-
New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS
Threat actors are expanding the scope of ClickFix social engineering campaigns by leveraging DNS infrastructure to deliver malware, marking the first documented case of DNS being used as a payload delivery channel in this attack framework. The technique represents a…
-
ZeroDayRAT malware grants full access to Android, iOS devices
A newly advertised commercial mobile spyware platform known as ZeroDayRAT is being promoted within cybercriminal communities as a tool capable of delivering full remote access to compromised Android and iOS devices. Marketed via underground channels on Telegram, the malware exemplifies…
-
Exposed MongoDB instances still targeted in data extortion attacks
Exposed MongoDB instances continue to be actively targeted in automated data extortion campaigns, with attackers demanding relatively small Bitcoin ransoms in exchange for alleged data restoration. Despite years of warnings and prior large-scale incidents, misconfigured databases remain a persistent and…
-
Hugging Face abused to spread thousands of Android malware variants
A large-scale Android malware campaign has been uncovered that abuses Hugging Face as a distribution channel for thousands of malicious APK variants designed to steal credentials from popular financial and payment services. The operation highlights how trusted developer platforms are…
-
Hackers exploit critical telnetd auth bypass flaw to get root
An authentication bypass vulnerability in SmarterTools’ SmarterMail email server is now being actively exploited, allowing attackers to reset administrator passwords and take full control of affected systems. The flaw enables unauthenticated threat actors to hijack admin accounts and achieve complete…
-
SmarterMail auth bypass flaw now exploited to hijack admin accounts
An authentication bypass vulnerability in SmarterTools’ SmarterMail email server is now being actively exploited, allowing attackers to reset administrator passwords and take full control of affected systems. The flaw enables unauthenticated threat actors to hijack admin accounts and achieve complete…
-
New Windows updates replace expiring Secure Boot certificates
Microsoft has begun automatically rotating expiring Secure Boot certificates on eligible systems running Windows 11 versions 24H2 and 25H2, marking a critical step in maintaining platform integrity and pre-boot security across modern Windows environments. Secure Boot certificate lifecycle and security…
-
Target’s dev server offline after hackers claim to steal source code
Hackers are claiming to be in possession of internal source code belonging to Target Corporation, after publishing what appears to be a limited sample of private repositories on a public software development platform. The incident has drawn significant attention within…
-
WebRAT malware spread via fake vulnerability exploits on GitHub
WebRAT malware is actively being distributed through malicious GitHub repositories that masquerade as proof-of-concept (PoC) exploits for recently disclosed vulnerabilities. This campaign highlights a growing trend in which threat actors weaponize public vulnerability disclosures and developer trust in open-source platforms…
Must-Read Posts
- ‘PlushDaemon’ hackers hijack software updates in supply-chain attacks
- Adidas warns of data breach after customer service provider hack
- AI Cuts vCISO Workload by 68% as Demand Skyrockets, New Report Finds
- AI in Cybersecurity: Revolutionizing Defense Against Emerging Threats
- Apiiro unveils free scanner to detect malicious code merges
