malicious

March 3, 2026

New Starkiller Phishing Framework Uses Real Login Pages to Bypass MFA Security

A new phishing framework called Starkiller is raising the bar for “phishing-as-a-service” by serving victims the real login pages of major brands through attacker…
Read More »
February 11, 2026

Hackers Weaponize 7-Zip Downloads to Turn Home PCs Into Proxy Nodes

A fake website impersonating the popular 7-Zip file archiver has been distributing malicious software that secretly converts infected computers into…
Read More »
December 23, 2025

Arcane Werewolf Hacker Group Expands Arsenal with Loki 2.1 Malware Toolkit

The cyber espionage group known as Arcane Werewolf (also tracked as Mythic Likho) has significantly upgraded its offensive capabilities, targeting…
Read More »
December 23, 2025

Sleeping Bouncer Vulnerability Impacts Gigabyte, MSI, ASRock, and ASUS Motherboards

A critical vulnerability in motherboard firmware has been identified by Riot Games’ Vanguard anti-cheat team, affecting major manufacturers such as…
Read More »
December 20, 2025

New Kibana Vulnerabilities Allow Attackers to Embed Malicious Scripts

Elastic has recently released critical security updates to address a severe cross-site scripting (XSS) vulnerability that affects multiple versions of…
Read More »
December 20, 2025

Iranian APT Targeting Networks and Critical Infrastructure Organizations

A new wave of sophisticated malware campaigns has been launched by Iranian state-sponsored threat actors, targeting critical infrastructure organizations worldwide.…
Read More »
December 19, 2025

Roundcube Flaws Let Attackers Execute Malicious Scripts

Roundcube, a widely used open-source webmail platform, has released critical security updates to address two significant vulnerabilities in its 1.6…
Read More »
December 19, 2025

Targeted Phishing Attack Strikes HubSpot Users

Evalian’s Security Operations Centre has discovered a sophisticated phishing campaign targeting HubSpot customers, which combines business email compromise (BEC) tactics…
Read More »
December 19, 2025

Beware of Malicious Scripts in Weaponized PDF Purchase Orders

A sophisticated phishing campaign utilizing a weaponized PDF document named “NEW Purchase Order # 52177236.pdf” has been identified, employing legitimate…
Read More »
December 19, 2025

New Lazarus and Kimsuky Infrastructure Discovered with Active Tools and Tunneling Nodes

Security researchers from Hunt.io and Acronis Threat Research Unit have made a groundbreaking discovery, uncovering a complex network of operational…
Read More »
December 18, 2025

Microsoft Desktop Window Manager Flaw Allows Privilege Escalation

A critical vulnerability has been identified in the Windows Desktop Window Manager (DWM) that could potentially allow attackers to escalate…
Read More »
December 18, 2025

ForumTrol Operation Uses Chrome Zero-Day in Fresh Phishing Attacks

The ForumTroll APT group has re-emerged with a highly sophisticated phishing campaign aimed at Russian academics, marking a significant escalation…
Read More »
December 17, 2025

New Moonwalk++ PoC Demonstrates How Malware Can Forge Windows Call Stacks to Evade Detection

Recently, security researchers have exposed a new and alarming technique that enables malware to completely conceal its presence by falsifying…
Read More »
December 17, 2025

ClickFix Spoof of “Word Online” Used to Spread DarkGate Malware

A sophisticated social engineering campaign has been uncovered, utilizing a fake “Word Online” extension error message to distribute the notorious…
Read More »
December 17, 2025

Parked Domains Emerge as a Primary Channel for Malware and Phishing

The landscape of domain parking has undergone a significant transformation over the past decade, evolving from a relatively benign monetization…
Read More »
December 16, 2025

PCPcat Malware Leverages React2Shell Vulnerability to Breach 59,000+ Servers

A sophisticated attack campaign attributed to a group identifying as “PCP” has compromised 59,128 servers in less than 48 hours…
Read More »
December 16, 2025

NVIDIA Merlin Vulnerabilities Allows Malicious Code Execution and DoS Attacks

NVIDIA has issued urgent security patches for its Merlin machine learning framework, addressing two high-severity deserialization vulnerabilities that could allow…
Read More »
December 15, 2025

EDR Process Sideloading to Conceal Malicious Activity

Initial access broker Storm-0249 has undergone a significant transformation, evolving from a mass phishing operation into a sophisticated threat actor…
Read More »
December 14, 2025

Hackers Launch Rust-Based Luca Stealer Targeting Linux and Windows

Cybercriminals are shifting away from traditional programming languages like C and C++ and towards modern alternatives such as Rust, Golang,…
Read More »
December 13, 2025

Surge in Attacks Targeting RSC-Enabled Services Worldwide

In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly…
Read More »

Previous page Next page