This report analyzes a targeted phishing campaign that successfully bypassed email security filters such as SPF, DKIM, and DMARC by exploiting GitHub’s legitimate notification infrastructure and Google’s sharing links.
As AI automation solutions like OpenClaw remain popular, threat actors are targeting developers who follow popular open-source projects like OpenClaw, aiming to empty their Web3 wallets with promises of fraudulent Airdrops.
We discovered a new BEC infrastructure: What happens when a 20-year-old domain is used in a BEC attack? An analysis of a phishing attack using a malicious SVG File.
KarstoRat (Remote Access Trojan) is an advanced modular malware consisting of 7 different modules, first detected in February 2026. This malware is designed for cyber espionage and financial gain and has been found to operate through a C2 infrastructure located in Germany.
The MaaS (Malware as a Service) model continues to evolve in the world of cybercrime. This new mobile spyware platform, dubbed “ZeroDayRAT” and examined by Cyberthint researchers, allows anyone without technical expertise to become an advanced cyber spy.
This cyber threat intelligence report stats prepared by Cyberthint, which includes important cyber incidents that took place in 2025 at the global level, cases encountered by Cyberthint & Seccops teams, observations and analysis, also includes threat predictions for 2026.
Attacks that exploit regional and cultural elements are on the rise in the cybercrime world. A new Android banking malware called “Frogblight” is running a sophisticated campaign specifically targeting Turkish users.
This analysis covers the social engineering techniques used by Frogblight (fake applications disguised as e-Devlet/UYAP), its technical evolution, and the precautions that institutions/users should take.
In the cybersecurity world, the time between a “patch released” announcement and an “active attack started” warning is getting shorter and shorter. Two critical vulnerabilities (CVE-2025-59718 and CVE-2025-59719) affecting Fortinet devices, which Fortinet announced last week, were actively exploited by threat actors as of December 12, 2025, less than a week after their disclosure.
A Local Privilege Escalation (LPE) vulnerability identified as CVE-2025-66430 with a CVSS 9.1 severity score has been detected in the widely used Plesk platform. This vulnerability allows any Plesk user with limited privileges to inject malicious data into the Apache configuration, enabling them to execute arbitrary commands on the server with root privileges. This poses a risk of cross-contamination to all server commands and customer data, particularly in shared hosting environments.
On November 21, 2025, CrowdStrike, a leading company in the cybersecurity industry, announced that it had successfully neutralized an “insider” attempt to gain access to its systems. This incident goes beyond being an isolated case, signaling a radical shift in the operational strategy of the threat group identifying itself as “Scattered LAPSUS$ Hunters (SLH)”.
As of 2025, North Korea-linked threat actors are emerging not only through financial fraud but also through cyber infiltration strategies involving remote recruitment.
In this case, the Lazarus threat actor’s sub-group “Famous Chollima” attempted to secure a position at a Western tech company using fake resumes and AI-based facial filters.