SECURITY 255
- Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users
- Notepad++ Hijacked by State-Sponsored Hackers
- Android RAT Uses Hugging Face to Host Malware
- Phishing kits adapt to the script of callers
- I'm locked in!
- Disrupting Largest Residential Proxy Network
- Clawdbot’s rename to Moltbot sparks impersonation campaign
- Old Windows quirks help punch through new admin defenses
- CVE-2025-40551 - Another Solarwinds Web Help Desk Deserialization Issue
- Critical sandbox escape flaw found in popular vm2 NodeJS library
- Chrome Extensions - Are you getting more than you bargained for?
- 1Password Adds Pop-Up Warnings for Suspected Phishing Sites
- Was Nike hacked? Attackers threaten to leak apparel giants’ data
- Investigation underway after 72M Under Armour records surface online
- Fortinet warns of active FortiCloud SSO bypass affecting updated devices
- Osiris - New Ransomware, Experienced Attackers?
- KONNI Adopts AI to Generate PowerShell Backdoors
- Online retailer PcComponentes says data breach claims are fake
- Don't click on the LastPass 'create backup' link - it's a scam
- Damn Vulnerable' Training Apps Leave Vendors' Clouds Exposed
- Critical TP-Link VIGI camera flaw allowed remote takeover of surveillance systems
- Ingram Micro admits summer ransomware raid exposed thousands of staff records
- Mandiant releases quick credential cracker, to hasten the death of a bad protocol
- RPi-Jukebox-RFID 2.8.0 - Remote Command Execution
- Fast Pair, loose security - Bluetooth accessories open to silent hijack
- Inside RedVDS - How a single virtual desktop provider fueled worldwide cybercriminal operations
- A single click mounted a covert, multistage attack against Copilot
- Electrum Kamacite Ten Years Adversary Tradecraft Intel Report 01 26
- Hacker gets seven years for breaching Rotterdam and Antwerp ports
- Instagram denies breach amid claims of 17 million account data leak
- Phishing Campaign Uses Maduro Arrest Story to Deliver Backdoor Malware
- Public PoC prompts Cisco patch for ISE, ISE-PIC vulnerability
- High-Severity Flaw in Open WebUI Affects AI Connections
- Risks of OOB Access via IP KVM Devices
- NordVPN Denies Breach After Hacker Claims Access to Salesforce Dev Data
- Prince of Persia ran a covert Iranian spy campaign for over a decade
- Hackers attack WatchGuard Firebox firewalls 120K IPs exposed and vulnerable
- RansomHouse upgrades encryption with multi-layered data processing
- Zeroday Cloud hacking event awards $320,0000 for 11 zero days
- WhatsApp device linking abused in account hijacking attacks
- 8M VPN users just got their AI chats wiped and sold
- Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity
- 700,000 Records Compromised in Askul Ransomware Attack
- Atlassian Patches Critical Apache Tika Flaw
- Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw
- US military contractor breach expose employee data
- Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs
- Despite Microsoft’s secret patch, LNK loophole remains viable for hackers to deliver malware
- King Addons flaw lets anyone become WordPress admin
- Not Location, Not Tunnel, but a Secret Third Thing - Datacenter Infrastructure & Identity Attacks
- Google fixes two Android zero days exploited in attacks, 107 flaws
- CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV
- Security researchers caution app developers about risks in using Google Antigravity
- FBI - Cybercriminals stole $262M by impersonating bank support teams
- FAQ About Sha1-Hulud 2.0 The "Second Coming" of the npm Supply-Chain Campaign
- Security Affairs newsletter Round 551 by Pierluigi Paganini – INTERNATIONAL EDITION
- Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update
- WhatsApp API flaw let researchers scrape 3.5 billion accounts
- ShinyHunters 'does not like Salesforce at all,' claims the crew accessed Gainsight 3 months ago
- Sturnus - New Android banking trojan targets WhatsApp, Telegram, and Signal
- WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide
- Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)
- Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year
- U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog
- Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data
- No Place Like Localhost Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480
- Dangerous runC flaws could allow hackers to escape Docker containers
- Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware
- Gootloader malware back for the attack, serves up ransomware
- GlassWorm Returns New Wave Strikes as We Expose Attacker Infrastructure
- How an Attacker Drained 28M from Balancer Through Rounding Error Exploitation
- Google warns of new AI-powered malware families deployed in the wild
- Exploited ‘Post SMTP’ Plugin Flaw Exposes WordPress Sites to Takeover
- Critical flaws in Fuji Electric, Delta Electronics, Survision, Radiometrics, IDIS systems raise security concerns for industrial sector
- Russian spies pack custom malware into hidden VMs on Windows machines
- Hackers use RMM tools to breach freighters and steal cargo shipments
- Claude AI APIs Can Be Abused for Data Exfiltration
- Penn hacker claims to have stolen 1.2 million donor records in data breach
- Proton Uncovers Hidden Data Leaks From the Dark Web
- New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL
- Massive risk 92% of Exchange servers in Germany unprotected after Microsoft support ends
- Hackers exploiting Windows updates Microsoft urges users to patch
- Europol Warns of Rising Threat From Caller ID Spoofing Attacks
- Hackers exploiting critical vulnerability in Windows Server Update Service
- TARmageddon Flaw in Popular Rust Library Leads to RCE
- TP-Link warns of critical command injection flaw in Omada gateways
- Hackers exploit 34 zero-days on first day of Pwn2Own Ireland
- Self-spreading GlassWorm malware hits OpenVSX, VS Code registries
- Russian Lynk group leaks sensitive UK MoD files, including info on eight military bases
- PoC Exploit Released for Windows Server Update Services Remote Code Execution Vulnerability
- Whisper 2FA Behind One Million Phishing Attempts Since July
- F5 releases BIG-IP patches for stolen security vulnerabilities
- RMPocalypse Single 8-Byte Write Shatters AMD's SEV-SNP Confidential Computing
- New Android Pixnapping attack steals MFA codes pixel-by-pixel
- Attackers exploit valid logins in SonicWall SSL VPN compromise
- Threat actors steal firewall configs, impacting all SonicWall Cloud Backup users
- Hackers now use Velociraptor DFIR tool in ransomware attacks
- Hackers leveraging Teams to drop malware, steal data, Microsoft warns
- Foreign threat actors adopting ChatGPT, AI to bolster "old playbook" of attacks, OpenAI finds
- The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn
- Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation
- Microsoft Critical GoAnywhere bug exploited in ransomware attacks
- Ghost in the Cloud Weaponizing AWS X-Ray for Command & Control
- Red Hat confirms security incident after hackers claim GitHub breach
- Massive network of 30,000 websites filters victims before delivering scams or malware
- VMware virtual machines under attack hackers may have exploited zero-day for months
- New MatrixPDF toolkit turns PDFs into phishing and malware lures
- $50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections
- CISA issues Emergency Directive requiring federal agencies to mitigate critical Cisco ASA zero-day vulnerabilities
- Dutch teens arrested for trying to spy on Europol for Russia
- NCSC warns of persistent malware campaign [RayInitiator and LINE VIPER] targeting Cisco devices
- Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials
- Cisco warns of IOS zero-day vulnerability exploited in attacks
- US Secret Service dismantled covert communications network near the U.N. in New York
- SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw
- PyPI urges users to reset credentials after new phishing attacks
- Microsoft Fixed Entra ID Vulnerability Allowing Global Admin Impersonation
- New EDR-Freeze tool uses Windows WER to suspend security software
- Microsoft Entra ID flaw allowed hijacking any company's tenant
- ShadowLeak Radware Uncovers Zero-Click Attack on ChatGPT
- Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware
- ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks
- Apple backports fix for actively exploited CVE-2025-43300
- 40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials
- FBI warns of UNC6040, UNC6395 hackers stealing Salesforce data
- Samsung patches actively exploited zero-day reported by WhatsApp
- Huntress's 'hilarious' attacker surveillance splits infosec community
- DELMIA Factory Software Vulnerability Exploited in Attacks
