https://friendly6design.com/blog/comicform-and-sectorj149-hackers-deploy-formbook-malware-in-eurasian-cyberattacks</guid>
        <description><![CDATA[ Organizations in Belarus, Kazakhstan, and Russia have emerged as the target of a phishing campaign undertaken by a previously undocumented hacking group called ComicForm since at least April 2025.
The activity primarily targeted industrial, financial, tourism, biotechnology, research, and trade sectors, cybersecurity company F6 said in an analysis published last week.
The attack chain involves ]]></description>
        <enclosure url="http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3W5z25Hk46W7WFVmyS2iSNtOYmAK4fRnhASGkeouZ2_UJ3B6D8rD8uIIvq4rNV8utNMz4BH8PM0IjVxU9eHafMyt_lGCbyWSN8LIV1u5Sx0cJCJ9s6jQWnEk7ylgTAd-vAv2mtZ4mm7iywqSAn2uWPuVdUkcPavvtYENojp_ixrgpvxO0wc63b8khjQ_D/s1600/pdf-malware.jpg" length="49398" type="image/jpeg"/>
        <pubDate>Thu, 25 Sep 2025 18:11:53 +0700</pubDate>
        <dc:creator>sakidlo</dc:creator>
        <media:keywords>ComicForm, and, SectorJ149, Hackers, Deploy, Formbook, Malware, Eurasian, Cyberattacks</media:keywords>
    </item>
    </channel>
</rss>