APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign
A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a…
3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation
A malicious network of YouTube accounts has been observed publishing and promoting videos that lead to malware downloads, essentially abusing…
Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack
Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX…
Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign
The Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to…
Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files
Cybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting organizations…
PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign
Cybersecurity researchers have shed light on the inner workings of a botnet malware called PolarEdge. PolarEdge was first documented by Sekoia…
131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign
Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for…
Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT
The threat actors behind a malware family known as Winos 4.0 (aka ValleyRAT) have expanded their targeting footprint from China and Taiwan to…
North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware
The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its…
Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign
Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently…
North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
A threat actor with ties to the Democratic People's Republic of Korea (aka North Korea) has been observed leveraging the EtherHiding technique…
Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites
A financially motivated threat actor codenamed UNC5142 has been observed abusing blockchain smart contracts as a way to facilitate the…
LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets
An investigation into the compromise of an Amazon Web Services (AWS)-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit…
CISA Warns Of Adobe Experience Manager Forms 0-Day Vulnerability Exploited In Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding a severe code execution vulnerability in…
Operation Zero Disco: Critical Cisco SNMP Flaw (CVE-2025-20352) Used to Implant Linux Rootkits on Switches
researchers from Trend Research have uncovered a sophisticated campaign — dubbed “Operation Zero Disco” — in which…
Critical Samba RCE Flaw CVE-2025-10230 (CVSS 10.0) Allows Unauthenticated Command Injection on AD DCs
The Samba Team has released an urgent advisory addressing two , including a critical command injection (CVE-2025-10230) that could allow…
Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks
New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by…
Capita Fined £14m After 2023 Breach that Hit 6.6 Million People
Capita will not appeal a £14m regulatory penalty for security failings that led to a 2023 data breach impacting nearly seven million…
Sekoia Exposes PolarEdge Backdoor: Custom mbedTLS C2 Compromising Cisco, QNAP, and Synology Devices
Sekoia Threat Detection & Response (TDR) researchers have published an in-depth technical analysis of the PolarEdge Backdoor, a stealthy…
PolarEdge With Custom TLS Server Uses Custom Binary Protocol for C2 Communication
A sophisticated backdoor malware targeting Internet of Things devices has surfaced, employing advanced communication techniques to maintain…
Microsoft October 2025 Patch Tuesday – 4 Zero-days and 172 Vulnerabilities Patched
Microsoft rolled out its October 2025 Patch Tuesday updates, addressing a staggering 172 vulnerabilities across its ecosystem, including four…
UEFI Shell Vulnerabilities Could Let Hackers Bypass Secure Boot on 200,000+ Laptops
Hackers can exploit vulnerabilities in signed UEFI shells to bypass Secure Boot protections on over 200,000 Framework laptops and desktops.…
Hacker Group TA585 Emerges With Advanced Attack Infrastructure
A newly identified cybercriminal group, TA585, has been uncovered by cybersecurity researchers for running one of the most autonomous and…
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels
Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a…
Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain
Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an…
Critical Elastic Cloud Flaw: CVE-2025-37729 (CVSS 9.1) Allows RCE via Jinjava Template Injection
Elastic has released urgent updates for Elastic Cloud Enterprise (ECE) to patch a critical (CVE-2025-37729) that could allow attackers with…
RMPocalypse Flaw (CVE-2025-0033) Bypasses AMD SEV-SNP to Fully Compromise Encrypted VMs
A research team from ETH Zurich has disclosed a critical — CVE-2025-0033, dubbed RMPocalypse — that undermines AMD’s…
Stealth C2: Hackers Abuse Discord Webhooks for Covert Data Exfiltration in npm, PyPI, and RubyGems Supply Chain Attacks
The Socket Threat Research Team has uncovered a growing trend among malicious package developers: leveraging Discord webhooks as…
Spain Arrests Alleged Leader of GXC Team Cybercrime Network
Spanish authorities have arrested a 25-year-old Brazilian national accused of leading the “GXC Team” – a…
New Stealit Malware Campaign Spreads via VPN and Game Installer Apps
Threat actors are conducting a new malicious campaign deploying the Stealit malware via disguised applications, according to Fortinet. The…
Apple Bug Bounty Payouts Can Now Top $5m
Apple has doubled its top award for ethical hacking discoveries to $2m, although security researchers could earn even more if they’re…
Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns
Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone…
In Defense of Good Bots: Good Bots Exist, But Only When We Build Them That Way
The word “bot” doesn’t have the best reputation right now. You hear it and think of election manipulation, fake social media…
Two 7-Zip Flaws Allow Code Execution via Malicious ZIP Files (CVE-2025-11001 & CVE-2025-11002)
The Zero Day Initiative (ZDI) has published details of two critical in the popular open-source compression utility 7-Zip, which could allow…
Ransomware crims that exploited SharePoint 0-days add Velociraptor to their arsenal
The ransomware gang caught exploiting Microsoft SharePoint zero-days over the summer has added a new tool to its arsenal: Velociraptor, an…
Auth Bypass Flaw in Service Finder WordPress Plugin Under Active Exploit
Website owners using the Service Finder WordPress theme and its bundled Bookings plugin must update their software immediately, as a serious…
Threat Actors Exploiting SonicWall SSL VPN Devices in Wild to Deploy Akira Ransomware
Threat actors have reemerged in mid-2025 leveraging previously disclosed vulnerabilities in SonicWall SSL VPN appliances to deploy Akira…
Pro-Russia hacktivist group dies of cringe after falling into researchers' trap
Security researchers say they duped pro-Russia cybercriminals into targeting a fake critical infrastructure organization, which the crew later…
RondoDox Botnet Exploits 50+ Vulnerabilities to Attack Routers, CCTV Systems and Web Servers
Since its emergence in early 2025, RondoDox has rapidly become one of the most pervasive IoT-focused botnets in operation, targeting a wide…
How Chief Technology Officers Can Stay Ahead of Complex Threat Actor Tactics
Cyberattacks are becoming increasingly complex because organizations are more interconnected than ever before while threat actors are better…
175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign
Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential…
Google: Clop Accessed “Significant Amount” of Data in Oracle EBS Exploit
The Clop ransomware group likely began targeting Oracle E-Business Suite (EBS) instances as early as August 9, successfully exfiltrating a…