-
North Korean threat group APT37 is using a new multi‑stage toolset to jump air‑gaps and conduct deep surveillance by abusing removable media, Ruby, and cloud services in a campaign Zscaler ThreatLabz tracks as “Ruby Jumper.” The campaign’s main goal i…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers at Truffle Security discovered that legacy public-facing Google API keys can silently gain unauthorized access to Google’s sensitive Gemini AI endpoints. This flaw exposes private files, cached data, and billable AI usage to …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Agent Tesla continues to cement its status as one of the most persistent remote access trojans (RATs) in the global threat landscape. Known for its data‑stealing capabilities and extensive distribution network, this malware remains a weapon of choice f…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A dangerous new scam is targeting Zoom users by exploiting their trust in video meeting invites. Over just twelve days, 1,437 Windows users unknowingly installed a malicious version of the Teramind monitoring agent after visiting a fake Zoom meeting pa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Marquis Software Solutions has filed a lawsuit against cybersecurity firm SonicWall, claiming a vulnerability in SonicWall’s cloud backup service led directly to a ransomware attack on its network. Filed in a Texas federal court, the complaint highligh…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Wireshark has released version 4.6.4, delivering security and stability fixes that address several denial‑of‑service risks and multiple crashes in protocol dissectors and tools. The update is recommended for all users, especially analysts working with …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenAI has confirmed that Chinese-linked operators misused ChatGPT as part of a broader campaign that blended cyber operations, online harassment, and covert influence tactics, according to its latest threat report “Disrupting malicious uses of AI.” …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated cloaking platform called 1Campaign, designed to help attackers run malicious Google Ads campaigns while evading detection. The service acts as a full‑service infrastructure for malvertising, filtering out researchers and automated scann…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Zyxel has rolled out critical security patches for multiple vulnerabilities affecting its 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, Security Routers, and Wireless Extenders. The flaws range from null pointer dereferences causing Denial-of-Service…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
ServiceNow has disclosed a critical security vulnerability in its AI Platform that could allow unauthenticated attackers to remotely execute code within the ServiceNow Sandbox environment. Tracked as CVE-2026-0542, the flaw was formally published on Fe…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
