Cybersecurity News
-
Amazon Identified North Korean IT Worker by Tracking Keystroke Activity
Amazon has made a shocking discovery, uncovering a North Korean imposter who was posing as a systems administrator based in the United States. The revelation was not made through traditional…
Read More » -
New Linux Kernel Rust Vulnerability Triggers System Crashes
A critical vulnerability has been discovered in the Linux kernel’s Rust Binder module, which can cause system crashes and memory corruption due to a race condition. The issue has been…
Read More » -
Beware of Malicious Scripts in Weaponized PDF Purchase Orders
A sophisticated phishing campaign utilizing a weaponized PDF document named “NEW Purchase Order # 52177236.pdf” has been identified, employing legitimate cloud infrastructure and encrypted messaging apps to steal corporate credentials.…
Read More » -
New Lazarus and Kimsuky Infrastructure Discovered with Active Tools and Tunneling Nodes
Security researchers from Hunt.io and Acronis Threat Research Unit have made a groundbreaking discovery, uncovering a complex network of operational infrastructure controlled by North Korean state-sponsored threat actors, specifically the…
Read More » -
RansomHouse RaaS Enhances Double Extortion with Data Theft and Encryption
RansomHouse, a ransomware-as-a-service (RaaS) operation managed by the threat group Jolly Scorpius, has significantly enhanced its encryption capabilities, marking a critical escalation in the threat landscape. Recent analysis of RansomHouse…
Read More » -
Hackers Actively Exploit SonicWall SMA1000 Zero-Day to Escalate Privileges
SonicWall has released an urgent security advisory regarding the active exploitation of a local privilege escalation vulnerability affecting its SMA1000 appliances, which allows attackers with management console access to gain…
Read More » -
Microsoft Desktop Window Manager Flaw Allows Privilege Escalation
A critical vulnerability has been identified in the Windows Desktop Window Manager (DWM) that could potentially allow attackers to escalate privileges to system level, posing a significant threat to Windows…
Read More » -
New Reports Reveal WAFs Are Ineffective Against Latest React2Shell Exploit
Miggo Security has released a comprehensive benchmark study revealing critical gaps in Web Application Firewall (WAF) protection, with the discovery of React2Shell (CVE-2025-55182) serving as a stark real-world validation of…
Read More » -
ForumTrol Operation Uses Chrome Zero-Day in Fresh Phishing Attacks
The ForumTroll APT group has re-emerged with a highly sophisticated phishing campaign aimed at Russian academics, marking a significant escalation in their ongoing operations against entities in Russia and Belarus.…
Read More » -
New Moonwalk++ PoC Demonstrates How Malware Can Forge Windows Call Stacks to Evade Detection
Recently, security researchers have exposed a new and alarming technique that enables malware to completely conceal its presence by falsifying Windows call stacks, a method specifically designed to evade modern…
Read More » -
Parked Domains Emerge as a Primary Channel for Malware and Phishing
The landscape of domain parking has undergone a significant transformation over the past decade, evolving from a relatively benign monetization strategy to a sophisticated vector for cybercrime. New research into…
Read More » -
Russian Hackers Launch Attacks on Network Edge Devices in Western Critical Infrastructure
Russian state-sponsored hackers have intensified their attacks on misconfigured network edge devices across Western critical infrastructure, marking a significant shift in tactics as 2025 comes to a close. According to…
Read More » -
CISA Alerts on Apple WebKit Zero-Day Actively Used in Cyberattacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability affecting multiple Apple products to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild.…
Read More » -
Link11 Identifies Five Cybersecurity Trends Shaping European Defense Strategies in 2026
Link11, a leading European provider of web infrastructure security solutions, has released new insights highlighting five key cybersecurity developments that will shape the way organizations across Europe prepare for and…
Read More » -
Jaguar Land Rover Confirms August Cyberattack Led to Employee Data Theft
Jaguar Land Rover (JLR) has officially confirmed that a major cyberattack in August resulted in the theft of sensitive personal data belonging to current and former employees. This disclosure marks…
Read More » -
JumpCloud Remote Assist Windows Agent Vulnerability Allows Privilege Escalation
A critical vulnerability has been discovered in the JumpCloud Remote Assist for Windows agent, allowing low-privileged users to gain NT AUTHORITY\SYSTEM privileges or crash the system. This vulnerability, tracked as…
Read More » -
SantaStealer Malware Steals Sensitive Files, Credentials, and Crypto Wallet Data
Cybersecurity researchers at Rapid7 Labs have discovered a new and sophisticated threat: SantaStealer, a malware-as-a-service information stealer that is being actively promoted on Telegram channels and underground hacker forums. The…
Read More » -
PCPcat Malware Leverages React2Shell Vulnerability to Breach 59,000+ Servers
A sophisticated attack campaign attributed to a group identifying as “PCP” has compromised 59,128 servers in less than 48 hours by exploiting critical Next.js vulnerabilities. Security researchers discovered the large-scale…
Read More »