Check Point Research is tracking a sophisticated phishing campaign by APT29 (Cozy Bear), a Russia-linked group targeting European diplomatic entities. The attackers impersonate a European foreign affairs ministry to send fake event invites, often for wine tastings.

They use a new initial-stage loader, GRAPELOADER, and an upgraded version of their previous backdoor, WINELOADER. GRAPELOADER handles initial access and stealth, while WINELOADER operates in later stages.

Both share technical similarities, but GRAPELOADER enhances anti-analysis and stealth capabilities.

https://research.checkpoint.com/2025/apt29-phishing-campaign/

Bob Lord, Senior Technical Advisor at the Cybersecurity and Infrastructure Security Agency (CISA), announced his departure from the agency.

Johannes Willbold - Cracking the final frontier: Reverse engineering and exploiting LEO satellites

https://www.youtube.com/watch?v=gt9YaeWzbpc

Automated AI Reverse Engineering with MCP for IDA and Ghidra (Live VIBE RE)

https://www.youtube.com/watch?v=iFxNuk3kxhk

Aikido Intel reports malicious versions of the official xrpl NPM package - used widely for XRP Ledger development. Attackers inserted a crypto-stealing backdoor, posing a serious threat to countless apps and wallets relying on the package.

https://www.aikido.dev/blog/xrp-supplychain-attack-official-npm-package-infected-with-crypto-stealing-backdoor

How I Used AI to Create a Working Exploit for CVE-2025-32433 Before Public PoCs Existed - Matthew Keeley

https://platformsecurity.com/blog/CVE-2025-32433-poc

Sharon Brizinov earned $64k in bug bounties by automating the scanning of public GitHub repositories for leaked secrets. He restored deleted files, found dangling blobs, and unpacked .pack files to uncover exposed API keys, tokens, and credentials.

https://medium.com/@sharon.brizinov/how-i-made-64k-from-deleted-files-a-bug-bounty-story-c5bd3a6f5f9b

Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) - watchTowr Labs

https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028

"In one practice firing test, we found that if the rate of the fire of the gun crossed a certain threshold, that gun got blocked. There was a chip in that that during a war it will stop a gun from firing...... Any small impact on hardware or software can definitely lead to a military defect." — Lt. General (Dr.) Rajesh Pant

https://www.youtube.com/watch?v=iEqs1Wgt_Fo

Few European countries, notably France, Spain, and Portugal, experienced major power outages that impacted millions. Although the exact cause is still being investigated by authorities, there are reports and speculation pointing to possible involvement by cybercriminals.

https://www.politico.eu/article/spain-portugal-power-blackouts-energy-electricity/

OSINT-driven Popularity Scoring of Global Vulnerability Identifiers - A valuable metric for tracking trending vulnerabilities and public exploits for CVE, CNNVD & BDU.

https://github.com/ARPSyndicate/cnnvd-scores
https://github.com/ARPSyndicate/bdu-scores
https://github.com/ARPSyndicate/cve-scores

A red team exercise simulating cyberattacks on critical infrastructure by reversing SCADA.

https://vrls.ws/posts/2025/04/red-team-compromising-critical-infrastructure-by-reversing-scada-software/

Docker remains the top target among services trapped by Darktrace honeypots, consistently drawing attacks from emerging malware strains. This blog delves into a recent campaign with an unusual obfuscation method and an innovative cryptojacking technique.

https://www.darktrace.com/blog/obfuscation-overdrive-next-gen-cryptojacking-with-layers

Awesome Intelligence got stargazed by 2000+ OSINT enthusiasts 😍

https://www.github.com/ARPSyndicate/awesome-intelligence

Stealing Telegram OTPs Using SMS Relays

https://medium.com/@cyberletmewin/how-i-could-steal-telegram-otps-using-sms-relays-4672769c98e3

Puncia v0.32 is out! 🎉
Boost your cyber intelligence game with:

🌐 Attack surface mapping
🔍 Exploit discovery
⚙️ CVE/GHSA enrichment
🤖 Summarization & code gen
✍️ Auto advisory creation
🧾 SBOM analysis
🔄 CI/CD & threat intel integration
🛰️ Nation-state threat tracking
🛡️ Brand protection
📦 Bulk threat intel processing
🕵️ Passive recon & OSINT
📰 Auto-summarized security blogs
🌍 Multilingual intel delivery

https://github.com/ARPSyndicate/puncia

Paying for your VPS with Monero doesn’t mean you’re anonymous. This video explains why financial privacy isn’t the same as operational security and how assuming otherwise can expose you.

https://youtube.com/watch?v=OqzMrhcMcUM

A hacker has stolen customer data from TeleMessage, an obscure Israeli company that sells modified messaging apps to the U.S. government. The breach includes messages from its versions of Signal, WhatsApp, Telegram, and WeChat. TeleMessage recently gained attention after Mike Waltz revealed he used it in a meeting with Trump.

https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/

This bug is one of the most dangerous types of bugs that exist, a wormable RCE in the apple airplay protocol. This video explains what a UAF is, what a Type Confusion is, and how Rust may have fixed it.

https://www.youtube.com/watch?v=AZ0WM6U48lI

Micah Lee analyses the source code for the unofficial Signal app used by Trump officials.

https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/