Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

A sophisticated voice phishing operation has emerged as a significant threat to organizations worldwide, with cybercriminals successfully infiltrating Salesforce environments to steal sensitive data and demand ransom payments. Google’s Threat Intelligence Group has identified this financially motivated campaign, designating the…

Read more →

QNAP Systems has released security patches to address multiple vulnerabilities affecting QVR firmware in legacy VioStor Network Video Recorder (NVR) systems. The company disclosed two significant security flaws on August 29, 2025, urging users to update their systems immediately to…

Read more →

Security researcher Kevin Beaumont has revealed alarming details about CVE-2025-6543, a critical Citrix NetScaler vulnerability that was actively exploited as a zero-day attack for months before the company issued patches. What Citrix initially downplayed as a simple “denial of service”…

Read more →

Amazon’s cybersecurity team has successfully disrupted a sophisticated watering hole campaign orchestrated by APT29, a notorious hacking group linked to Russia’s Foreign Intelligence Service. The August 2025 operation represents the latest chapter in an ongoing cyber warfare battle between tech…

Read more →

WhatsApp has issued a critical security advisory addressing a newly discovered zero-day vulnerability, tracked as CVE-2025-55177, which has been exploited in highly sophisticated zero-click attacks targeting Mac and iOS users. The vulnerability, combined with an OS-level flaw (CVE-2025-43300), has raised…

Read more →

A clandestine campaign in which threat actors are weaponizing a legitimate-looking PDF document, titled “국가정보연구회 소식지 (52호)” (National Intelligence Research Society Newsletter – Issue 52), alongside a malicious Windows shortcut (LNK) file named 국가정보연구회 소식지(52호).pdf.LNK. The attackers distribute both files…

Read more →

A sophisticated backdoor in AppSuite PDF Editor that enables threat actors to execute arbitrary commands on compromised Windows systems. Initially flagged as a potentially unwanted program due to its aggressive installation behavior, AppSuite’s true nature was revealed when its malicious…

Read more →

A recently uncovered vulnerability in the Visual Studio Code (VS Code) Marketplace has allowed malicious actors to hijack discontinued extension names and slip malware past unsuspecting developers. In June, ReversingLabs (RL) researchers discovered a new malicious extension, ahbanC.shiba, that bore…

Read more →

Virustotal today unveiled a powerful addition to its Code Insight suite: a dedicated API endpoint that accepts code snippets—either disassembled or decompiled—and returns succinct summaries and detailed descriptions tailored for malware analysts. Launched over two years after the debut of…

Read more →

On August 28, 2025, the Hikvision Security Response Center (HSRC) issued Security Advisory SN No. HSRC-202508-01, detailing three critical vulnerabilities affecting various HikCentral products. Collectively assigned CVE identifiers CVE-2025-39245, CVE-2025-39246, and CVE-2025-39247, these vulnerabilities range in severity from moderate to…

Read more →

A widespread supply chain attack on the popular Nx build system has compromised dozens of high-traffic packages, exposing sensitive credentials and demonstrating a frighteningly comprehensive approach to future threats. Security researchers have confirmed that malicious versions of Nx—numbered 20.9.0 through…

Read more →

In a significant data breach disclosed by TransUnion LLC, more than 4.4 million consumers had sensitive personal information compromised in late July 2025. The credit reporting agency, headquartered at 555 W. Adams Street in Chicago, Illinois, revealed the incident on…

Read more →

In a concerning development for enterprise security, cybercriminals have begun exploiting Microsoft Teams—long trusted as an internal messaging and collaboration tool—to deliver PowerShell-based malware and gain unauthorized remote access to Windows systems. By impersonating IT support personnel and leveraging social…

Read more →

DPRK IT workers have leveraged popular code-sharing platforms such as GitHub, CodeSandbox, and Medium to cultivate convincing developer portfolios and land remote positions under fabricated identities. Investigations reveal approximately 50 active GitHub profiles operated by North Korean actors, supplemented by…

Read more →

Cybercriminals are increasingly turning their sights from desktop to mobile, exploiting Meta’s advertising platform to distribute a sophisticated Android banking trojan disguised as a free TradingView Premium app. Bitdefender Labs warns that these threat actors have shifted tactics after months…

Read more →

A sophisticated new Mac malware campaign has emerged that exploits users’ trust in free online PDF conversion tools, demonstrating how cybercriminals continue to evolve their tactics to bypass modern security measures. Cybersecurity firm Mosyle has exclusively disclosed the discovery of…

