-
A new Windows stealer dubbed BoryptGrab is being distributed through a large, ongoing campaign abusing fake GitHub repositories that pose as free tools, game cheats, and popular utilities. The malware focuses on stealing browser data, cryptocurrency wa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Iran-linked threat actors are escalating cyber operations against U.S. and allied networks, with Seedworm recently deploying new backdoors against critical infrastructure and high-value organizations amid the current regional conflict. Activity associa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A highly sophisticated cyber espionage group, designated as CL-UNK-1068, has been actively targeting critical infrastructure across South, Southeast, and East Asia since at least 2020. Originating from China, the threat actors focus on high-value secto…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Two high-severity vulnerabilities have been discovered in Vaultwarden, a widely used alternative Bitwarden server implementation written in Rust. These security flaws, tracked as CVE-2026-27803 and CVE-2026-27802, allow compromised Manager accounts to …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apache ZooKeeper, a centralized service used for maintaining configuration information and naming in distributed systems, has received critical security updates. The Apache Software Foundation recently addressed two “Important” severity vul…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A large-scale spear-phishing campaign distributing a VIP Keylogger variant sold as Malware-as-a-Service (MaaS). The campaign employs steganography, in-memory execution, and modular payload design to evade defenses while harvesting credentials across br…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
ClipXDaemon is a new Linux malware family that hijacks cryptocurrency clipboard data in X11 sessions, operating fully offline without any command‑and‑control (C2) infrastructure. It reuses a ShadowHS-style loader built with the public bincrypter framew…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A wave of fraudulent account registrations to a cybercrime ecosystem operating out of Vietnam. These fake accounts are not just spam; they underpin large-scale financial fraud, phishing, and interpersonal scams that erode trust in online platforms. Att…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical Cross-Site Scripting (XSS) vulnerability has been discovered in ZITADEL, a popular open-source identity and access management platform. Tracked as CVE-2026-29191 with a Critical severity rating, this flaw resides in the platform’s logi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw has been discovered in Nginx UI that allows unauthenticated threat actors to download and decrypt complete system backups. Tracked as CVE-2026-27944, this vulnerability carries a maximum critical severity score of 9.8 out of 10…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
