malicious
-
The “Banking KYC” Android Malware Campaign Targeting Indian Users
A sophisticated new Android malware campaign is currently circulating via WhatsApp, masquerading as an essential “Banking KYC” (Know Your Customer)…
Read More » -
Fake Document Reader Delivers Anatsa Trojan to 10K Android Users
In a sobering reminder that official marketplaces are not infallible, a sophisticated malicious application masquerading as a legitimate document reader…
Read More » -
Sophisticated Multi-Stage Malware Campaign Weaponizes Legitimate Cloud Services
A sophisticated new malware campaign has emerged, utilizing a blend of advanced obfuscation and multi-stage delivery mechanisms designed specifically to…
Read More » -
Critical Security Alert: RCE Vulnerabilities in Google’s Gemini CLI and GitHub Actions
Google has issued an urgent security advisory following the discovery of critical vulnerabilities within the Gemini CLI and its integrated…
Read More » -
Deceptive Excel Lures: How Kimsuky APT Leverages LNK Files and Cloud Services to Target Life Sciences
In a sophisticated display of social engineering and technical evasion, North Korean state-backed actors are increasingly deploying weaponized, Excel-themed files…
Read More » -
Securing Autonomous Agents: OpenClaw Patches Critical Policy Bypass and Credential Leak Vulnerabilities
As the adoption of autonomous AI agent frameworks accelerates, the attack surface for these highly capable systems expands alongside them.…
Read More » -
Tenable Nessus Agent Vulnerability (CVE‑2026‑33694): Local Junction‑Point Privilege Escalation
In a significant security update, Tenable has disclosed a high-severity vulnerability within its Nessus Agent software for Windows environments. While…
Read More » -
Chaining Vulnerabilities to Achieve Root Access in CODESYS Soft PLCs
Recent research published by Nozomi Networks Labs has uncovered a sophisticated exploit chain targeting the CODESYS Control runtime. By leveraging…
Read More » -
Analyzing a New PowerShell-Based Telegram Session Stealer: From Pastebin to Bot API Exfiltration
Threat actors are currently refining a specialized class of infostealers specifically designed to hijack Telegram sessions. Unlike broad-spectrum malware that…
Read More » -
The Trojan Interview: How Void Dokkaebi Exploits Developer Trust to Fuel Supply Chain Attacks
In the high-stakes world of software engineering, a job offer is often the ultimate motivator. However, the threat actor known…
Read More » -
Critical Authentication Bypass Vulnerability (CVE-2025-65856) in Hangzhou Xiongmai XM530 IP Cameras
A high-severity security flaw has been uncovered in the Hangzhou Xiongmai Technology XM530 series IP cameras, posing an imminent threat…
Read More » -
The Invisible Shadow: How Signaling Vulnerabilities Enable Global Mobile Surveillance
A groundbreaking investigation by Citizen Lab has pulled back the curtain on a series of sophisticated, multi-year surveillance campaigns that…
Read More » -
Trigona Affiliates Pivot to Proprietary Data Exfiltration Tooling
In a significant tactical shift, ransomware operators are moving away from “living off the land” with common utilities and toward…
Read More »