- Popular AI chatbots leaking data millions of users could be affected
- Malicious npm Code Reached 10% of Cloud Environments
- KillSec Ransomware is Attacking Healthcare Institutions in Brazil
- ICS Patch Tuesday Rockwell Automation Leads With 8 Security Advisories
- Microsoft Patch Tuesday, September 2025 Edition
- GhostAction Supply Chain Attack Compromises 3000+ Secrets
- iCloud Calendar abused to send phishing emails from Apple’s servers
- US offers $10 million bounty for info on Russian FSB hackers
- Google fixes actively exploited Android flaws in September update
- Azure AD Credentials Exposed in Public App Settings File
- Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info
- Hidden Commands in Images Exploit AI Chatbots and Steal Data
- WhatsApp patches vulnerability exploited in zero-day attacks
- Velociraptor incident response tool abused for remote access
- Nissan confirms design studio data breach claimed by Qilin ransomware
- Hook Version 3 The Banking Trojan with The Most Advanced Capabilities
- Critical Docker Desktop flaw lets attackers hijack Windows hosts
- Anatsa Android Banking Trojan Now Targeting 830 Financial Apps
- APT36 hackers abuse Linux .desktop files to install malware in new attacks
- Hackers Weaponize QR Codes Embedded with Malicious Links to Steal Sensitive Information
- Major password managers can leak logins in clickjacking attacks
- New Research Links VPN Apps, Highlights Security Deficiencies
- Legitimate Chrome VPN Extension Turns to Browser Spyware
- Web Hosting Firms in Taiwan Attacked by Chinese APT for Access to High-Value Targets
- Researcher to release exploit for full auth bypass on FortiWeb
- Critical RCE Vulnerability in Cisco Firewall Management Software Under Active Exploitation
- PhantomCard New NFC-driven Android malware emerging in Brazil
- North Korean Kimsuky hackers exposed in alleged data breach
- Netherlands Citrix NetScaler Flaw CVE-2025-6543 Exploited to Breach Critical Organizations
- Cybersecurity Firm Profero Cracks DarkBit Ransomware Encryption
- New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP
- Google's August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild
- U.S. Judiciary confirms breach of court electronic records service
- Google suffers data breach in ongoing Salesforce data theft attacks
- SonicWall investigates possible zero-day amid Akira ransomware surge
- Cursor IDE Persistent Code Execution via MCP Trust Bypass
- Cisco Says User Data Stolen in CRM Hack
- Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons
- LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code
- Fake Telegram Premium Site Distributes New Lumma Stealer Variant
- Critical Vulnerability in NestJS Devtools Localhost RCE via Sandbox Escape
- AI-powered Cursor IDE vulnerable to prompt-injection attacks
- Dahua Camera flaws allow remote hacking. Update firmware now
- UNC2891 Bank Heist Physical ATM Backdoor & Linux Forensic Evasion Evasion
- ShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMH
- Struts Devmode in 2025? Critical Pre-Auth Vulnerabilities in Adobe Experience Manager Forms
- Organizations Warned of Exploited PaperCut Flaw
- Attackers Actively Exploiting Critical Vulnerability in Alone Theme
- ToxicPanda The Android Banking Trojan Targeting Europe
- ToolShell An all-you-can-eat buffet for threat actors
- US nuclear weapons agency hacked in Microsoft SharePoint attacks
- How We Accidentally Discovered a Remote Code Execution Vulnerability in ETQ Reliance
- Microsoft Fix Targets Attacks on SharePoint Zero-Day
- Livewire Flaw Puts Millions of Laravel Apps at Risk of RCE Attacks
- Four new Android spyware samples linked to Iran's intel agency
- Dell confirms breach of test lab platform by World Leaks extortion group
- Follow-Up Cisco Updates Advisory with Additional Maximum Severity Unauthenticated RCE in ISE and ISE-PIC (CVE-2025-20337)
- The Linuxsys Cryptominer
- Mobile Forensics Tool Used by Chinese Law Enforcement Dissected
- Flaw in Signal App Clone Could Leak Passwords — GreyNoise Identifies Active Reconnaissance and Exploit Attempts
- Tracking Protestware Spread 28 npm Packages Affected by Payload Targeting Russian-Language Users
- Threat Actors Exploit SVG Files in Stealthy JavaScript Redirects
- The Good, the Bad, and the Encoding An SS7 Bypass Attack
- Google Gemini Tricked Into Showing Phishing Message Hidden in Email
- Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
- Nvidia warns its GPUs – even Blackwells – need protection against Rowhammer attacks
- Ransomware Delivered Through GitHub A PowerShell-Powered Attack
- Fix the Click Preventing the ClickFix Attack Vector
- AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs
- PerfektBlue 1-click RCE attack
- Critical RCE Vulnerability in mcp-remote CVE-2025-6514 Threatens LLM Clients
- Attackers Inject Code into WordPress Theme to Redirect Visitors
- Malicious pull request infects VS Code extension
- Animation-Driven Tapjacking on Android
- Hackers abuse leaked Shellter red team tool to deploy infostealers
- Ingram Micro outage caused by SafePay ransomware attack
- Critical Sudo bugs expose major Linux distros to local Root exploits
- Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
- Okta observes v0 AI tool used to build phishing sites
- Critical ICS vulnerabilities threaten Mitsubishi Electric and TrendMakers hardware across commercial facilities
- Zero-day Bluetooth gap turns millions of headphones into listening stations
- Taking the shine off BreachForums
- Supply Chain Incident Imperils Glasgow Council Services and Data
- Gogs Remote Command Execution Vulnerability (CVE-2024-56731)
- Decrement by one to rule them all AsIO3.sys driver exploitation
- Cisco ISE Vulnerability Allows Remote Attackers to Execute Malicious Commands
- Realtek Bluetooth Flaw Allows Attackers to Launch DoS Attacks During Pairing
- Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack
- Cybercriminals Abuse Open-Source Tools To Target Africa’s Financial Sector
- SparkKitty, SparkCat’s little brother A new Trojan spy found in the App Store and Google Play
- Threat actor Banana Squad exploits GitHub repos in new campaign
- Famous Chollima deploying Python version of GolangGhost RAT
- Washington Post's email system hacked, journalists' accounts compromised
- VMOSX Data Leak Info of Thousands of Mac Cloud Users Potentially Exposed Online
- Tenable Fixes Three High-Severity Flaws in Vulnerability Scanner Nessus
- Kali Linux 2025.2 released with 13 new tools, car hacking updates
- Paraguay is Being Targeted by Cybercriminals - 7.4 Million Citizen Records for Sale
- Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
- New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches
- Inside FluxPanel How Phishing Enables Real-Time Ecommerce Checkout Hijacks
- Don't Get Caught in the Headlights - DeerStealer Analysis
- Over 80,000 servers hit as Roundcube RCE bug gets rapidly exploited
- NTLM reflection is dead, long live NTLM reflection! – An in-depth analysis of CVE-2025-33073
- Attackers Unleash TeamFiltration Account Takeover Campaign (UNK_SneakyStrike) Leverages Popular Pentesting Tool
- The Evolution of Linux Binaries in Targeted Cloud Operations
- Security Flaws in eMagicOne Store Manager for WooCommerce in WordPress (CVE-2025-5058 and CVE-2025-4603)
- Flask Phishing Kit Targeted Credential Theft Using Open-Source Technology
- Coordinated Brute Force Activity Targeting Apache Tomcat Manager Indicates Possible Upcoming Threats
- iMessage Zero-Click Attacks Suspected in Targeting of High-Value Individuals
- Two Botnets, One Flaw Mirai Spreads Through Wazuh Vulnerability
- Sleep with one eye open how Librarian Ghouls steal data by night
- PayU Plugin Flaw Allows Account Takeover on 5000 WordPress Sites
- Grocery wholesale giant United Natural Foods hit by cyberattack
- Operation DRAGONCLONE Chinese Telecommunication industry targeted via VELETRIX & VShell malware
- Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721
- Unmasking Insecure HTTP Data Leaks in Popular Chrome Extensions
- ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware
- Android Spyware Alert! Fake government app targeting Android users in India!
- Fake WordPress Caching Plugin Used to Steal Admin Credentials
- Criminals Bribed Outsourced Contractors to Steal Coinbase User Data
- Victims risk AsyncRAT infection after being redirected to fake Booking.com sites
- Qualcomm fixes three Adreno GPU zero-days exploited in attacks
- XSSing TypeErrors in Safari
- Zanubis in motion Tracing the active evolution of the Android banking malware
- MATLAB dev confirms ransomware attack behind service outage
- DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers
- Bypassing MTE with CVE-2025-0072