Brier & Thorn

12/08/2025

The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes. #2025

MuddyWater’s UDPGangster malware uses macro phishing & UDP channels for remote control, data theft, payload delivery in Turkey, Israel & Azerbaijan.

12/08/2025

A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence. #2025

Active exploits target Sneeit plugin CVE-2025-6389 and ICTBroadcast CVE-2025-2611, enabling RCE, backdoors, and Frost DDoS botnet delivery.

12/08/2025

Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher, as another upgraded version of ClayRat has been spotted in the wild. #2025

Researchers detail FvncBot, SeedSnatcher, and a stronger ClayRat that widen Android data theft and device control tactics.

12/03/2025

In just three months, the massive launched more than 1,300 distributed denial-of-service attacks, one of them setting a new record with a peak at 29.7 terabits per second. #2025

In just three months, the massive Aisuru botnet launched more than 1,300 distributed denial-of-service attacks, one of them setting a new record with a peak at 29.7 terabits per second.

12/03/2025

Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting , , and , and features malicious functionality to stealthily execute on developer machines by masquerading as an (EVM) unit helper tool. #2025

Researchers found a fake Ethereum helper package on crates.io that secretly downloaded OS-specific payloads and executed them on developer machines.

12/03/2025

Three critical security flaws have been disclosed in an open-source utility called that could allow malicious actors to execute arbitrary code by loading untrusted models, effectively bypassing the tool's protections. #2025

Picklescan flaws allowed attackers to bypass scans and execute hidden code in malicious PyTorch models before the latest patch.

12/02/2025

Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners. #2025

Malicious npm package mimics an ESLint plugin, embeds an AI-tricking prompt, and steals environment variables via a post-install script.

12/02/2025

The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue. #2025

GlassWorm spreads again using 24 fake extensions across Visual Studio Marketplace and Open VSX, hiding Rust implants & Solana-based C2 to target devs.

12/02/2025

A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and http://any.run?utm_campaign=meetedgar&utm_medium=social&utm_source=meetedgar.com, a solution for interactive malware analysis and threat intelligence, has uncovered one of North Korea's most persistent infiltration schemes: a network of remote IT workers tied to Lazarus Group's Famous Chollima division. #2025
https://thehackernews.com/2025/12/researchers-capture-lazarus-apts-remote.html?utm_campaign=meetedgar&utm_medium=social&utm_source=meetedgar.com

12/01/2025

, Japan’s largest beer producer, has finished the investigation into the September cyberattack and found that the incident has impacted up to 1.9 million individuals. #2025
https://www.bleepingcomputer.com/news/security/japanese-beer-giant-asahi-says-data-breach-hit-15-million-people/?utm_campaign=meetedgar&utm_medium=social&utm_source=meetedgar.com
http://www.brierandthorn.com?utm_campaign=meetedgar&utm_medium=social&utm_source=meetedgar.com

Asahi Group Holdings, Japan's largest beer producer, has finished the investigation into the September cyberattack and found that the incident has impacted up to 1.9 million individuals.

12/01/2025

The U.S. Cybersecurity and Infrastructure Security Agency has updated its Known Exploited Vulnerabilities (KEV) catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation. #2025

CISA flags active exploitation of CVE-2021-26829 as TwoNet and OAST operations drive widespread scanning.

12/01/2025

The threat actor known as has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish remote access and deploy additional tools. #2025

Tomiris is using public-service C2 implants and new phishing chains to stealthily deploy multi-language malware across targeted government networks.