Read more →

A sophisticated new Mac malware campaign has emerged that exploits users’ trust in free online PDF conversion tools, demonstrating how cybercriminals continue to evolve their tactics to bypass modern security measures. Cybersecurity firm Mosyle has exclusively disclosed the discovery of…

Read more →

A sophisticated campaign by the Silver Fox APT group that exploits a previously unknown vulnerable driver to bypass endpoint detection and response (EDR) and antivirus solutions on fully updated Windows 10 and 11 systems. Check Point Research (CPR) revealed on…

Read more →

When web application protection is no longer a million-dollar luxury, and when every developer can build their own security perimeter with just a few clicks—that is when cybersecurity truly fulfills its mission. As a penetration tester, I’ve used zero-days to…

Read more →

The State of Nevada became the target of a significant cyberattack which resulted in a substantial network security incident impacting government infrastructure across multiple agencies. According to an official communication from the Governor’s Technology Office, state officials rapidly identified the…

Read more →

Cisco has released urgent security updates to remediate a high-severity vulnerability in its Integrated Management Controller (IMC) virtual keyboard video monitor (vKVM) module that could allow unauthenticated, remote attackers to hijack sessions and redirect users to malicious websites. The flaw,…

Read more →

Cisco has released urgent security updates to remediate two medium-severity command injection vulnerabilities in its UCS Manager Software that could allow authenticated administrators to execute arbitrary commands and compromise system integrity. Disclosed on August 27, 2025, the advisory (cisco-sa-ucs-multi-cmdinj-E4Ukjyrz) affects…

Read more →

Researchers from the Counter Threat Unit (CTU) at Sophos uncovered a sophisticated intrusion where threat actors repurposed the legitimate open-source Velociraptor digital forensics and incident response (DFIR) tool to establish unauthorized remote access within targeted networks. Velociraptor, designed for endpoint…

Read more →

Data I/O Corporation, a well-known electronics firm that specializes in device programming and security provisioning solutions, revealed a ransomware attack that penetrated its internal IT infrastructure in a major cybersecurity event. The incident, detected on August 16, 2025, prompted an…

Read more →

Anthropic, a leading AI research company, has successfully disrupted multiple attempts by cybercriminals to misuse its Claude AI model for sophisticated cyberattacks, as detailed in their latest Threat Intelligence report. The company has implemented advanced safeguards, including real-time classifiers and…

Read more →

The SpiderLabs Threat Hunt Team recently discovered a cyber campaign in which threat actors used the genuine ScreenConnect remote management application as a weapon to spread the Xworm Remote Access Trojan (RAT) through a multi-phase infection chain. The attack begins…

Read more →

FreePBX administrators worldwide have been urged to immediately disable public internet access to their systems after a critical 0-day vulnerability was discovered in the commercial Endpoint Manager module. The Sangoma FreePBX Security Team confirmed that attacker-controlled exploit code can gain…

Read more →

Cybersecurity experts discovered an advanced persistent threat (APT) cluster called ShadowSilk in a thorough research published by Group-IB. Since at least 2023, this group has been actively breaching government institutions in Central Asia and the Asia-Pacific area. The group’s operations,…

Read more →

The notorious Lazarus advanced persistent threat (APT) organization, which Qi’anxin internally tracks as APT-Q-1, has been seen using the ClickFix technique to penetrate Windows 11 and macOS systems in a sophisticated progression of social engineering attacks. Known for high-profile incidents…

Read more →

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on Russian national Vitaliy Sergeyevich Andreyev, DPRK official Kim Ung Sun, Chinese entity Shenyang Geumpungri Network Technology Co., Ltd. DPRK-based Korea Sinjin Trading Corporation for…

Read more →

PromptLock, a novel ransomware strain discovered by the ESET Research team, marks the first known instance of malware harnessing a local large language model to generate its malicious payload on the victim’s machine. Rather than carrying pre-compiled attack logic, PromptLock…

Read more →

Experts have described methods for mimicking the strategies of the advanced persistent threat (APT) group Scattered Spider in a recent in-depth analysis by cybersecurity company Lares, allowing enterprises to strengthen their defenses through adversarial cooperation. Lares specializes in threat emulation,…

