Lucene search
+L

20912 matches found

thn
thn
added 2025/12/05 5:40 a.m.6 views

JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week. The vulnerability, which does not have a CVE identifier, was addressed by the company on May 11, 2025. It's...

9.8CVSS10AI score0.67645EPSS
Exploits0
thn
thn
added 2025/12/04 5:25 p.m.7 views

Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China. The search engine optimization SEO poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloadin...

7.3AI score
Exploits0
thn
thn
added 2025/12/04 11:58 a.m.12 views

ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories

Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other. Here's a quick rundown of the latest cyber stories that show how fast the game keeps changing...

7.3AI score
Exploits0
thn
thn
added 2025/12/04 11:30 a.m.15 views

5 Threats That Reshaped Web Security This Year [2025]

As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques, and supply chain compromises affecting hundreds of thousands of websites forced a fundamental...

9.8CVSS7.6AI score0.01708EPSS
Exploits0
thn
thn
added 2025/12/04 9:27 a.m.7 views

GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services. The activity, observed since October 2024, involves distributing...

7AI score
Exploits0
thn
thn
added 2025/12/04 6:52 a.m.5 views

Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts

Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service DDoS attack that measured at 29.7 terabits per second Tbps. The activity, the web infrastructure and security company said, originated from a DDoS botnet-for-hire known as AISURU, which has been...

5.8AI score
Exploits0
thn
thn
added 2025/12/03 6:19 p.m.21 views

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

A maximum-severity security flaw has been disclosed in React Server Components RSC that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0. The vulnerability has been codenamed React2shell. It allows...

10CVSS8.4AI score0.99562EPSS
Exploits389
thn
thn
added 2025/12/03 5:56 p.m.11 views

Discover the AI Tools Fueling the Next Cybercrime Wave — Watch the Webinar

Remember when phishing emails were easy to spot? Bad grammar, weird formatting, and requests from a "Prince" in a distant country? Those days are over. Today, a 16-year-old with zero coding skills and a $200 allowance can launch a campaign that rivals state-sponsored hackers. They don't need to b...

6.7AI score
Exploits0
thn
thn
added 2025/12/03 5:46 p.m.8 views

Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's November 2025 Patch Tuesday updates, according to ACROS Security's 0patch. The vulnerability in question is CVE-2025-9491 CVSS score: 7.8/7.0, which has been describ...

7.8CVSS7.5AI score0.63102EPSS
Exploits3
thn
thn
added 2025/12/03 5:8 p.m.9 views

WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts

A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. The vulnerability, CVE-2025-8489 CVSS score: 9.8, is a case of privilege escalation that allows unauthenticated attackers to grant themselves administrative...

9.8CVSS6.8AI score0.09142EPSS
Exploits4
thn
thn
added 2025/12/03 3:32 p.m.9 views

Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud

The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application HTA files and PDFs to propagate via WhatsApp a worm that deploys a banking trojan in attacks targeting users in Brazil. The latest wave is...

6.6AI score
Exploits0
thn
thn
added 2025/12/03 9:56 a.m.8 views

Chopping AI Down to Size: Turning Disruptive Technology into a Strategic Advantage

Most people know the story of Paul Bunyan. A giant lumberjack, a trusted axe, and a challenge from a machine that promised to outpace him. Paul doubled down on his old way of working, swung harder, and still lost by a quarter inch. His mistake was not losing the contest. His mistake was assuming...

6.9AI score
Exploits0
thn
thn
added 2025/12/03 9:30 a.m.1 views

Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively bypassing the tool's protections. Picklescan, developed and maintained by Matthieu Maitre...

9.8CVSS8.2AI score0.01428EPSS
Exploits3
thn
thn
added 2025/12/03 8:39 a.m.12 views

Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer machines by masquerading as an Ethereum Virtual Machine EVM unit helper tool. The Rust crate,...

7.5AI score
Exploits0
thn
thn
added 2025/12/02 5:46 p.m.6 views

India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse

India's Department of Telecommunications DoT has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an active SIM card linked to the user's mobile number. To that end, messaging apps like WhatsApp, Telegram, Snapchat, Arattai,...

7.1AI score
Exploits0
thn
thn
added 2025/12/02 3:1 p.m.7 views

GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools

The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue. GlassWorm was first documented in...

7.1AI score
Exploits0
thn
thn
added 2025/12/02 3:0 p.m.4 views

Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera

A joint investigation led by Mauro Eldritch, founder of BCA LTD , conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence, has uncovered one of North Korea's most persistent infiltration schemes: a network of remot...

