-
Threat actors have successfully exploited a design flaw in GitHub’s fork architecture to distribute malware disguised as the legitimate GitHub Desktop installer. The attack chain begins with a deceptively simple but effective technique. Attackers…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A highly sophisticated infostealer malware disguised as a legitimate npm UI component library has been targeting developers through the ansi-universal-ui package. The malware, internally identified as “G_Wagon,” employs multi-stage obfuscat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory alerting the public to heightened risks of malicious cyber activity targeting disaster victims. As natural disasters strike communities, threat actors capitalize…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A surge in infrastructure deployment that mirrors the tactics of SLSH, a predatory alliance uniting three major threat actors: Scattered Spider, LAPSUS$, and ShinyHunters. A sophisticated identity-theft campaign has emerged, targeting Single Sign-On (S…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in the vm2 JavaScript sandbox library (versions ≤ 3.10.0) enables attackers to bypass sandbox protections and execute arbitrary code with full system privileges. The flaw exploits improper sanitization of Promise callback funct…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Approximately 6,000 vulnerable SmarterTools SmarterMail installations globally are all exposed to an actively exploited remote code execution vulnerability. The vulnerability, tracked as CVE-2026-23760, poses an immediate threat to organisations relyin…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Active exploitation of a critical vulnerability in React Server Components, tracked as CVE‑2025‑55182 (React2Shell), targeting companies across multiple industry sectors worldwide. React2Shell affects the Flight protocol, which facilitates client-serve…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Search engine optimization (SEO) poisoning techniques to trick users into downloading malicious software disguised as legitimate tools. This attack campaign involves manipulating search results to promote fake repositories and archives containing BAT e…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated deepfake-enabled phishing campaign is actively targeting Bitcoin users through fake Zoom and Microsoft Teams calls. The attackers are exploiting video conferencing, Telegram, and AI-generated identities to steal bitcoin and compromise v…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A class-action lawsuit filed in San Francisco federal court accuses Meta Platforms of systematically misleading billions of WhatsApp users about the protection of their messages. The complaint alleges that despite marketing claims of unbreakable end-to…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
