malicious
-
Threat Actors Exploiting Victims’ Machines for Bandwidth Monetization
Cybersecurity researchers have uncovered an ongoing campaign where threat actors exploit the critical CVE-2024-36401 vulnerability in GeoServer, a geospatial database,…
Read More » -
AI Website Generators Repurposed by Adversaries for Malware Campaigns
Adversaries are using AI-powered website builders to expedite the development of harmful infrastructure in a quickly changing threat landscape, hence…
Read More » -
A New Malware Loader Spreading Infostealers and Remote Access Trojans (RATs)
IBM X-Force has tracked QuirkyLoader, a sophisticated loader malware deployed by threat actors to distribute prominent families such as Agent…
Read More » -
Lenovo AI Chatbot Flaw Allows Remote Script Execution on Corporate Systems
Cybersecurity researchers have uncovered critical vulnerabilities in Lenovo’s AI-powered customer support chatbot that could allow attackers to execute malicious scripts…
Read More » -
Threat Actors Use Pirated Games to Bypass Microsoft Defender SmartScreen and Adblockers
Cybersecurity researchers have uncovered a sophisticated campaign where threat actors leverage pirated game downloads to distribute HijackLoader, a modular malware…
Read More » -
Threat Actors Exploit Microsoft Help Index File to Deploy PipeMagic Malware
Cybersecurity researchers have uncovered a sophisticated campaign where threat actors leverage a Microsoft Help Index File (.mshi) to deploy the…
Read More » -
North Korean Hackers’ Secret Linux Malware Surfaces Online
Phrack Magazine’s latest issue #72 has unveiled a significant data leak from a suspected North Korean hacking operation, including exploit…
Read More » -
Elastic EDR 0-Day Flaw Lets Hackers Evade Detection, Run Malware, and Trigger BSOD
AshES Cybersecurity has disclosed a severe zero-day vulnerability in Elastic’s Endpoint Detection and Response (EDR) software that transforms the security…
Read More » -
Cisco IOS, IOS XE, and Secure Firewall Flaws Allow Remote DoS Attacks
Cisco Systems has issued a high-priority security advisory addressing multiple critical vulnerabilities in the Internet Key Exchange Version 2 (IKEv2)…
Read More » -
Threat Actors Abuse npm Developer Accounts Hijacked to Spread Malicious Packages
A sophisticated phishing campaign targeting the maintainer of eslint-config-prettier, a widely-used npm package with over 3.5 billion downloads, resulted in…
Read More » -
PoC Released for Fortinet FortiSIEM Command Injection Flaw
Security researchers have uncovered a severe pre-authentication command injection vulnerability in Fortinet’s FortiSIEM platform that allows attackers to completely compromise…
Read More » -
Top 10 Best NDR Solutions (Network Detection And Response) in 2025
The network remains the central nervous system of every organization. While endpoints and cloud environments are crucial, all digital activity…
Read More » -
Ransomware Actors Combine Legitimate Tools with Custom Malware to Evade Detection
Operators behind the Crypto24 strain are employing highly coordinated, multi-stage attacks that blend legitimate system tools with bespoke malware to…
Read More » -
Windows Out-of-Box-Experience Flaw Enables Full Administrative Command Prompt Access
A newly documented vulnerability in Windows’ Out-of-Box-Experience (OOBE) allows users to bypass security restrictions and gain full administrative access to…
Read More » -
Adobe’s August 2025 Patch Tuesday Fixes 60 Vulnerabilities Across Multiple Products
Adobe has rolled out its August 2025 Patch Tuesday updates, addressing a total of 60 vulnerabilities across a wide array…
Read More »