Search results

Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that's capable of injecting a stealthy Solana transfer into a swap transaction and transferring the funds to an...

Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist South Korea's financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware. "This operation combined the capabilities of...

Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October 2025, the...

*** Hidden text: You do not have sufficient rights to view the hidden text. Visit the forum thread! ***

*** Hidden text: You do not have sufficient rights to view the hidden text. Visit the forum thread! ***

GitHub as the Entry Point: One Forgotten Salesloft Token Opened the Doors to Hundreds of Corporations' Data for Hackers The chain reaction of compromise has gone too far, forcing giants to burn their bridges. The escalating story around the data leak from the Salesforce ecosystem has taken a...

The T-Create P35S will turn your data to dust. But only if the enemy provides it with power. The emergence of external storage drives with instant data deletion features has long seemed like an element of spy movies, but manufacturers are increasingly offering such devices for real-world tasks...

⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and...

*** Hidden text: You do not have sufficient rights to view the hidden text. Visit the forum thread! ***

*** Hidden text: You do not have sufficient rights to view the hidden text. Visit the forum thread! ***

APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks as part of a nearly three-year...

CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing...

Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means of a new command-and-control (C2) platform called Matrix Push C2. "This...

New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices Cybersecurity researchers have disclosed details of a new Android banking trojan called Sturnus that enables credential theft and full device takeover to conduct financial fraud. "A key differentiator is its...

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001) A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday. The vulnerability in question...

ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we've seen arrests, spies at work, and big power moves online. Hackers are getting caught. Spies...

Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the...

Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued evolution...

Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild. The vulnerability in question is CVE-2025-13223...

A Chain of 0-day Vulnerabilities Found in Russia's TrueConf Server, Allowing Remote Code Execution Authorization flaws and a lack of login restrictions facilitate host takeover. 0-day vulnerabilities have been identified in the TrueConf Server corporate video conferencing system. Researchers...