Read more →

Cisco has issued a high-severity security advisory warning of a dangerous vulnerability in its Nexus 3000 and 9000 Series switches that could allow attackers to trigger denial of service (DoS) attacks through crafted network packets. The vulnerability, tracked as CVE-2025-20241 and assigned…

Read more →

Microsoft Threat Intelligence has detailed the evolving tactics of the financially motivated threat actor Storm-0501, which has transitioned from traditional on-premises ransomware deployments to sophisticated cloud-based operations. Unlike conventional ransomware that relies on endpoint encryption malware and subsequent decryption key…

Read more →

Akamai researchers evaluated Microsoft’s patch for the BadSuccessor vulnerability (CVE-2025-53779) to determine its scope and limitations. While the update effectively blocks the original direct escalation path, the core mechanics of BadSuccessor remain exploitable under specific conditions. In this article, we…

Read more →

Cybersecurity researchers at Truesec have uncovered a sophisticated malware campaign distributing a weaponized PDF editor under the guise of “AppSuite PDF Editor.” This operation, which began on June 26, 2025, involves multiple websites promoting the software as a free utility…

Read more →

A recent investigation has uncovered that relying solely on large language models (LLMs) to generate application code can introduce critical security vulnerabilities, according to a detailed blog post published on August 22, 2025. The research underscores that LLMs, which are…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert after detecting active exploitation of a critical zero-day remote code execution (RCE) vulnerability in Citrix NetScaler devices. Designated CVE-2025-7775, the flaw stems from a memory overflow in NetScaler’s…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) unveiled a comprehensive Cybersecurity Advisory (CSA) designed to empower network defenders to detect, hunt, and mitigate the activities of advanced persistent threat (APT) actors linked to the People’s Republic of China. Drawing on…

Read more →

A widespread service disruption is currently affecting Microsoft Teams users across the globe, preventing access to embedded Office documents within the collaboration platform. The issue, which began surfacing, has created significant workflow interruptions for organizations relying on seamless document integration. Core Functionality…

Read more →

A critical zero-day remote code execution (RCE) vulnerability is currently threatening the security of over 28,000 Citrix instances worldwide. The flaw, designated as CVE-2025-7775, is being actively exploited by threat actors, prompting urgent security warnings from cybersecurity authorities and immediate action requirements from…

Read more →

South Korean authorities have successfully extradited a key suspect in a large-scale hacking operation that resulted in the embezzlement of over 38 billion won (approximately $28.5 million USD) from high-profile victims. The individual, identified as Mr. G, a 34-year-old Chinese…

Read more →

Path traversal flaws like Zip Slip, which give hackers the ability to alter file systems while decompressing, remain a serious danger in the ever-changing world of cybersecurity threats. This vulnerability, stemming from inadequate input validation in compression utilities, enables adversaries…

Read more →

Cybersecurity researchers at Huntress identified a novel ransomware variant dubbed Cephalus, deployed in two separate incidents targeting organizations lacking robust access controls. This emerging threat, which claims its name from Greek mythology symbolizing inevitable tragedy, leverages exposed Remote Desktop Protocol…

Read more →

NVIDIA released a security bulletin for NVIDIA® NeMo Curator addressing a high-severity vulnerability (CVE-2025-23307) that affects all prior versions of the Curator software. The flaw, rooted in improper handling of user-supplied files, allows a maliciously crafted file to be processed…

Read more →

The threat actor known as TAG-144, also referred to as Blind Eagle or APT-C-36, has been linked to five distinct activity clusters operating from May 2024 through July 2025, primarily targeting Colombian government entities at local, municipal, and federal levels.…

Read more →

Threat actors are leveraging the trusted brand of Indonesia’s state pension fund, PT Dana Tabungan dan Asuransi Pegawai Negeri (Persero), or TASPEN, to deploy a malicious Android application disguised as an official portal. This banking trojan and spyware targets pensioners…

Read more →

Spotify this week unveiled a new Direct Messaging feature, enabling users to share songs, podcasts and audiobooks within the app. While the move promises streamlined recommendations and deeper engagement among friends, it also raises fresh security and privacy considerations. Rolling out to…

Read more →

The Underground ransomware gang has been coordinating recurring attacks on enterprises throughout the globe in a worrying increase in cyber risks. They have demonstrated sophisticated malware engineering that blends cutting-edge encryption techniques with focused penetration measures. First detected in July…

