A Browser Extension Risk Guide After the ShadyPanda Campaign
In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions...
Hacking
Category Added in a WPeMatico Campaign
Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector
î ‚Dec 15, 2025î „Ravie LakshmananMalware / Cybercrime Cybersecurity researchers have disclosed details of an active phishing campaign that's targeting a wide...
VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption
î ‚Dec 15, 2025î „Ravie LakshmananRansomware / Cybercrime The pro-Russian hacktivist group known as CyberVolk (aka GLORIAMIST) has resurfaced with a new...
CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks
î ‚Dec 13, 2025î „Ravie LakshmananNetwork Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity...
Webinar: How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes
î ‚Dec 10, 2025î „The Hacker NewsCloud Security / Threat Detection Cloud security is changing. Attackers are no longer just breaking down...
Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups
î ‚Dec 10, 2025î „Ravie LakshmananVulnerability / Malware The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw...
Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days
Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability...
Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws
î ‚Dec 10, 2025î „Ravie LakshmananVulnerability / Endpoint Security Fortinet, Ivanti, and SAP have moved to address critical security flaws in their...
North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware
Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical security React2Shell...
Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure
î ‚Dec 09, 2025î „Ravie LakshmananCybersecurity / Malware Four distinct threat activity clusters have been observed leveraging a malware loader known as...
Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading
î ‚Dec 09, 2025î „Ravie LakshmananRansomware / Endpoint Security The threat actor known as Storm-0249 is likely shifting from its role as...
How to Streamline Zero Trust Using the Shared Signals Framework
Zero Trust helps organizations shrink their attack surface and respond to threats faster, but many still struggle to implement it...
Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats
Google on Monday announced a set of new security features in Chrome, following the company's addition of agentic artificial intelligence...
STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware
Canadian organizations have emerged as the focus of a targeted cyber campaign orchestrated by a threat activity cluster known as...
Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data
î ‚Dec 09, 2025î „Ravie LakshmananMalware / Threat Analysis Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS...
![Sectigo New Public Roots and Issuing CAs Hierarchy [2025 Migration Guide]](https://certera.com/blog/wp-content/plugins/wp-postratings/images/stars/rating_on.gif)