malicious
-
PoC Exploit Code Published for nginx-ui Backup Restore Security Flaw
A critical security flaw in the nginx-ui backup restore mechanism, tracked as CVE-2026-33026, allows attackers to manipulate encrypted backups and…
Read More » -
North Korean Hackers Breach Axios Package, Target Windows, macOS, and Linux Systems
A North Korea–nexus threat actor hijacked the popular Axios NPM package in a high‑impact software supply chain attack, deploying a…
Read More » -
Apple Adds ClickFix Attack Warnings in New macOS Tahoe Security Feature
Apple has silently introduced a new security mechanism in macOS Tahoe 26.4 to protect users against social engineering campaigns known…
Read More » -
Axios NPM Packages Breached in Ongoing Supply Chain Attack
A severe supply chain attack has compromised the widely used Axios HTTP client on the npm registry. Attackers injected a…
Read More » -
Google Introduces Advanced Ransomware Defense and Recovery Features in Drive
Google has officially rolled out its enhanced ransomware detection and file restoration capabilities for Google Drive, transitioning them from beta…
Read More » -
ChatGPT Vulnerability Enabled Silent Leakage of Prompts and Sensitive Information
Artificial intelligence assistants increasinglyhandle our most sensitive data, operating under the assumption that enclosed environments keep this information secure. However,…
Read More » -
Claude AI Uncovers Zero-Day RCE Vulnerabilities in Vim and Emacs
Security researchers at Calif recently demonstrated the evolving power of artificial intelligence in vulnerability research by using Claude AI to…
Read More » -
GhostSocks Hijacks Devices as Proxy Network for Stealthy Cyberattacks
A recently identified malware strain known as GhostSocks is fundamentally altering attack tactics by transforming compromised devices into residential proxy…
Read More » -
Russian Hackers Deploy “CTRL” for RDP Hijacking
Russian hackers are employing a new remote access toolkit named “CTRL” to stealthily hijack Remote Desktop Protocol (RDP) sessions through…
Read More » -
Exposed Server Leaks TheGentlemen Ransomware Toolkit, Credentials, and Ngrok Tokens
A fully operational TheGentlemen ransomware toolkit has been discovered by researchers on an exposed server, revealing victim credentials, ngrok tokens,…
Read More » -
ClickFix Evades PowerShell Detection via Rundll32 and WebDAV
A new ClickFix attack variant has been identified that evades detection by shifting execution away from PowerShell and mshta towards…
Read More » -
WordPress Plugin Flaw Exposes Sensitive Data Across 800,000+ Sites
A severe security flaw has been disclosed in Smart Slider 3, a highly popular WordPress plugin currently active on more…
Read More » -
New Homoglyph Tricks Let Cybercriminals Mimic Trusted Domains
New homoglyph attack techniques exploit subtle visual similarities in text to spoof trusted domains, steal credentials, and bypass Unicode handling…
Read More » -
Malicious Browser Extensions Hijack Users’ AI Chats in New “Prompt Poaching” Attack
A new wave of malicious browser extensions is quietly harvesting sensitive user interactions with AI tools, now widely recognized as…
Read More » -
Phishing ZIP Files Used to Deploy PXA Stealer Targeting Financial Firms
A significant surge in PXA Stealer campaigns targeting global financial institutions during Q1 2026. This marks a notable shift in…
Read More » -
Hackers Target South Asian Financial Firm with BRUSHWORM and BRUSHLOGGER Attacks
A South Asian financial institution faced compromise due to a custom malware toolkit combining a modular backdoor (BRUSHWORM) and a…
Read More » -
TeamPCP Hackers Focus on AI Developers, Planting Malicious Code to Disrupt Projects
The FBI Cyber Division has issued a critical alert following a massive supply chain attack orchestrated by the threat actor…
Read More »