Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts
Dec 04, 2025Ravie LakshmananDDoS Attacks / Network Security Cloudflare on Wednesday said it detected and mitigated the largest ever distributed...
2025Ravie
Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution
Dec 03, 2025Ravie LakshmananVulnerability / Cloud Security A maximum-severity security flaw has been disclosed in React Server Components (RSC) that,...
Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code
Dec 03, 2025Ravie LakshmananMachine Learning / Vulnerability Three critical security flaws have been disclosed in an open-source utility called Picklescan...
Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems
Dec 03, 2025Ravie LakshmananMalware / Web3 Security Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows,...
India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse
Dec 02, 2025Ravie LakshmananRegulatory Compliance / Online Safety India's Department of Telecommunications (DoT) has issued directions to app-based communication service...
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
Dec 02, 2025Ravie LakshmananMalware / Blockchain The supply chain campaign known as GlassWorm has once again reared its head, infiltrating...
Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
Dec 02, 2025Ravie LakshmananAI Security / Software Supply Chain Cybersecurity researchers have disclosed details of an npm package that attempts...
Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild
Dec 02, 2025Ravie LakshmananMobile Security / Vulnerability Google on Monday released monthly security updates for the Android operating system, including...
India Orders Phone Makers to Pre-Install Sanchar Saathi App to Tackle Telecom Fraud
Dec 01, 2025Ravie LakshmananSurveillance / National Security India's telecommunications ministry has reportedly asked major mobile device manufacturers to preload a...
⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
Dec 01, 2025Ravie LakshmananHacking News / Cybersecurity Hackers aren't kicking down the door anymore. They just use the same tools...
Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets
Dec 01, 2025Ravie LakshmananMalware / Threat Intelligence The threat actor known as Tomiris has been attributed to attacks targeting foreign...
CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV
Nov 30, 2025Ravie LakshmananHacktivism / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities...
Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
Nov 28, 2025Ravie LakshmananMalware / Vulnerability Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave...
North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware
Nov 28, 2025Ravie LakshmananSupply Chain Attack / Malware The North Korean threat actors behind the Contagious Interview campaign have continued...
MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants
Nov 28, 2025Ravie LakshmananEmail Security / Enterprise Security Cybersecurity researchers have shed light on a cross-tenant blind spot that allows...
