Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data
Dec 16, 2025Ravie LakshmananCybersecurity / Cryptocurrency Cybersecurity researchers have discovered a new malicious NuGet package that typosquats and impersonates the...
Dec
Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure
Dec 16, 2025Ravie LakshmananCloud Security / Vulnerability Amazon's threat intelligence team has disclosed details of a "years-long" Russian state-sponsored campaign...
Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass
Dec 16, 2025Ravie LakshmananNetwork Security / Vulnerability Threat actors have begun to exploit two newly disclosed security flaws in Fortinet...
Google to Shut Down Dark Web Monitoring Tool in February 2026
Dec 16, 2025Ravie LakshmananDark Web / Online Safety Google has announced that it's discontinuing its dark web report tool in...
FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE
Dec 15, 2025Ravie LakshmananVulnerability / Software Security Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX)...
⚡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More
Dec 15, 2025Ravie LakshmananHacking News / Cybersecurity If you use a smartphone, browse the web, or unzip files on your...
Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector
Dec 15, 2025Ravie LakshmananMalware / Cybercrime Cybersecurity researchers have disclosed details of an active phishing campaign that's targeting a wide...
VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption
Dec 15, 2025Ravie LakshmananRansomware / Cybercrime The pro-Russian hacktivist group known as CyberVolk (aka GLORIAMIST) has resurfaced with a new...
CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks
Dec 13, 2025Ravie LakshmananNetwork Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity...
Webinar: How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes
Dec 10, 2025The Hacker NewsCloud Security / Threat Detection Cloud security is changing. Attackers are no longer just breaking down...
Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups
Dec 10, 2025Ravie LakshmananVulnerability / Malware The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw...
Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws
Dec 10, 2025Ravie LakshmananVulnerability / Endpoint Security Fortinet, Ivanti, and SAP have moved to address critical security flaws in their...
Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure
Dec 09, 2025Ravie LakshmananCybersecurity / Malware Four distinct threat activity clusters have been observed leveraging a malware loader known as...
Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading
Dec 09, 2025Ravie LakshmananRansomware / Endpoint Security The threat actor known as Storm-0249 is likely shifting from its role as...
Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data
Dec 09, 2025Ravie LakshmananMalware / Threat Analysis Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS...
