How a Russian Threat Actor Uses a Recent WinRAR Vulnerability in Their Ukraine Operations

Today we’re taking a look at several malware samples from the advanced persistent threat group “Primitive Bear” aka “Gamaredon”. Primitive Bear is a Russian state-sponsored Advanced Persistent Thr...

Dec 1, 2025 APT

Glassworm malware returns in third wave of malicious VS Code packages

The Glassworm malware campaign, initially identified in October, has resurfaced for a third time, introducing 24 new malicious packages to the OpenVSX and Microsoft Visual Studio marketplaces. Thes...

Dec 1, 2025 MALWARE

Chinese Front Companies Providing Advanced Steganography Solutions for APT Operations

Recent analysis has exposed two Chinese technology companies, BIETA and CIII, that allegedly provide sophisticated steganography solutions to support advanced persistent threat campaigns.\n\nAnalys...

Dec 1, 2025 CYBER SECURITY

CVE-2025-61260 — OpenAI Codex CLI Command Injection via Project-Local Configuration

During testing, we found that Codex CLI will automatically load and execute MCP server entries from a project-local configuration whenever codex is run inside that repository. Concretely, if a repo...

Dec 1, 2025 VULNERABILITY

Over 2,000 Fake Shopping Sites Spotted Before Cyber Monday

The fake sites were identified by their suspicious resource usage and recurring templates. This operation includes two main groups: one with over 750 interconnected sites, 170 of which impersonate ...

Nov 30, 2025 CYBERSECURITY

North Korea-linked actors behind Contagious Interview uploaded 197 new malicious npm packages to distribute a new OtterCookie malware version.

North Korea-linked threat actors added 197 new malicious npm packages to spread updated OtterCookie malware as part of the ongoing Contagious Interview campaign, cybersecurity firm Socket warns. T...

Nov 30, 2025 APT

CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence ...

Nov 30, 2025 SECURITY

2025-11-29 Daily Vulns

NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2019-25226 Dongyoung Media Tech C...

Nov 29, 2025 VULNERABILITIES

ThreatsDay Bulletin - AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

The ShadowV2 botnet, based on Mirai, has resurfaced, targeting IoT devices across industries. Fortinet assesses that a recent campaign coinciding with an AWS outage in late October 2025 was likely ...

Nov 27, 2025 CYBERSECURITY

Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems

A new campaign, dubbed Shai-hulud 2.0, has been identified targeting cloud and developer ecosystems with a sophisticated malware variant. This updated version builds upon its predecessor by stealin...

Nov 27, 2025 MALWARE

Security researchers caution app developers about risks in using Google Antigravity

Google’s Antigravity, an AI agent development tool released on November 18th, is facing scrutiny due to newly discovered vulnerabilities. Security researchers are cautioning app developers about th...

Nov 27, 2025 SECURITY

Over 390 Abandoned iCalendar Sync Domains Could Expose ~4 Million Devices to Security Risks

If the domain hosting the calendar is abandoned and subsequently expires, it opens a dangerous vulnerability. Cybercriminals can re-register these expired domains, effectively hijacking the trust e...

Nov 27, 2025 CYBER SECURITY

House panels seek testimony from Anthropic, Google, Quantum Xchange after report on PRC-linked AI attack

Earlier this month, the Anthropic report assessed with high confidence that a state-sponsored cyber actor backed by the PRC executed an autonomous attack against the U.S. company using AI with mini...

Nov 27, 2025 TECHNOLOGY

Dead Man’s Switch – Widespread npm Supply Chain Attack Driving Malware Attacks

GitLab’s Vulnerability Research team has uncovered a large-scale supply chain attack spreading a destructive malware variant through the npm ecosystem. Once running, the malware aggressively harve...

Nov 27, 2025 CYBER SECURITY

Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan

Bloody Wolf, an actor active since at least late 2023, is expanding its operations in Central Asia, now targeting Kyrgyzstan and Uzbekistan with the NetSupport RAT. The group has been active since ...

Nov 27, 2025 CYBERSECURITY

Old tech, new vulnerabilities - NTLM abuse, ongoing exploitation in 2025

Microsoft’s NTLM authentication protocol, while largely superseded by Kerberos, remains a persistent security risk due to its continued use in legacy systems and ease of configuration. Attackers ar...

Nov 26, 2025 VULNS

Cyber-Attack Disrupts OnSolve CodeRED Emergency Notification System

A cyberattack targeting OnSolve’s CodeRED emergency notification system has disrupted services and potentially exposed user data across multiple US states. The breach forced Crisis24, the provider ...

Nov 26, 2025 CYBERSECURITY

2025-11-26 Daily Vulns

NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-33194 NVIDIA - DGX Spark ...

Nov 26, 2025 VULNERABILITIES

Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys

New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JS...

Nov 25, 2025 RESEARCH

Russian RomCom Utilizing SocGholish to Deliver Mythic Agent to U.S. Companies Supporting Ukraine

Source: Arctic Wolf Excerpt: In September 2025, Arctic Wolf® Labs identified a U.S.-based company that was targeted by RomCom threat actors via SocGholish, operated by TA569. While the typical ini...

Nov 25, 2025 APT