"Cyberattacks are getting smarter and harder to stop. This week, hackers used sneaky tools, tricked trusted systems, and quickly took advantage of new security problems-some just hours after being found. No system was fully safe. From spying and fake job scams to strong ransomware and tricky phishing, the attacks came from all sides. Even encrypted backups and secure areas were put to the test."
"Motex Lanscope Flaw Exploited to Drop Gokcpdoor - A suspected Chinese cyber espionage actor known as Tick has been attributed to a target campaign that has leveraged a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager (CVE-2025-61932, CVSS score: 9.3) to infiltrate target networks and deploy a backdoor called Gokcpdoor. Sophos, which disclosed details of the activity, said it was "limited to sectors aligned with their intelligence objectives.""
"TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves - A low-cost physical side-channel attack has been found to break the confidentiality and security guarantees offered by modern Trusted Execution Environments (TEEs) from Intel and AMD, enabling full extraction of cryptographic keys and subversion of secure attestation mechanisms. The attack, codenamed TEE.fail, exploits deterministic encryption and DDR5 bus interposition to successfully bypass protections in Intel's SGX and TDX, as well as AMD's SEV-SNP, by eavesdropping on memory transactions using a homemade logic analyzer setup built for under $1,000."
Cyberattacks are increasingly sophisticated, leveraging stealthy tools, trusted systems, and rapid exploitation of newly discovered vulnerabilities, leaving no system fully safe. Attacks included espionage, fake job scams, potent ransomware, and advanced phishing that targeted backups and secure environments. A critical Motex Lanscope Endpoint Manager flaw (CVE-2025-61932, CVSS 9.3) enabled a suspected Chinese actor named Tick to deploy a backdoor called Gokcpdoor against intelligence-aligned sectors. A low-cost physical side-channel, TEE.fail, enables extraction of cryptographic keys from Intel and AMD DDR5-based TEEs by eavesdropping on memory transactions, though it requires physical access and kernel-level privileges. Russian-linked actors used ordinary administrative tools to stealthily breach Ukrainian networks.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]