7.1AI score
Exploits0
thn
thn
added 2025/12/02 2:17 p.m.9 views

Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence AI-driven security scanners. The package in question is eslint-plugin-unicorn-ts-2, which masquerades as a TypeScript extension of the popular ESLint plugin. It was uploaded to th...

7.3AI score
Exploits0
thn
thn
added 2025/12/02 1:37 p.m.6 views

Iran-Linked Hackers Hit Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks

Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian nation-state actors that have delivered a previously undocumented backdoor called MuddyViper...

6.1AI score
Exploits0
thn
thn
added 2025/12/02 11:30 a.m.4 views

SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities

Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it when was the last time you checked?, and keeping track of all the vulnerability alerts, notifications, and updates can be a burden on resources an...

7.2AI score
Exploits0
thn
thn
added 2025/12/02 7:17 a.m.10 views

Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild

Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild. The patch addresses a total of 107 security flaws spanning different components, including Framework, System, Kernel, as well as those...

8.8CVSS7.9AI score0.01345EPSS
Exploits9
thn
thn
added 2025/12/01 5:55 p.m.7 views

India Orders Phone Makers to Pre-Install Government App to Tackle Telecom Fraud

India's telecommunications ministry has ordered major mobile device manufacturers to preload a government-backed cybersecurity app named Sanchar Saathi on all new phones within 90 days. According to a report from Reuters, the app cannot be deleted or disabled from users' devices. Sanchar Saathi,...

6.4AI score
Exploits0
thn
thn
added 2025/12/01 5:29 p.m.11 views

ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time. Five of these extensions started off as legitimate programs before malicious changes were introduced in mid-2024, according to a report fro...

7.9AI score
Exploits0
thn
thn
added 2025/12/01 12:47 p.m.18 views

⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More

Hackers aren't kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and "trusted" partners — and turn them against us. One bad download can leak your keys. One weak vendor can expose many customers at once. One guest...

9.8CVSS10AI score0.99962EPSS
Exploits26
thn
thn
added 2025/12/01 11:55 a.m.13 views

Webinar: The "Agentic" Trojan Horse: Why the New AI Browsers War is a Nightmare for Security Teams

The AI browser wars are coming to a desktop near you, and you need to start worrying about their security challenges. For the last two decades, whether you used Chrome, Edge, or Firefox, the fundamental paradigm remained the same: a passive window through which a human user viewed and interacted...

7.3AI score
Exploits0
thn
thn
added 2025/12/01 8:45 a.m.4 views

New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control

A new Android malware named Albiriox has been advertised under a malware-as-a-service MaaS model to offer a "full spectrum" of features to facilitate on-device fraud ODF, screen manipulation, and real-time interaction with infected devices. The malware embeds a hard-coded list comprising over 400...

6.7AI score
Exploits0
thn
thn
added 2025/12/01 5:7 a.m.4 views

Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets

The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish remote access and deploy additional tools. "These attacks highlight a notable shift in Tomiris's tactics, name...

7.4AI score
Exploits0
thn
thn
added 2025/11/30 9:23 a.m.6 views

CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA has updated its Known Exploited Vulnerabilities KEV catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation. The vulnerability in question is CVE-2021-26829 CVSS score: 5.4, a cross-site...

8.8CVSS7.8AI score0.4805EPSS
Exploits9
thn
thn
added 2025/11/28 4:27 p.m.11 views

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index PyPI via a domain takeover attack. Software supply chain security company ReversingLabs said it found the "vulnerabilit...

9.8CVSS9.2AI score0.01535EPSS
Exploits1
thn
thn
added 2025/11/28 4:18 p.m.13 views

North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware

The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month. According to Socket, these packages have been downloaded over 31,000 times, and are designed to deliver a variant of OtterCookie that...

6.8AI score
Exploits0
thn
thn
added 2025/11/28 11:9 a.m.5 views

Why Organizations Are Turning to RPAM

As IT environments become increasingly distributed and organizations adopt hybrid and remote work at scale, traditional perimeter-based security models and on-premises Privileged Access Management PAM solutions no longer suffice. IT administrators, contractors and third-party vendors now require...

6.8AI score
Exploits0
thn
thn
added 2025/11/28 8:33 a.m.6 views

MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams. "When users operate as guests in another tenant, their protections are determined entirely by that hosting...

6.4AI score
Exploits0
thn
thn
added 2025/11/27 6:13 p.m.6 views

Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan

The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October 2025, the activity has expanded to also single out Uzbekistan, Group-IB researchers Amirbek Kurbanov...

5.9AI score
Exploits0
thn
thn
added 2025/11/27 3:37 p.m.23 views

Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy CSP aims to enhance the Entra ID sign-in experience at "login.microsoftonline.com" by only letting...

