-
Seven new BPFDoor variants that push Linux backdoor tradecraft deep into the kernel, making them harder to spot in large telecom networks. These implants use Berkeley Packet Filters (BPF) to quietly inspect traffic inside the operating system kernel, w…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have discovered critical vulnerabilities in the Windmill developer platform and Nextcloud Flow, an integration embedding the Windmill engine. These severe flaws allow remote attackers to take full control of affected systems w…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are increasingly abusing Kubernetes misconfigurations to jump from containers into high‑value cloud accounts, turning a single compromised pod into full cloud‑level access. This trend is accelerating rapidly, with Kubernetes‑related identity ab…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly discovered vulnerability dubbed “GPUBreach” demonstrates that GPU-based Rowhammer attacks can now achieve complete system compromise. Scheduled for presentation at the IEEE Symposium on Security & Privacy in 2026, University of …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are abusing a fake Gemini-themed npm package to steal tokens and secrets from developers using AI coding tools like Claude, Cursor, Windsurf, PearAI, and others. The README text was copied from the unrelated chai-await-async library, a mismatch…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are abusing a critical React2Shell vulnerability in Next.js applications to run an automated credential‑theft operation that has already compromised at least 766 servers in under 24 hours. The threat activity is tracked as “UAT‑10608”. It relie…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are using a deceptive technique known as “ClickFix” to deliver a sophisticated Node. js-based remote access Trojan (RAT) targeting Windows users. ClickFix, which gained popularity in early 2025, tricks users into interacting with fake CAPTCHA o…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has rolled out its April 2026 Android Security Bulletin, addressing multiple vulnerabilities across the mobile operating system. The most alarming discovery this month is a critical security flaw in the Android Framework that allows attackers to…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw in Flowise, a popular open-source AI development platform, is currently being exploited in the wild. Tracked as CVE-2025-59528, this code injection vulnerability carries a maximum CVSS score of 10.0. It allows remote attackers …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fake software installers are being used in a long-running malware operation to drop remote access trojans (RATs), Monero cryptominers, and a new .NET implant across multiple campaigns dating back to late 2023. REF1695 relies on ISO-based fake installer…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
