Microsoft Patches Actively Exploited Windows Zero-Day as Global Law Enforcement Dismantles Major Cybercrime Rings

International Law Enforcement Takedown 'Operation Endgame' Neutralizes Rhadamanthys Infostealer, VenomRAT, and Elysium Botnet

In a massive international crackdown dubbed 'Operation Endgame,' law enforcement agencies from 11 countries, coordinated by Europol, have dismantled the infrastructure of three major cybercrime-as-a-service platforms: the Rhadamanthys information stealer, the VenomRAT remote access trojan, and the Elysium botnet. The operation resulted in the seizure of over 1,025 servers, the takedown of 20 domains, and the arrest of the main suspect behind VenomRAT. The targeted malware was responsible for infecting hundreds of thousands of computers worldwide, stealing vast amounts of data, including millions in cryptocurrency.

Operation EndgameRhadamanthysVenomRATEuropolCybercrime +3 more

GAME OVER: 'Operation Endgame' Dismantles Global Cybercrime Services

Threat Actor

Malware

Incident Response

Synnovis Confirms Patient Data Stolen in Qilin Ransomware Attack on London Hospitals

Synnovis Confirms Theft of Patient Data Following Devastating Qilin Ransomware Attack in June 2024

Pathology service provider Synnovis has officially confirmed that patient personal data, including names, NHS numbers, and dates of birth, was stolen during the June 2024 ransomware attack attributed to the Qilin gang. The attack caused widespread disruption to London hospitals, leading to the cancellation of over 1,100 procedures. After a lengthy forensic investigation, Synnovis acknowledged the data breach, which followed the attackers leaking approximately 400GB of data. Affected NHS trusts are now beginning the process of notifying individual patients whose information was compromised.

QilinRansomwareData BreachHealthcareSynnovis +2 more

6 min read

Ransomware

Data Breach

Cyberattack

Retailers Unprepared for AI-Powered Cyberattack Tsunami, Report Warns

MEDIUM

New LevelBlue Report Finds Retail Sector Facing Surge in AI-Driven Threats Amidst Critical Preparedness Gap

A new report from managed security provider LevelBlue reveals a troubling state of cybersecurity in the retail sector. The study found that 44% of retailers have experienced a significant increase in cyberattacks, with many feeling unprepared for the next wave of AI-powered threats. Despite 45% of executives expecting AI-driven attacks, only 25% believe their organization is ready to defend against them. The report also highlights major weaknesses in supply chain security, with nearly half of retailers admitting to having poor visibility into their suppliers' security practices, creating significant risk across the industry.

RetailAIArtificial IntelligenceDeepfakeSupply Chain +2 more

Retailers Unprepared for AI-Powered Cyberattack Tsunami, Report Warns

Threat Intelligence

Phishing

Supply Chain Attack

Dell Patches Critical 9.1 CVSS Flaw in Data Lakehouse Platform

CRITICAL

Dell Issues Patch for Critical Privilege Escalation Vulnerability (CVE-2025-46608) in Data Lakehouse

Dell has released a security update to address a critical vulnerability (CVE-2025-46608) in its Data Lakehouse platform, which received a CVSS score of 9.1. The flaw is an improper access control issue that could be exploited by a remote, high-privileged attacker to gain further elevated rights and potentially compromise the entire system. Due to the severity and the potential for a complete confidentiality, integrity, and availability loss, Dell is urging all customers to upgrade to version 1.6.0.0 immediately.

CVE-2025-46608DellData LakehouseVulnerabilityPrivilege Escalation +1 more

Dell Patches Critical 9.1 CVSS Flaw in Data Lakehouse Platform

Vulnerability

Patch Management

CISA KEV Alert: WatchGuard and Triofox Flaws Now Under Active Attack

CISA Adds Actively Exploited WatchGuard Firebox and Gladinet Triofox Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, indicating they are under active attack. The additions include CVE-2025-9242, an out-of-bounds write flaw in WatchGuard Firebox appliances, and CVE-2025-12480, an improper access control vulnerability in Gladinet's Triofox product. The third is the recently disclosed Windows Kernel zero-day, CVE-2025-62215. Federal agencies are now mandated to patch these flaws by a specified deadline, and CISA strongly urges all organizations to prioritize remediation.

CISAKEVCVE-2025-9242CVE-2025-12480WatchGuard +3 more

4 min read

CISA KEV Alert: WatchGuard and Triofox Flaws Now Under Active Attack

Vulnerability

Patch Management

Stealthy Phishing Attack Uses HTML Smuggling & Telegram Bots to Steal Credentials

Phishing Campaign Targets European Organizations with HTML Smuggling and Exfiltrates Credentials via Telegram Bot API

A sophisticated phishing campaign is targeting organizations across Central and Eastern Europe, using HTML smuggling to deliver credential harvesting forms. Researchers at Cyble discovered the attack, which uses malicious HTML file attachments to bypass email security filters. Once a victim enters their credentials into the fake login page, an embedded JavaScript code exfiltrates the data directly to the attackers' private Telegram channels via the Telegram Bot API. This technique makes the campaign highly evasive, as it avoids the use of traditional, blockable C2 infrastructure.