Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a remote access trojan named NetSupport RAT. The attack chain, analyzed by Securonix, involves three main moving…
Tag: EN
AWS launches AI-enhanced security innovations at re:Invent 2025
At re:Invent 2025, AWS unveiled its latest AI- and automation-enabled innovations to strengthen cloud security for customers to grow their business. Organizations are likely to increase security spending from $213 billion in 2025 to $377 billion by 2028 as they…
New JS#SMUGGLER Campaign Drops NetSupport RAT Through Infected Sites
Securonix Threat Research details the complex JS#SMUGGLER campaign, a three-step web attack using obfuscated JavaScript and hidden HTA files to install the NetSupport RAT on user Windows desktops, granting hackers full remote control and persistent access. This article has been…
Vulnerability Summary for the Week of December 1, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 10web–10Web Booster Website speed optimization, Cache & Page Speed optimizer The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable…
Stronger together: New Beazley collaboration enhances cyber resilience
To bolster security for our customers, we need to align with our ecosystem partners. Our new collaboration with Beazley as an incident response partner is a step in that direction. The post Stronger together: New Beazley collaboration enhances cyber resilience…
Hackers Exploit AWS IAM Eventual Consistency to Establish Persistence
A critical persistence technique in AWS Identity and Access Management (IAM) stemming from its eventual consistency model, allowing attackers to retain access even after defenders delete compromised access keys. AWS IAM, like many distributed systems, employs eventual consistency to scale…
Malicious Document Reader App in Google Play With 50K Downloads Installs Anatsa Malware
A deceptive Android application lurking in the Google Play Store, disguised as a document reader and file manager, but delivering the Anatsa banking trojan to users. Cybersecurity firm Zscaler ThreatLabz found an app named “Document Reader – File Manager” by…
Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks
Chrome’s new agentic browsing protections include user alignment critic, expanded origin-isolation capabilities, and user confirmations. The post Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
End to End-to-end Encryption? Google Update Allows Firms to Read Employee Texts
Your organization can now read your texts Microsoft stirred controversy when it revealed a Teams update that could tell your organization when you’re not at work. Google did the same. Say goodbye to end-to-end encryption. With this new RCS and…
Meta Begins Removing Under-16 Users Ahead of Australia’s New Social Media Ban
Meta has started taking down accounts belonging to Australians under 16 on Instagram, Facebook and Threads, beginning a week before Australia’s new age-restriction law comes into force. The company recently alerted users it believes are between 13 and 15…
Google Confirms Rising ‘Account Takeovers ’— Users Told to Check Chrome Settings
Google warns Chrome users of rising “account takeovers” and urges stronger authentication to keep accounts and synced data safe. The post Google Confirms Rising ‘Account Takeovers ’— Users Told to Check Chrome Settings appeared first on TechRepublic. This article has…
Petco’s security lapse affected customers’ SSNs, drivers’ licenses and more
Petco said the exposure was due to an error in an application, and that it is notifying victims’ whose data was affected. This article has been indexed from Security News | TechCrunch Read the original article: Petco’s security lapse affected…
New GhostFrame Super Stealthy Phishing Kit Attacks Millions of Users Worldwide
A sophisticated new phishing kit called GhostFrame has already been used to launch over 1 million attacks. First discovered in September 2025 by Security researchers at Barracuda, this stealthy tool represents a dangerous evolution in phishing-as-a-service technology. What makes GhostFrame…
ClayRat Android Spyware Expands Capabilities
A new version of ClayRat Android spyware features enhanced surveillance and device-control features This article has been indexed from www.infosecurity-magazine.com Read the original article: ClayRat Android Spyware Expands Capabilities
Ransomware peaked in 2023 prior to law enforcement actions
U.S. Treasury report shows drop in threat activity in the wake of aggressive takedown efforts. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Ransomware peaked in 2023 prior to law enforcement actions
Oracle EBS zero-day used by Clop to breach Barts Health NHS
Clop ransomware stole data from Barts Health NHS after exploiting a zero-day in its Oracle E-Business Suite. Barts Health NHS confirmed that Clop ransomware group stole data by exploiting zero-day CVE-2025-61882 in its Oracle E-Business Suite. The cybercrime group added…
NVIDIA and Lakera AI Propose Unified Framework for Agentic System Safety
As artificial intelligence systems become more autonomous, their ability to interact with digital tools and data introduces complex new risks. Recognizing this challenge, researchers from NVIDIA and Lakera AI have collaborated on a new paper proposing a unified framework for…
QuasarRAT Core Functionalities Along with Encrypted Configuration and Obfuscation Techniques Exposed
QuasarRAT, initially surfacing in 2014 under the alias xRAT, began its lifecycle as a legitimate remote administration tool for Windows environments. Over the last decade, however, its open-source nature and accessibility have facilitated its transformation into a potent instrument for…
How phishers hide banking scams behind free Cloudflare Pages
We found a campaign that hosts fake login pages on Cloudflare Pages and sends the stolen info straight to Telegram. This article has been indexed from Malwarebytes Read the original article: How phishers hide banking scams behind free Cloudflare Pages
Marquis Software Breach Affects Over 780,000 Nationwide
A data breach at Marquis Software Solutions due to a firewall flaw has affected over 780,000 people across the US This article has been indexed from www.infosecurity-magazine.com Read the original article: Marquis Software Breach Affects Over 780,000 Nationwide