SolyxImmortal represents a notable advancement in information-stealing malware targeting Windows systems. This Python-based threat combines multiple data theft capabilities into a single, persistent implant designed for long-term surveillance rather than destructive activity. The malware operates silently in the background, collecting…
Tag: Cyber Security News
Attackers Abuse Discord to Deliver Clipboard Hijacker That Steals Wallet Addresses on Paste
A new clipboard hijacker is quietly draining cryptocurrency from gamers and streamers by abusing trust inside Discord communities. The campaign centers on a malicious Windows program shared as a supposed streaming or security tool. Once installed, it silently watches the…
Threat Actors Leverage Google Ads to Weaponize PDF Editor with TamperedChef
A malvertising campaign identified in September 2025 has brought a significant threat to Windows users worldwide. Attackers created fake PDF editing applications and promoted them through Google Ads to distribute a dangerous information-stealing malware called TamperedChef. The malware targets users…
WhisperPair Attack Allows Hijacking of Laptops, Earbuds Without User Consent – Millions Affected
A critical vulnerability in Google’s Fast Pair protocol that allows attackers to hijack Bluetooth audio accessories and track users without their knowledge or consent. Security researchers from KU Leuven have uncovered a vulnerability, tracked as CVE-2025-36911 and dubbed WhisperPair, that…
Critical AVEVA Software Vulnerabilities Enables Remote Code Execution Under System Privileges
Seven vulnerabilities were disclosed in Process Optimization (formerly ROMeo) 2024.1 and earlier on January 13, 2026, including a critical flaw enabling unauthenticated SYSTEM-level remote code execution. The most severe vulnerability enables unauthenticated attackers to achieve remote code execution under system…
Pulsar RAT Using Memory-Only Execution & HVNC to Gain Invisible Remote Access
Pulsar RAT has emerged as a sophisticated derivative of the open-source Quasar RAT, introducing dangerous enhancements that enable attackers to maintain invisible remote access through advanced evasion techniques. This modular Windows-focused remote administration tool represents a significant evolution in threat…
Apache bRPC Vulnerability Enables Remote Command Injection
A critical remote command-injection vulnerability has been discovered in Apache bRPC’s built-in heap profiler service, affecting all versions before 1.15.0 across all platforms. The vulnerability allows unauthenticated attackers to execute arbitrary system commands by manipulating the profiler’s parameter validation mechanisms.…
ChatGPT Go Launched for $8 USD/month With Support for Ads and Privacy Risks
OpenAI’s global rollout of its budget-friendly ChatGPT Go subscription at $8 USD monthly introduces significant data privacy and security considerations for cybersecurity professionals monitoring AI platform access controls. The tiered pricing structure, which includes an ad-supported model for free and…
Google Gemini Privacy Controls Bypassed to Access Private Meeting Data Using Calendar Invite
A significant vulnerability within the Google ecosystem allowed attackers to bypass Google Calendar’s privacy controls using a standard calendar invitation. The discovery highlights a growing class of threats known as “Indirect Prompt Injection,” where malicious instructions are hidden within legitimate…
Remcos RAT Masquerade as VeraCrypt Installers Steals Users Login Credentials
A sophisticated malware campaign targeting South Korean users has emerged, distributing the Remcos remote access trojan (RAT) through deceptive installers disguised as legitimate VeraCrypt encryption software. This ongoing attack campaign primarily focuses on individuals connected to illegal online gambling platforms,…
Inside the Leaks that Exposed the Hidden Infrastructure Behind a Ransomware Operation
The cybercrime world operates in shadows, but when insiders turn against each other, those shadows shrink. In February 2025, an individual using the alias ExploitWhispers surfaced on Telegram and released internal communications from the BlackBasta ransomware group. The leak contained…
Threat Actors Weaponizing Visual Studio Code to Deploy a Multistage Malware
Threat actors are turning Visual Studio Code into an attack platform, using its rich extension ecosystem to slip multistage malware into developer workstations. The latest campaign, dubbed Evelyn Stealer, hides behind a malicious extension that delivers a stealthy information stealing…
Attackers are Using WSL2 as a Stealthy Hideout Inside Windows Systems
Windows Subsystem for Linux 2 (WSL2) is meant to give developers a fast Linux environment on Windows. Now attackers are turning that benefit into a hiding place. By running tools and payloads inside the WSL2 virtual machine, they can operate…
Threat Actors Impersonate as MalwareBytes to Attack Users and Steal Logins
A new malware campaign has emerged that tricks people into downloading fake Malwarebytes software, putting their login credentials and cryptocurrency wallets at serious risk. Security researchers discovered this operation actively spreading between January 11 and January 15, 2026, using specially…
Attackers Redirected Employee Paychecks Without Breaching a Single System
A seemingly simple phone call became the gateway to a sophisticated attack that diverted employee paychecks without any malware or network breach. An organization discovered this fraud when workers reported missing salary deposits. The attacker had modified direct-deposit information to…
Cloudflare Zero-Day Vulnerability Enables Any Host Access Bypassing Protections
A critical zero-day vulnerability in Cloudflare’s Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers through a certificate validation path. Security researchers from FearsOff discovered that requests targeting the /.well-known/acme-challenge/ directory could reach…
New Spear-Phishing Attack Abusing Google Ads to Deliver EndRAT Malware
A new spear-phishing campaign known as Operation Poseidon has emerged, exploiting Google’s advertising infrastructure to distribute EndRAT malware while evading traditional security measures. he attack leverages legitimate ad click tracking domains to disguise malicious URLs, making them appear as trustworthy…
Free Converter Apps that Convert your Clean System to Infected in Seconds
Malicious file converter applications distributed through deceptive advertisements are infecting thousands of systems with persistent remote access trojans (RATs). These seemingly legitimate productivity tools perform their advertised functions while secretly installing backdoors that give attackers continuous access to victim computers.…
5 Malicious Chrome Extensions Attacking Enterprise HR and ERP Platforms for Complete Takeover
Five coordinated malicious Chrome extensions have emerged as a sophisticated threat to enterprise security, targeting widely-used human resources and financial platforms used by thousands of organizations worldwide. These extensions operate in concert to steal authentication tokens, disable security controls, and…
CIRO Confirms Data Breach – 750,000 Canadian Investors Have been Impacted
Approximately 750,000 Canadian investors were affected by a sophisticated phishing attack first disclosed in August 2025. The self-regulatory organization announced the full extent of the breach on January 14, 2026. After completing a comprehensive forensic investigation spanning over 9,000 hours…