A wave of fake data leak claims is flooding dark web forums, and most of what is being sold turns out to be recycled material from old breaches. Threat actors operating in Chinese-language cybercrime ecosystems are packaging this stale data…
Tag: Cyber Security News
Gremlin Stealer Stores C2 URLs and Exfiltration Paths in Encrypted Resource Sections
A newly analyzed variant of the Gremlin stealer malware has raised alarms by hiding its command-and-control (C2) addresses and data exfiltration paths inside encrypted resource sections of a compiled program. This approach makes the malware harder to detect through traditional…
Void Botnet Uses Ethereum Smart Contracts for Seizure-Resistant C2 Infrastructure
A new botnet called Void has emerged on the cybercrime underground, bringing a troubling twist to how attackers manage their operations remotely. Instead of relying on traditional servers that authorities can seize or shut down, Void Botnet routes its commands…
Hackers Use Fake Income Tax Assessment Pages to Infect Windows Systems
A new threat campaign is targeting Windows users in India by disguising malicious files as official income tax documents. Researchers have tracked the operation under the name TAX#TRIDENT, and it has shown the ability to pivot across multiple delivery methods…
Trapdoor Android Ad Fraud Operation Uses 455 Malicious Apps to Generate Fake Clicks
A large-scale ad fraud operation called Trapdoor has been discovered targeting Android users through 455 malicious apps, quietly generating fake ad clicks and draining real advertising budgets across the digital ecosystem. At its peak, the operation produced 659 million fraudulent…
PinTheft Linux Vulnerability Let Attackers Gain Root Access – PoC Released
A proof-of-concept (PoC) exploit was published for a new Linux Local Privilege Escalation (LPE) vulnerability dubbed “PinTheft.” Discovered by Aaron Esau of the V12 security team, the flaw allows local attackers to gain root access by exploiting an RDS zerocopy…
DevilNFC Android Malware Uses Kiosk Mode to Trap Victims During NFC Relay Attacks
A dangerous new Android malware called DevilNFC has emerged, combining NFC relay attacks with a Kiosk Mode trap that locks victims inside a fake banking screen until their card data is stolen. The malware targets customers across Europe and LATAM…
How to Close the Most Expensive Gap in Your SOC
There is a quiet gap inside many SOCs. It sits between the moment Tier 1 says “this should be escalated” and the moment the response team can actually act on it. Too often, the alert moves forward, but the context does not. …
Critical ExifTool Vulnerability Allows Attackers to Compromise Macs via Single Malicious Image
ExifTool, a ubiquitous open-source utility for reading and writing file metadata, is at the center of a severe security flaw affecting macOS environments. Discovered by Kaspersky’s Global Research and Analysis Team (GReAT) in February 2026, CVE-2026-3102 allows threat actors to…
FreePBX Vulnerability Allow Attackers to Gain Access to User Portals
A critical vulnerability in the open-source IP PBX platform FreePBX could allow unauthenticated attackers to access user portals. The issue, tracked as CVE-2026-46376, affects the User Control Panel (UCP) interface due to hard-coded credentials in the userman module. It impacts…
Pardus Linux Local Privilege Escalation Flaw Allows Silent Root Access
A critical vulnerability chain affecting Pardus Linux has been disclosed, allowing local users to gain full root privileges without authentication. The issue, assigned a CVSS v3.1 score of 9.3, impacts the pardus-update package, a core component responsible for system updates…
Grafana GitHub Breach Linked to TanStack npm Supply Chain Ransomware
Grafana Labs has disclosed a targeted ransomware-linked breach of its GitHub environment, traced to a broader TanStack npm supply chain compromise associated with the “Mini Shai-Hulud” campaign. The incident, detected on May 11, 2026, involved unauthorized access to internal repositories…
Hackers Abuse MSHTA Legacy Windows Tool to Deliver LummaStealer and Amatera Malware
Hackers are exploiting a decades-old Windows tool to deliver dangerous malware onto unsuspecting systems, with consequences ranging from stolen passwords to full system compromise. The tool is MSHTA, short for Microsoft HTML Application Host, a built-in Windows utility that can…
Microsoft Python Client DurableTask Compromised by TeamPCP Hackers
Three consecutive releases of Microsoft’s official Python workflow SDK were poisoned with a multi-cloud credential-stealing worm, continuing the group’s relentless 2026 supply chain campaign. The TeamPCP threat group has struck again this time targeting durabletask, the official Microsoft Python client for…
Hackers Use Single-Letter Go Module Typosquat to Deploy DNS-Based Backdoor
A seemingly innocent typo in a Go module name has been quietly serving a live backdoor for nearly three years. Security researchers uncovered a malicious package called github.com/shopsprint/decimal that impersonates the popular github.com/shopspring/decimal library, differing by just a single letter in its name. The…
GraphWorm Malware Uses Microsoft OneDrive as Command-and-Control Infrastructure
A well-known China-aligned threat group has quietly evolved its attack methods, and its latest toolset reveals just how far it is willing to go to stay hidden. A backdoor called GraphWorm has surfaced as part of this group’s growing arsenal,…
New NGINX Vulnerability Allow Remote Attackers to Trigger Malicious Code
A new vulnerability in NGINX JavaScript (njs), tracked as CVE‑2026‑8711, allows unauthenticated remote attackers to trigger a heap‑based buffer overflow that can lead to denial‑of‑service and, in some conditions, remote code execution in the NGINX worker process. The flaw is…
Microsoft Releases Mitigation for Windows BitLocker Security Bypass 0-Day Vulnerability
Microsoft has disclosed a critical zero-day vulnerability in Windows BitLocker, tracked as CVE-2026-45585, that allows threat actors with physical access to bypass full-disk encryption entirely, potentially exposing sensitive data within minutes. The flaw was publicly disclosed on May 19, 2026,…
Fox Tempest Malware-Signing Service Abused Microsoft Artifact Signing to Certify Malware
A financially motivated threat actor known as Fox Tempest has been operating a sophisticated malware-signing-as-a-service (MSaaS) platform that abused Microsoft’s Artifact Signing infrastructure to generate trusted digital signatures for malicious code. This activity enabled cybercriminals to bypass security controls and…
PoC Exploit Released for 20-Year Old PostgreSQL RCE Vulnerability
A proof-of-concept (PoC) exploit has been publicly released for CVE-2026-2005, a critical remote code execution (RCE) vulnerability affecting PostgreSQL’s pgcrypto extension. The flaw, rooted in legacy code dating back nearly two decades, highlights the long-standing risks associated with memory handling…