Read more →

Nagios has addressed a significant cross-site scripting (XSS) vulnerability in its enterprise monitoring platform Nagios XI that could allow remote attackers to execute arbitrary JavaScript code in users’ browsers. The security flaw, discovered in the Graph Explorer feature, was patched…

Read more →

A large-scale cybercrime conspiracy known as ShadowCaptcha was made public by cybersecurity researchers at Israel’s National Digital Agency. This campaign exploits the ClickFix technique, deploying deceptive CAPTCHA interfaces mimicking legitimate services like Cloudflare or Google to manipulate users into running…

Read more →

A critical vulnerability in IPFire 2.29’s web-based firewall interface (firewall.cgi) allows authenticated administrators to inject persistent JavaScript code, leading to session hijacking, unauthorized actions, or internal network pivoting. Tracked as CVE-2025-50975, this stored cross-site scripting (XSS) flaw poses significant risk…

Read more →

The Government Accountability Project submitted a protected disclosure from Charles Borges—SSA’s Chief Data Officer—to the Office of Special Counsel and congressional oversight committees. Borges reports that since DOGE’s inception in January 2025, its officials have systematically circumvented SSA’s normal review…

Read more →

A newly documented cache deception attack leverages mismatches in path normalization and delimiter handling between caching layers and origin servers to expose sensitive endpoints and steal authentication tokens. Researchers have demonstrated how subtle discrepancies in URL processing can trick a…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) released three Industrial Control Systems (ICS) advisories on August 26, 2025, detailing nine critical vulnerabilities in INVT VT-Designer and HMITool (CVSS v4 8.5). Multiple flaws in Schneider Electric Modicon M340 controllers (CVSS v4…

Read more →

Google has released an urgent security update for the Chrome Stable channel to address a critical use-after-free vulnerability in the ANGLE graphics library that could allow attackers to execute arbitrary code on vulnerable systems. The fixes arrive as part of Chrome Stable…

Read more →

Google Threat Intelligence Group (GTIG) has issued an advisory concerning a broad data theft operation targeting corporate Salesforce instances via the Drift integration. Beginning as early as August 8, 2025, UNC6395 leveraged valid access and refresh tokens associated with the…

Read more →

Cloud Software Group has issued an emergency security bulletin warning of active exploitation targeting three critical vulnerabilities in NetScaler ADC and NetScaler Gateway products. The vulnerabilities, tracked as CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424, present severe security risks including remote code execution and denial of service capabilities.…

Read more →

Check Point Research has uncovered a highly persistent phishing operation dubbed ZipLine, which reverses traditional attack vectors by exploiting victims’ own “Contact Us” web forms to initiate seemingly legitimate business communications. Targeting primarily U.S.-based manufacturing companies in supply chain-critical sectors,…

Read more →

Researchers have unveiled ONEFLIP, a novel inference-time backdoor attack that compromises full-precision deep neural networks (DNNs) by flipping just one bit in the model’s weights, marking a significant escalation in the practicality of hardware-based attacks on AI systems. Unlike traditional…

Read more →

Cybersecurity landscapes are undergoing a paradigm shift as threat actors increasingly deploy agentic AI systems to orchestrate sophisticated social engineering attacks. Unlike reactive generative AI models that merely produce content such as deepfakes or phishing emails, agentic AI exhibits autonomous…

Read more →

Securden Unified PAM is a comprehensive privileged access management platform that is used to store, manage, and monitor credentials across human, machine, and AI identities in a variety of environments. Security researchers discovered four critical vulnerabilities in this platform during…

Read more →

A significant milestone for cybersecurity experts is the disclosure of specific tactics, methods, and procedures (TTPs) used by Mustang Panda, an advanced persistent threat (APT) group based in China, which has illuminated their intricate activities. First observed in 2017 but…

Read more →

Zimperium’s zLabs research team has identified a sophisticated new variant of the Hook Android banking trojan, marking a significant escalation in mobile threat sophistication. This iteration incorporates ransomware-style overlays that display extortion messages, demanding payments via dynamically fetched wallet addresses…

Read more →

Google has announced that all Android apps installed on approved devices will soon need to be able to be traced back to a verified developer identity in an effort to combat the growing wave of financial fraud operations and mobile…

Read more →

CYFIRMA researchers have uncovered a campaign they have codenamed “OneFlip”, an operation that demonstrates how a single-bit modification inside a seemingly benign file can be enough to re-pivot a neural-network-driven security workflow and open a backdoor on the underlying host.…

