malicious
-
EngageSDK Vulnerability puts millions of crypto wallets at risk
A recently identified flaw in the popular Android library EngageSDK has sparked serious worries within the cryptocurrency sector, potentially endangering…
Read More » -
Fake BTS Tour Ticket Scams Target Fans Worldwide
As BTS makes its highly anticipated return to the global stage following their mandatory military service, K-pop fans worldwide are…
Read More » -
Middle East Espionage Attack Uses Fake Secure Messaging Apps to Deliver ProSpy
Hackers are impersonating popular secure messaging apps to deploy a sophisticated Android spyware tool called ProSpy against journalists, activists, and…
Read More » -
TP-Link Devices at Risk as Multiple Security Flaws Enable Takeover
Cybersecurity researchers have uncovered five significant security vulnerabilities in the TP-Link Archer AX53 v1.0 router. If left unpatched, these critical…
Read More » -
One Line, Eleven Models: The Sockpuppeting Technique That Defeats AI Safeguards
A newly discovered jailbreak technique called “sockpuppeting” can force 11 leading AI models—including ChatGPT, Claude and Gemini—to bypass their safety…
Read More » -
ClickFix, Malicious DMGs Push notnullOSX to macOS Users
Hackers are abusing ClickFix commands and booby-trapping DMG installers to deliver a new macOS stealer called notnullOSX, built to loot…
Read More » -
Attackers Deploy Hidden Magecart Skimmer on Magento Using SVG onload Abuse
Security researchers at Sansec uncovered a large-scale Magecart campaign targeting Magento e-commerce platforms. Nearly 100 online stores were infected with…
Read More » -
New Phishing Campaign Exploits Google Storage to Deliver Remcos RAT
A recently observed phishing campaign is abusing Google Cloud Storage to deliver the Remcos remote access trojan (RAT), relying on…
Read More » -
Microsoft Details How Defender Protects High-Value Assets in Real-World Attacks
Microsoft has significantly upgraded its Defender platform to automatically detect and block sophisticated cyberattacks targeting High-Value Assets (HVAs) like domain…
Read More » -
CISA Issues Warning on Critical Ivanti EPMM Flaw Exploited in Ongoing Attacks
The Cybersecurity and Infrastructure security Agency (CISA) has issued an urgent alert regarding a critical security flaw in Ivanti Endpoint…
Read More » -
RoningLoader Campaign Uses DLL Side-Loading, Code Injection to Slip Past Defenses
A sophisticated cyber-espionage group known as DragonBreath (APT-Q-27) has been linked to a new RoningLoader malware campaign that uses advanced…
Read More » -
Linux Foundation Leader Impersonated in Slack Attack on Open Source Developers
A social engineering campaign is actively targeting open source developers through Slack. The warning was shared through the OpenSSF Siren…
Read More » -
Critical Chrome Flaws Let Attackers Execute Arbitrary Code
Google has released an urgent security update for its Chrome browser, resolving multiple dangerous vulnerabilities. The Chrome team promoted version…
Read More » -
Silver Fox Campaign Spreads ValleyRAT via Fake Chinese Telegram Language Pack
New analysis of a fake Telegram installer uploaded to MalwareBazaar reveals Silver Fox expanding its ValleyRAT operations via a fresh…
Read More » -
Hackers Target Adobe Reader Users With Sophisticated Zero-Day Exploit
Security researchers have uncovered a highly sophisticated, unpatched zero-day vulnerability actively targeting Adobe Reader users. The exploit, first detected in…
Read More » -
IBM Security Verify Access Flaws Let Remote Attackers Access Sensitive Data
IBM has issued an urgent security bulletin addressing a slew of vulnerabilities impacting IBM Verify Identity Access and IBM Security…
Read More » -
Docker Authorization Bypass Flaw Exposed Hosts to Potential Attackers
A critical security vulnerabilityhas been identified in Docker Engine, creating a risk of authorization bypass attacks against host systems. Referred…
Read More »