-
A sophisticated evolution of the ClearFake malware campaign has emerged, deploying advanced evasion techniques that abuse legitimate Windows components to bypass endpoint detection systems. The operation, which has compromised hundreds of websites sinc…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
LockBit 5.0 affiliate panel provide unprecedented visibility into the infrastructure of one of the world’s most notorious ransomware-as-a-service (RaaS) operations. Following the high-profile Operation Cronos disruption, security researchers have…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitLab has released critical security patches addressing multiple vulnerabilities affecting both Community Edition (CE) and Enterprise Edition (EE). Versions 18.8.2, 18.7.2, and 18.6.4 are now available to fix flaws that enable two-factor authenticatio…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
NVIDIA has released an urgent security update addressing a critical vulnerability in NSIGHT Graphics for Linux systems. The vulnerability, tracked as CVE-2025-33206, allows attackers to execute arbitrary code through command injection, posing significa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated campaign has weaponized over 2,500 variants of a legitimate security driver to disable endpoint protection before deploying ransomware and remote access trojans. Attackers are abusing truesight.sys, a kernel-mode driver from Adlice Soft…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated Linux malware framework developed almost entirely through artificial intelligence, marking the beginning of a new era in AI-powered threats. Unlike previous AI-generated malware linked to inexperienced threat actors, VoidLink represents…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
ErrTraffic is a Traffic Distribution System (TDS) designed to power ClickFix social engineering attacks. Unlike traditional fake update prompts, ErrTraffic deliberately breaks website visuals creating garbled text, distorted CSS, and cursor jitter to c…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new Magecart-style campaign is actively targeting e-commerce websites by injecting malicious JavaScript that intercepts and exfiltrates payment card data during checkout. The malicious script was hosted at cc-analytics[.]com/app.js and discovered on …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated PURELOGS infostealer campaign that weaponizes PNG image files to evade detection.The attack begins with a phishing email disguised as a pharmaceutical invoice containing a ZIP archive with a JScript (.js) file. Unlike browser-based Java…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated phishing campaign distributing a fileless variant of Remcos RAT, a commercial remote access tool offering extensive capabilities, including system resource management, remote surveillance, network management, and agent control. The camp…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