Read more →

Cybersecurity incidents increasingly exploit human vulnerabilities, including those of privileged users, as demonstrated in recent compromises involving trojanized versions of the PuTTY SSH client distributed through malvertising on Microsoft’s Bing search engine. LevelBlue’s Managed Detection and Response (MDR) Security Operations…

Read more →

A proof-of-concept exploit for a high-severity Google Chrome zero-day vulnerability has been published publicly, less than three months after the flaw was first disclosed, amid reports of active in-the-wild exploitation. The vulnerability, tracked as CVE-2025-5419, stems from out-of-bounds reads and…

Read more →

Microsoft today announced the public preview of a new VM Conversion extension for Windows Admin Center, enabling IT administrators to migrate virtual machines from VMware vCenter to Hyper-V with minimal downtime. Available at no cost during its preview phase, the lightweight tool…

Read more →

Cybersecurity researchers have identified a resurgence of SpyNote malware campaigns targeting Android users through sophisticated fake Google Play Store websites. The malicious actor behind these attacks has implemented new anti-analysis techniques and expanded their deceptive tactics since previous reports, demonstrating…

Read more →

A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in the popular PhpSpreadsheet library, allowing attackers to inject malicious HTML input when processing spreadsheet documents. The vulnerability, assigned CVE-2025-54370, affects multiple versions of the phpoffice/phpspreadsheet package and carries a high severity rating with CVSS…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical vulnerability in Git (CVE-2025-48384) that enables arbitrary file writes and has already been observed in active exploitation campaigns. The flaw arises from Git’s inconsistent handling…

Read more →

Threat actors are increasingly refining Android droppers to circumvent enhanced security measures, extending their utility beyond sophisticated banking trojans to simpler malware variants like SMS stealers and basic spyware. Historically, droppers served as innocuous entry points for payloads requiring elevated…

Read more →

A critical security risk has emerged for Windows users of WhatsApp Desktop who also have Python installed. Attackers can exploit a flaw in how WhatsApp Desktop handles .pyz (Python archive) files, delivering arbitrary code execution on the victim’s machine with a single…

Read more →

A comprehensive study examining the location data practices of the top 10 social media platforms has uncovered concerning patterns of user tracking that extend far beyond what most users realize. The research, which analyzed App Store disclosures from major platforms…

Read more →

Maryland’s transit network experienced widespread disruption this week after a sophisticated cyberattack targeted critical information systems, forcing the Maryland Transit Administration (MTA) and the Department of Information Technology (DoIT) to scramble containment efforts. While most core services remain operational, significant…

Read more →

French retail giant Auchan announced on August 21 that it fell victim to a cyberattack that resulted in the theft of loyalty account information belonging to several hundred thousand customers. The company revealed in an official statement that attackers accessed personal data such as…

Read more →

A sophisticated scanning campaign has escalated dramatically, with threat intelligence firm GreyNoise detecting over 30,000 unique IP addresses simultaneously probing Microsoft Remote Desktop Protocol (RDP) services on August 24, 2024. This represents a significant expansion from an initial wave of nearly 2,000…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security alert after adding three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on August 25, 2025. The alert highlights active exploitation of two serious Citrix Session Recording…

Read more →

Google Classroom, a popular educational platform, has been exploited by threat actors to launch a major phishing campaign in a complex operation discovered by Check Point researchers. Over a single week from August 6 to August 12, 2025, attackers disseminated…

Read more →

FortiGuard Labs has uncovered a sophisticated malware campaign targeting critical infrastructure devices from multiple vendors, with the “Gayfemboy” malware strain demonstrating advanced evasion techniques and multi-platform capabilities. The campaign affects organizations globally, exploiting vulnerabilities in DrayTek, TP-Link, Raisecom, and Cisco…

Read more →

Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have uncovered a persistent campaign where attackers distribute proxyware malware through fake YouTube video download pages. This operation, which mimics legitimate video downloading services, tricks users into installing malicious executables disguised as…

Read more →

The National Iranian Tanker Company (NITC) and Islamic Republic of Iran Shipping Lines (IRISL), two sanctioned companies, are the operators of 64 boats, 39 tankers, and 25 cargo ships that were compromised in a targeted attack on Iran’s maritime infrastructure…

Read more →

Scammers are using Google Ads to pose as Tesla in an elaborate cybercrime campaign that aims to obtain illicit preorders for the company’s unreleased Optimus humanoid robot and other items. These deceptive sponsored listings appear prominently in search results for…

