Introduction This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ClickFix Attacks Still Using the Finger, (Sat, Dec 13th)
Tag: EN
Hackers Launch Rust-Based Luca Stealer Targeting Linux and Windows
Cybercriminals are increasingly abandoning traditional programming languages like C and C++ in favor of modern alternatives such as Rust, Golang, and Nim. This strategic shift enables threat actors to write malicious code once and compile it for both Windows and…
Kali Linux 2025.4 Released Featuring 3 New Hacking Tools and Wifipumpkin3
The release of Kali Linux 2025.4 marks a significant milestone for the ethical hacking distribution, bringing major architectural changes and a suite of fresh tools. This update focuses on stripping away “fluff” to prioritize performance, essential utilities, and improved hardware support. With…
Apple Confirms Zero-Day Exploitation in Targeted Attacks on iPhone Users
Apple has issued critical security patches addressing two actively exploited zero-day vulnerabilities affecting iPhone and iPad devices. The tech giant confirmed that both flaws were leveraged in extremely sophisticated attacks targeting specific individuals before iOS 26 was released. Critical WebKit…
Empire 6.3.0 Released as Updated Post-Exploitation Framework for Red Teams
Researcher has officially released Empire 6.3.0, a significant update to the widely used post-exploitation and adversary emulation framework designed for Red Teams and Penetration Testers. This latest version reinforces the tool’s modular architecture, offering operator flexibility through a robust server/client model. Written…
Researchers and Developers Targeted in AI-Driven GitHub Supply Chain Attack
A sophisticated AI-generated supply chain attack is targeting researchers, developers, and security professionals through compromised GitHub repositories, according to findings from Morphisec Threat Labs. The campaign leverages dormant GitHub accounts and polished, AI-crafted repositories to distribute a previously undocumented backdoor…
Germany calls in Russian Ambassador over air traffic control hack claims
Germany summoned Russia’s ambassador over alleged cyberattacks on air traffic control and a disinformation campaign ahead of national elections. Germany summoned Russia’s ambassador after accusing Moscow of cyber attacks against its air traffic control authority and running a disinformation campaign…
Home Renovation Choices That Often Do Not Deliver Real Value
Home renovations are often regarded as investments; however, not every upgrade enhances a home’s function, character, or resale value. Designers specializing in working with properties that are older generally emphasize that intelligent, budget-savvy decisions bear greater importance than drastic…
IDESaster Report: Severe AI Bugs Found in AI Agents Can Lead to Data Theft and Exploit
Using AI agents for data exfiltrating and RCE A six-month research into AI-based development tools has disclosed over thirty security bugs that allow remote code execution (RCE) and data exfiltration. The findings by IDEsaster research revealed how AI agents deployed…
NDSS 2025 – A Systematic Evaluation Of Novel And Existing Cache Side Channels
Session 5D: Side Channels 1 Authors, Creators & Presenters: Fabian Rauscher (Graz University of Technology), Carina Fiedler (Graz University of Technology), Andreas Kogler (Graz University of Technology), Daniel Gruss (Graz University of Technology) PAPER A Systematic Evaluation Of Novel And…
UK’s ICO Fine LastPass £1.2 Million Over 2022 Security Breach
UK’s ICO fines LastPass £1.2M for the 2022 data breach that exposed 1.6 million users’ data. Learn how a flaw in an employee’s personal PC led to the massive security failure. This article has been indexed from Hackread – Cybersecurity…
Fake GitHub OSINT Tools Spread PyStoreRAT Malware
Attackers are using GitHub as part of a campaign to spread a novel JavaScript-based RAT called PyStoreRAT, masquerading as widely used OSINT, GPT, and security utilities targeting developers and analysts. The malware campaign leverages small pieces of Python or…
AI Browsers Raise Privacy and Security Risks as Prompt Injection Attacks Grow
A new wave of competition is stirring in the browser market as companies like OpenAI, Perplexity, and The Browser Company aggressively push to redefine how humans interact with the web. Rather than merely displaying pages, these AI browsers will…
Apple Addresses Two Actively Exploited Zero-Day Security Flaws
Following confirmation that two previously unknown security flaws had been actively exploited in the wild on Friday, Apple rolled out a series of security updates across its entire software ecosystem to address this issue, further demonstrating the continued use of…
5 Critical Situations Where You Should Never Rely on ChatGPT
Just a few years after its launch, ChatGPT has evolved into a go-to digital assistant for tasks ranging from quick searches to event planning. While it undeniably offers convenience, treating it as an all-knowing authority can be risky. ChatGPT…
CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability in Google Chromium’s ANGLE graphics engine to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-14174, the flaw allows remote attackers to trigger out-of-bounds memory access…
Empire 6.3.0 Launches With New Features for Red Teams and Penetration Testers
BC Security has announced the release of Empire 6.3.0, the latest iteration of the widely used post-exploitation and adversary emulation framework. This update reinforces Empire’s position as a premier tool for Red Teams and penetration testers, offering a flexible, modular server…
Google Warns Multiple Hacker Groups Are Exploiting React2Shell to Spread Malware
Google Threat Intelligence Group (GTIG) has issued a warning regarding the widespread exploitation of a critical security flaw in React Server Components. Known as React2Shell (CVE-2025-55182), this vulnerability allows attackers to take control of servers remotely without needing a password. Since…
CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. CVE-2018-4063 (CVSS score: 8.8/9.9) refers…
AI Toys for Kids Talk About Sex, Drugs, and Chinese Propaganda
Plus: Travelers to the US may have to hand over five years of social media history, South Korean CEOs are resigning due to cyberattacks, and more. This article has been indexed from Security Latest Read the original article: AI Toys…