-
A Brazilian cybercriminal group has refined its long-running malware distribution campaign by incorporating innovative social engineering techniques and multi-stage infection chains to deliver the Lampion banking trojan. The campaign, which has operate…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researcher Jofpin has disclosed “Brash,” a critical flaw in Google’s Blink rendering engine that enables attackers to crash Chromium-based browsers almost instantly. Affecting billions of users worldwide, this architectural weakness exploits unchecked updates to the document.title API, overwhelming the browser’s main thread and triggering system-wide denial of service without sophisticated tools or privileges. The […] The post Critical Vulnerability in Chromium’s Blink Let Attackers Crash Chromium-based Browsers Within Seconds appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have discovered a critical architectural flaw in the Blink rendering engine that powers Chromium-based browsers, exposing over 3 billion users to denial-of-service attacks. The vulnerability, called Brash, allows malicious act…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Jenkins automation server users face critical security threats following the disclosure of 14 distinct vulnerabilities spanning multiple plugins. The security advisory reveals a widespread pattern of authentication bypass mechanisms, missing permission…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have uncovered a sophisticated Windows malware family dubbed Airstalk, which leverages legitimate mobile device management infrastructure to establish covert command-and-control communications and exfiltrate sensitive browser …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated cybercrime campaign leveraging Near Field Communication technology has exploded across multiple continents, with researchers at zLabs identifying over 760 malicious Android applications designed to steal banking credentials and facilita…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malware campaign targeting developers has been operating since August 2025, deploying 126 malicious npm packages that have collectively accumulated over 86,000 downloads. The attack, now identified as PhantomRaven, has been actively harvesting npm authentication tokens, GitHub credentials, and CI/CD pipeline secrets from developers across the globe while employing advanced detection evasion techniques that […] The post PhantomRaven Attack Involves 126 Malicious npm Packages with Over 86,000 Downloads Hiding Malicious Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability in Redis’s Lua scripting engine has left thousands of database instances vulnerable to remote code execution attacks. The RediShell RCE vulnerability, tracked as CVE-2025-49844, was publicly disclosed in early Oc…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated botnet campaign has compromised more than 25,000 IoT devices across 40 countries while establishing 140 command-and-control servers to facilitate cybercrime operations. The PolarEdge botnet, first disclosed in February 2025, exploits vulnerable IoT and edge devices to construct an Operational Relay Box network that provides infrastructure-as-a-service for advanced persistent threat actors. The malware operates […] The post PolarEdge Botnet Infected 25,000+ Devices and 140 C2 Servers Exploiting IoT Vulnerabilities appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has addressed a critical privilege escalation vulnerability affecting Windows environments worldwide. Attackers can exploit misconfigured Service Principal Names (SPNs) combined with Kerberos reflection attacks to gain SYSTEM-level access on …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