Read more →

Cybersecurity researchers have uncovered a persistent campaign deploying the AndroidOS SpyNote malware, a sophisticated Remote Access Trojan (RAT) designed for surveillance, data exfiltration, and remote device control. This operation mimics legitimate Google Play Store pages for popular Android apps, tricking…

Read more →

A significant data dump surfaced on DDoSecrets.com, purportedly extracted from a workstation belonging to a threat actor targeting organizations in South Korea and Taiwan. The leak, detailed in an accompanying article, attributes the activity to the North Korean advanced persistent…

Read more →

Security researcher Mattia “0xbro” Brollo disclosed a trio of severe vulnerabilities in vtenext CRM (versions 25.02 and earlier) that enable unauthenticated attackers to completely bypass login controls and execute arbitrary code on affected installations. Although vtenext quietly patched one of…

Read more →

Doctor Web’s antivirus laboratory has identified a sophisticated Android backdoor malware, designated Android.Backdoor.916.origin, which has been evolving since its initial detection in January 2025. This multifunctional spyware primarily targets representatives of Russian businesses through targeted attacks rather than mass distribution.…

Read more →

Cybercriminals have unveiled a novel variation of the ClickFix social engineering technique that weaponizes AI-powered summarization tools to stealthily distribute ransomware instructions. By leveraging invisible prompt injection and a “prompt overdose” strategy, attackers embed malicious directives within hidden HTML elements…

Read more →

Dover, DE, United States, August 25th, 2025, CyberNewsWire Attaxion announces the addition of the Agentless Traffic Monitoring capability to its exposure management platform. Agentless Traffic Monitoring is a new capability designed to give cybersecurity teams actionable visibility into network traffic flowing to and…

Read more →

A critical zero-click vulnerability in Zendesk’s Android SDK has been uncovered, enabling attackers to hijack support accounts and harvest every ticket without any user interaction. Discovered during a private bug bounty program, the flaw stems from weak token generation and…

Read more →

A comprehensive operational dump from the North Korean Kimsuky APT organization, also known as APT43, Thallium, or Velvet Chollima, appeared on a dark web forum in an uncommon instance of state-sponsored cyber espionage. This leak, comprising virtual machine images, VPS…

Read more →

Arch Linux—the community-driven, lightweight distribution renowned for its rolling-release model—has confirmed that a distributed denial-of-service (DDoS) attack has been targeting its core infrastructure for over a week. Beginning on August 18, users worldwide have experienced intermittent outages and slowdowns on…

Read more →

Threat actors continue to use Scheduled Tasks and other built-in Windows features to create persistence in the ever-changing world of cybersecurity threats, frequently avoiding the need of external tools or complex zero-day exploits. As of 2025, despite advancements in attack…

Read more →

Microsoft has acknowledged that the August 2025 security update—KB5063878—can cause significant performance degradation on both Windows 11, version 24H2, and supported Windows 10 releases. The company’s Windows release health dashboard confirms reports of severe stuttering, lag, and choppy audio/video playback…

Read more →

Threat actors are increasingly abusing native evaluation and execution functions to conceal and execute malicious payloads within innocent-looking packages on PyPI. Security researchers warn that while static analysis libraries such as hexora can detect many obfuscation techniques, attackers continue innovating ways to…

Read more →

As part of the ongoing analysis of the KorPlug malware family, this second installment focuses on the complex second-stage payload, expanding on earlier discoveries of DLL side-loading methods that use legitimate programs to execute code initially. The payload, a malicious…

Read more →

A federal court has handed down a four-year prison term to a former software developer who sabotaged his employer’s global network with a custom “kill switch,” crippling operations and inflicting hundreds of thousands in losses. Davis Lu, 55, a Chinese…

Read more →

A novel macOS infostealer malware, designated as Mac.c, has emerged as a formidable contender in the underground malware-as-a-service (MaaS) ecosystem. Developed openly by a threat actor operating under the pseudonym “mentalpositive,” Mac.c represents a streamlined derivative of the notorious Atomic…

Read more →

Cybersecurity researchers at the Cofense Phishing Defense Center (PDC) have uncovered a fresh surge in credential harvesting attacks that leverage the reputable cloud-based email service SendGrid to distribute phishing emails. Attackers are exploiting SendGrid’s trusted status, commonly used for transactional…

Read more →