malicious
-
New XCSSET Malware Variant Targets macOS App Developers
Cybersecurity researchers have discovered an advanced variant of the XCSSET malware specifically targeting macOS developers through infected Xcode projects, introducing…
Read More » -
BRICKSTORM Backdoor Hits Tech and Legal Firms with Stealthy New Campaign
Persistent, stealthy, and cross-platform, the BRICKSTORM backdoor has emerged as a significant threat to U.S. technology and legal organizations. Tracked…
Read More » -
Attackers Bypass EDR by Using In-Memory PE Loaders Delivered via Malicious Downloads
Security researchers have discovered a wave of attacks that use in-memory PE loaders to slip past endpoint detection and response (EDR) systems.…
Read More » -
Threat Actors Breach Enterprise Infrastructure Within 18 Minutes of Initial Access
Attackers are accelerating their foothold in corporate networks: over the past three months (June 1 to August 31, 2025), the…
Read More » -
BlockBlasters Steam Game Disguises Malware as Patch for Computer Download
BlockBlasters, a vibrant 2D platformer/shooter from Genesis Interactive, launched on July 31, 2025 to wide acclaim. However, on August 30,…
Read More » -
Threat Actors Market Stealthy New RAT as Alternative to ScreenConnect FUD
Cybersecurity researchers have identified a concerning development in the underground cybercrime marketplace: a sophisticated Remote Access Trojan (RAT) being marketed…
Read More » -
Nokia CBIS/NCS Manager API Vulnerability Allows Attackers to Bypass Authentication
On September 18, 2025, Orange Cert publicly disclosed a critical authentication bypass vulnerability affecting Nokia’s CBIS (CloudBand Infrastructure Software) and…
Read More » -
New Botnet Exploits Simple DNS Flaws That Leads to Massive Cyber Attack
Cybersecurity researchers have uncovered a sophisticated Russian botnet operation that leveraged DNS misconfigurations and compromised MikroTik routers to deliver malware…
Read More » -
HubSpot’s Jinjava Engine Flaw Exposes Thousands of Sites to RCE Attacks
A critical security vulnerability has been discovered in HubSpot’s Jinjava template engine, potentially exposing thousands of websites and applications to…
Read More » -
0-Click ChatGPT Agent Flaw Exposes Gmail Data to Attackers
Researchers have discovered a critical zero-click vulnerability in ChatGPT’s Deep Research agent that allows attackers to silently steal sensitive Gmail data without…
Read More » -
Palo Alto Networks Acknowledges SquareX Research on Limitations of SWGs Against Last Mile Reassembly Attacks
SquareX first discovered and disclosed Last Mile Reassembly attacks at DEF CON 32 last year, warning the security community of…
Read More » -
Hackers Abuse RTL/LTR Text Tricks and Browser Flaws to Mask Malicious Links
Cybersecurity researchers at Varonis Threat Labs have uncovered a persistent vulnerability that has remained unaddressed for over a decade, allowing…
Read More » -
Wave of 40,000+ Cyberattacks Target API Environments
The cybersecurity landscape has witnessed a dramatic escalation in API-targeted attacks during the first half of 2025, with security researchers…
Read More » -
The Hidden Risks of Backdoor Injections
AI code assistants integrated into IDEs, like GitHub Copilot, offer powerful chat, auto-completion, and test-generation features. However, threat actors and…
Read More » -
Phishing Campaigns Exploit RMM Tools to Sustain Remote Access
A sophisticated phishing operation in which attackers deploy remote monitoring and management (RMM) tools—ITarian (formerly Comodo), PDQ Connect, SimpleHelp, and…
Read More » -
Top 10 Best Web Application Firewall (WAF) Solutions In 2025
Best Web Application Firewall In 2025, web applications are no longer just static websites; they are dynamic, complex ecosystems that…
Read More » -
New Malvertising Campaign Exploits GitHub Repositories to Distribute Malware
A sophisticated malvertising campaign has been uncovered targeting unsuspecting users through “dangling commits” in a legitimate GitHub repository. Attackers are…
Read More »