ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens
Nov 25, 2025Ravie LakshmananMalware / Vulnerability The threat actor known as ToddyCat has been observed adopting new methods to obtain...
Hacking
Category Added in a WPeMatico Campaign
3 SOC Challenges You Need to Solve Before 2026
2026 will mark a pivotal shift in cybersecurity. Threat actors are moving from experimenting with AI to making it their...
Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware
Nov 25, 2025Ravie LakshmananMalware / Browser Security Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender...
CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users
Nov 25, 2025Ravie LakshmananSpyware / Mobile Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert...
New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions
Nov 24, 2025Ravie LakshmananVulnerability / Container Security Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight...
Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
Nov 24, 2025Ravie LakshmananCloud Security / Vulnerability Multiple security vendors are sounding the alarm about a second wave of attacks...
⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More
Nov 24, 2025Ravie LakshmananCybersecurity / Hacking News This week saw a lot of new cyber trouble. Hackers hit Fortinet and...
Chinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or Uyghurs
New research from CrowdStrike has revealed that DeepSeek's artificial intelligence (AI) reasoning model DeepSeek-R1 produces more security vulnerabilities in response...
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
Nov 24, 2025Ravie LakshmananMalware / Vulnerability A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been...
China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services
Nov 22, 2025Ravie LakshmananCyber Espionage / Cloud Security The China-linked advanced persistent threat (APT) group known as APT31 has been...
Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks
Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means of a...
CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
Nov 22, 2025Ravie LakshmananZero-Day / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical...
Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
Nov 21, 2025Ravie LakshmananVulnerability / Threat Mitigation Grafana has released security updates to address a maximum severity security flaw that...
Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security
Nov 21, 2025Ravie LakshmananData Protection / Technology In a surprise move, Google on Thursday announced that it has updated Quick...
Why IT Admins Choose Samsung for Mobile Security
Nov 21, 2025The Hacker NewsMobile Security / Data Protection Ever wonder how some IT teams keep corporate data safe without...
