PT-2026-46307

Am I affected? You are affected if all of the following are true: - You use better-auth at a version = 1.6.0, 1.6.11. - The deviceAuthorization plugin is enabled in your auth config deviceAuthorization in your plugins array. - A third party can observe a pending user code before the legitimate us...

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems. The game has shifted from breach to...

The Weird, Twisting Tale of How China Spied on Alysa Liu and Her Dad

Years before the figure skater became an Olympic superstar, a Chinese operative tried to stalk her father and monitored other US residents deemed dissidents against China. And that’s just the beginning...

Russian hacking group targets home and small office routers to spy on users

British security officials found that a group linked to the Russian military is spying on users of compromised Small Office/Home Office SOHO routers in a broad cyber espionage campaign. A Microsoft blog goes into the technical details of these attacks. The group, which we’ll refer to as APT28, bu...

Russian Forest Blizzard Hackers Hijack Home Routers for Global Spying

Microsoft Threat Intelligence reveals how Russian hacking group Forest Blizzard uses home routers for DNS hijacking and spying...

Mastang Panda Uses Venezuela News to Spread LOTUSLITE Malware

Researchers have found a new spying campaign using news about Venezuela to trick US government officials. Learn how the LOTUSLITE virus sneaks into computers to steal secrets...

ICE Can Now Spy on Every Phone in Your Neighborhood

Plus: Iran shuts down its internet amid sweeping protests, an alleged scam boss gets extradited to China, and more...

US Border Patrol Is Spying on Millions of American Drivers

Plus: The SEC lets SolarWinds off the hook, Microsoft stops a historic DDoS attack, and FBI documents reveal the agency spied on an immigration activist Signal group in New York City...

Chinese Tech Firm Leak Reportedly Exposes State Linked Hacking

A massive data leak reportedly at Chinese firm Knownsec Chuangyu exposed 12,000 files detailing state-backed 'cyber weapons' and spying on over 20 countries. See the details, including 95GB of stolen Indian immigration data...

LANDFALL Spyware Targeted Samsung Galaxy Phones via Malicious Images

Unit 42 discovered LANDFALL, commercial-grade Android spyware, which used a hidden image vulnerability CVE-2025-21042 to remotely spy on Samsung Galaxy users via WhatsApp. Update your phone now...

ThreatsDay Bulletin: $15B Crypto Bust, Satellite Spying, Billion-Dollar Smishing, Android RATs & More

The online world is changing fast. Every week, new scams, hacks, and tricks show how easy it's become to turn everyday technology into a weapon. Tools made to help us work, connect, and stay safe are now being used to steal, spy, and deceive. Hackers don't always break systems anymore — they use...

Dutch Teens Arrested Over Alleged Spying for Pro-Russian Hackers

Dutch authorities arrest two teens recruited by pro-Russian hackers for spying missions. Learn how Russia is using disposable agents for sabotage across Europe...

PT-2025-35710

Name of the Vulnerable Software and Affected Versions: BoomCMS version 9.1.4 Description: This issue is a Cross-Frame Scripting XFS vulnerability. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript and relies on social engineering. It is perceived as ...

Fake Antivirus App Spreads Android Malware to Spy on Russian Users

Doctor Web warns of Android.Backdoor.916.origin, a fake antivirus app that spies on Russian users by stealing data, streaming…...

Malicious code in como-espiar-whatsapp-de-forma-segura (npm)

The package como-espiar-whatsapp-de-forma-segura was found to contain malicious code...

Fake Minecraft Installer Spreads NjRat Spyware to Steal Data

Fake Minecraft clone Eaglercraft 1.12 Offline spreads NjRat spyware stealing passwords, spying via webcam and microphone, warns Point…...

Tradecraft in the Information Age

Long article on the difficulty impossibility? of human spying in the age of ubiquitous digital surveillance...

CVE-2023-48419

An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege...

Florida Man Enters the Encryption Wars

Plus: A US judge rules against police cell phone “tower dumps,” China names alleged NSA agents it says were involved in cyberattacks, and Customs and Border Protection reveals its social media spying tools...

MAL-2025-2593 Malicious code in blackspammerbd-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 49490144c72d79e7bb37921a87c52011d6ce935fd7d031e2a4d3e4835e98a399 This package is designed for remote control and data exfiltration, and could be used for malicious purposes such as spying, unauthorized access,...