7AI score
Exploits0
thn
thn
added 2025/11/27 2:59 p.m.4 views

Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools

If you're using community tools like Chocolatey or Winget to keep systems updated, you're not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams. But there's a catch... The very tools that make your job easier might also be the reason your systems...

7.1AI score
Exploits0
thn
thn
added 2025/11/27 10:3 a.m.17 views

ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there's a lot happening in the cyber world. Criminals are getting creative — using smart tricks to steal data, sound real, and hide in plain sight. But they're not th...

9.8CVSS7AI score0.99968EPSS
Exploits59
thn
thn
added 2025/11/27 7:3 a.m.4 views

Gainsight Expands Impacted Customer List Following Salesforce Security Alert

Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought. The company said Salesforce initially provided a list of 3 impacted customers and that it has "expanded to a larger list" as of November 21, 2025. It did not...

6.5AI score
Exploits0
thn
thn
added 2025/11/26 6:8 p.m.16 views

Shai-Hulud v2 Spreads From npm to Maven, as Campaign Exposes Thousands of Secrets

The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components...

7.3AI score
Exploits0
thn
thn
added 2025/11/26 2:31 p.m.11 views

Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist

South Korea's financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware. "This operation combined the capabilities of a major Ransomware-as-a-Service RaaS group, Qilin, with potential involvement from North...

6.6AI score
Exploits0
thn
thn
added 2025/11/26 11:55 a.m.7 views

When Your $2M Security Detection Fails: Can your SOC Save You?

Enterprises today are expected to have at least 6-8 detection tools, as detection is considered a standard investment and the first line of defense. Yet security leaders struggle to justify dedicating resources further down the alert lifecycle to their superiors. As a result, most organizations'...

7.3AI score
Exploits0
thn
thn
added 2025/11/26 11:10 a.m.9 views

Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps

Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that's capable of injecting a stealthy Solana transfer into a swap transaction and transferring the funds to an attacker-controlled cryptocurrency wallet. The extension, named Crypto Copilot, was first...

6.8AI score
Exploits0
thn
thn
added 2025/11/26 8:28 a.m.9 views

RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware

The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent. "This is the first time that a RomCom payload has been observed being distributed by SocGholish," Arctic Wolf Labs...

7AI score
Exploits0
thn
thn
added 2025/11/26 4:29 a.m.10 views

FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams

The U.S. Federal Bureau of Investigation FBI has warned that cybercriminals are impersonating financial institutions with an aim to steal money or sensitive information to facilitate account takeover ATO fraud schemes. The activity targets individuals, businesses, and organizations of varied size...

9.8CVSS8.8AI score0.99722EPSS
Exploits24
thn
thn
added 2025/11/25 4:49 p.m.17 views

Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys

New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JSONformatter and CodeBeautify that are used to format and validate code. Cybersecurity company...

6.7AI score
Exploits0
thn
thn
added 2025/11/25 2:18 p.m.10 views

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

Cybersecurity researchers are calling attention to a new campaign that's leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the guise of a "critical" Windows security update. "Campaign leverages fake adult websites xHamster,...

7.1AI score
Exploits0
thn
thn
added 2025/11/25 11:36 a.m.9 views

ToddyCat's New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens

The threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data belonging to target companies, including using a custom tool dubbed TCSectorCopy. "This attack allows them to obtain tokens for the OAuth 2.0 authorization protocol using the user's...

8.4CVSS8.6AI score0.02014EPSS
Exploits0
thn
thn
added 2025/11/25 11:30 a.m.10 views

3 SOC Challenges You Need to Solve Before 2026

2026 will mark a pivotal shift in cybersecurity. Threat actors are moving from experimenting with AI to making it their primary weapon, using it to scale attacks, automate reconnaissance, and craft hyper-realistic social engineering campaigns. The Storm on the Horizon Global world instability,...

7.5AI score
Exploits0
thn
thn
added 2025/11/25 11:28 a.m.6 views

Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware

Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information stealer known as StealC V2. "This ongoing operation, active for at least six months, involves implanting malicious .blend files on platforms like CGTrader,"...

6.7AI score
Exploits0
thn
thn
added 2025/11/25 6:42 a.m.14 views

CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday issued an alert warning of bad actors actively leveraging commercial spyware and remote access trojans RATs to target users of mobile messaging applications. "These cyber actors use sophisticated targeting and social...

9.8CVSS7AI score0.19972EPSS
Exploits10
thn
thn
added 2025/11/24 3:3 p.m.7 views

New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions

Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures. The security defects "allow attackers to bypass authentication, perform path traversal, achieve...

9.8CVSS8.7AI score0.28309EPSS
Exploits3
Total number of security vulnerabilities20912