cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

A threat actor named MrRot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager WHM that could result ...

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

Threat actors associated with The Gentlemen ransomware‑as‑a‑service RaaS operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point, the command-and-control C2 or C&C server linked to SystemBC has led to the discover...

MAL-2026-162 Malicious code in btcli-security (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a4b868f818b1a81f5fccee1967f70c3ff9d75c218d14ec09882c576a9c2c213e Package clones a legitimate bittensor-cli library and adds a hidden code that downloads a malicious script. The script then downloads an archive with malicious...

MAL-2026-51 Malicious code in async-substrate-interface-upgrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9f97af1701ef4cd3f9c0a8bf1f8245a4291ac3b704b9149972b27a6dd9966428 This is a typosquatting/dependency confusion package that is part of a campaign embedding malicious code but was found before the malicious code was injected...

CVE-2025-61725

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

gvisor-tap-vsock security update

An update is available for gvisor-tap-vsock. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A replacement for libslirp and VPNKit, written in pure Go. It is...

ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service

Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service DDoS attacks against targets of interest. The ShadowV2 botnet, according to Darktrace, predominantly targets misconfigured Docker containers on Amazon Web...

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

Cosmic Sting: CVE-2024-34102 Exploiter Cosmic Sting is a Go-b...

Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse

Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that's targeting publicly accessible Redis servers. The malicious activity has been codenamed RedisRaider by Datadog Security Labs. "RedisRaider aggressively scans randomized portions of the IPv4 space and uses...

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433 Remote Shell Go-based exploit for CVE-2025-3243...

Google gVisor 安全漏洞

Google gVisor is a user-space kernel from Google written in the Go language for use in Linux systems. A security vulnerability exists in Google gVisor, which stems from the presence of an information-countable vulnerability that could lead to an attacker being able to count information for use in...

South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware

An unnamed South Korean enterprise resource planning ERP vendor's product update server has been found to be compromised to deliver a Go-based backdoor dubbed Xctdoor. The AhnLab Security Intelligence Center ASEC, which identified the attack in May 2024, did not attribute it to a known threat act...

CherryTree Impostor Dubbed CherryLoader Makes Its Move

Summary: CherryLoader, a new Go-based downloader, has surfaced in cyber attacks, masquerading as the legitimate CherryTree note-taking app. This sophisticated threat infiltrates compromised hosts, delivering malicious payloads such as privilege escalation tools for exploitation and persistent...

Cyclops Ransomware Gang Offers Go-Based Info Stealer to Cybercriminals

Threat actors associated with the Cyclops ransomware have been observed offering an information stealer malware that's designed to capture sensitive data from infected hosts. "The threat actor behind this ransomware-as-a-service promotes its offering on forums," Uptycs said in a new report. "Ther...

YouTube Videos Distributing Aurora Stealer Malware via Highly Evasive Loader

Cybersecurity researchers have detailed the inner workings of a highly evasive loader named "in2al5d p3in4er " read: invalid printer that's used to deliver the Aurora information stealer malware. "The in2al5d p3in4er loader is compiled with Embarcadero RAD Studio and targets endpoint workstations...

Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites

A Chinese nation-state group targeted an unnamed Taiwanese media organization to deliver an open source red teaming tool known as Google Command and Control GC2 amid broader abuse of Google's infrastructure for malicious ends. The tech giant's Threat Analysis Group TAG attributed the campaign to ...

Uncovering HinataBot: A Deep Dive into a Go-Based Threat

...

Chinese Hackers Targeting European Entities with New MQsTTang Backdoor

The China-aligned Mustang Panda actor has been observed using a hitherto unseen custom backdoor called MQsTTang as part of an ongoing social engineering campaign that commenced in January 2023. "Unlike most of the group's malware, MQsTTang doesn't seem to be based on existing families or publicly...

New GoTrim Botnet Attempting to Break into WordPress Sites' Admin Accounts

A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system CMS to seize control of targeted systems. "This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses ':::trim:::' t...

Cryptocurrency Mining Campaign Hits Linux Users with Go-based CHAOS Malware

A cryptocurrency mining attack targeting the Linux operating system also involved the use of an open source remote access trojan RAT dubbed CHAOS. The threat, which was spotted by Trend Micro in November 2022, remains virtually unchanged in all other aspects, including when it comes to terminatin...