Blogs and Articles

Cybercriminals are exploiting the Raksha Bandhan festival globally with a surge of online shopping and phishing scams. They use fake websites, fraudulent gift offers, and imposter messages to trick victims into sharing personal data or making payments. To stay safe, experts advise verifying offers on official channels, using secure payment methods, and reporting fraud promptly to authorities like the National Cyber Crime Reporting Portal.

In July 2025, scammers in India used deepfake videos of influencer “Shweta Sharma” to run over 120 fake investment ads on Facebook and Instagram. The identity was stolen from real public figures, luring users to Telegram channels with false promises of fast stock market returns. Victims lost money in an ongoing cycle of payments. CloudSEK urges public awareness and legal action.

Cybercriminals targeted fans and teams at the 2025 Belgian Grand Prix (July 27, Spa-Francorchamps) with phishing emails, fake ticket sites, streaming scams, and counterfeit merchandise. The event’s popularity and reliance on tech made it a prime cyberattack target. A hacked official email in early 2024 led to major phishing campaigns. Fans and F1 teams are urged to follow strict cybersecurity practices to avoid scams and data theft.

CloudSEK discovered a new Epsilon Red ransomware campaign targeting users globally via fake ClickFix verification pages. Active since July 2025, threat actors use social engineering and impersonate platforms like Discord, Twitch, and OnlyFans to trick users into executing malicious .HTA files through ActiveX. This leads to silent payload downloads and ransomware deployment. Users are urged to disable ActiveX, block attacker IPs, and train against such lures.

In July 2025, CloudSEK analyzed how misinformation and recycled breach data—from forums, media, and researchers—flood threat intel teams with false alarms. High-profile cases like the “16 Billion Credential Leak” and ICMR breach were inflated using old or fake data. This noise wastes up to 25% of security teams’ time. The report offers a clear framework to verify breach legitimacy, reduce alert fatigue, and focus on real, high-priority cyber threats.

A critical flaw (CVE-2025-20309, CVSS 10.0) in Cisco Unified Communications Manager lets attackers gain root access via hard-coded credentials in versions 15.0.1.13010-1 to 13017-1. Over 1,000 internet-exposed assets are at risk globally, especially in the US and Asia. Likely targets include VoIP and government networks. Immediate patching, access restrictions, and log monitoring are strongly advised to prevent system compromise.

CloudSEK uncovered that the Androxgh0st botnet compromised a University of California, San Diego subdomain to host its C2 logger. Active since 2023, the botnet exploits vulnerabilities in Apache Shiro, Spring4Shell, WordPress, IoT devices, and more for remote code execution and cryptomining. Webshells were also deployed for persistence.

CloudSEK uncovered a surge in Iran-linked cyberattacks targeting Israel and its allies. Groups like APT42, APT34, MuddyWater, and hacktivist Handala are conducting espionage, data theft, and DDoS attacks. These actors use phishing, credential theft, and stealthy tools to infiltrate sensitive sectors. CloudSEK advises organizations to patch vulnerabilities, monitor DNS traffic, and enforce zero-trust security policies.

Between June 12–18, 2025, over 35 pro-Iranian hacktivist groups launched coordinated cyberattacks against Israeli military, government, and infrastructure targets, using DDoS, data leaks, and disinformation. Only 4–5 pro-Israel groups responded. These unsophisticated yet widespread attacks continue a year-long trend of exaggeration and recycled data. CloudSEK recommends urgent DDoS mitigation, multi-factor authentication, threat monitoring, and stronger incident response protocols.