-
A new hardware-based threat has emerged that disguises malicious code execution capabilities inside an ordinary computer mouse. Dubbed “EvilMouse,” this covert keystroke injector demonstrates how everyday peripherals can become powerful att…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybercrime group Muddled Libra (aka Scattered Spider, UNC3944). The contents of this rogue VM and activity from the attack provide valuable insight into the operational playbook of this threat actor. This single VM acted as the attackers’ beachhead…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
HPE Aruba Networking has issued a critical security advisory addressing multiple vulnerabilities in its Private 5G Core Platform that could allow attackers to create unauthorized administrative accounts, disrupt services, and access sensitive system in…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released Chrome 145 to the stable channel for Windows, Mac, and Linux systems, addressing 11 security vulnerabilities that could allow attackers to execute malicious code on affected systems. The update, announced on February 10, 2026, will …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in the popular WPvivid Backup & Migration plugin is putting more than 800,000 WordPress websites at risk of complete takeover through remote code execution (RCE) attacks. Tracked as CVE-2026-1357 and rated 9.8 on the CVSS s…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Palo Alto Networks has disclosed a PAN-OS firewall vulnerability that can let remote attackers force repeated reboots, potentially pushing a device into a “reboot loop” that ends in maintenance mode. Tracked as CVE-2026-0229, the issue sits in the Adva…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly discovered malicious NPM package, dubbed duer-js , is being used to distribute an advanced information‑stealing malware that primarily targets Windows systems and Discord users. Published by the user “luizaearlyx”, the package contains a custom…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Lazarus Group’s latest software supply chain operation is using fake recruiter lures and popular open‑source ecosystems to deliver malware to cryptocurrency‑focused developers quietly. The campaign, dubbed graphalgo, abuses GitHub, npm, and PyPI to hid…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A dormant Microsoft Outlook add-in has been weaponized by attackers to steal thousands of login credentials and credit card numbers. The incident, identified by security researchers as the first known malicious Office add-in found in the wild, exposed …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fake CAPTCHA attacks are now a key entry point for a new wave of LummaStealer infections, with CastleLoader loaders turning simple web clicks into full system compromise. Less than a year after a major law-enforcement takedown, the infostealer’s operat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
