-
Telnyx Python SDK on PyPI, using a multi‑stage WAV steganography payload to steal credentials across Windows, macOS, and Linux systems. The backdoor lives in telnyx/_client.py and is triggered at module scope, so simply importing telnyx is enough to ex…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Check Point Research has discovered a critical zero-day vulnerability in the TrueConf video conferencing client. Tracked as CVE-2026-3502 with a CVSS score of 7.8, this flaw is currently being exploited in targeted attacks against government entities i…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A highly sophisticated npm supply chain attack that abuses a fake HTTP client package to deliver both a powerful RAT and a stealthy browser stealer. The malicious package, undicy-http@2.0.0, was uploaded to npm to impersonate undici, the official HTTP …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Artificial intelligence agents are transforming enterprise workflows, but they also introduce dangerous new attack vectors. Security researchers from Palo Alto Networks’ Unit 42 recently uncovered a significant vulnerability in Google Cloud Platform’s …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A maximum-severity vulnerability in Oracle WebLogic Server is facing rapid exploitation in the wild. Tracked as CVE-2026-21962, this unauthenticated Remote Code Execution (RCE) flaw carries a maximum CVSS score of 10.0. According to a recent honeypot s…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
XLoader’s developers have released new versions that significantly harden the malware’s code and hide its command‑and‑control (C2) traffic behind layers of encryption and decoy servers, making analysis and detection more difficult for defenders. This a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are increasingly turning legitimate Windows administration tools into stealthy weapons to disable antivirus and EDR before launching ransomware, making attacks faster, quieter, and harder to stop. Instead of dropping noisy custom malware upfron…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A severe supply chain attack has compromised the widely used Axios HTTP client on the npm registry. Attackers injected a malicious dependency into specific Axios releases, exposing millions of developers to a multi-stage remote access trojan capable of…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Dutch Ministry of Finance is actively managing a significant cybersecurity incident after discovering unauthorized access to its internal Information and Communication Technology (ICT) systems. The breach has prompted immediate defensive measures, …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are deploying a new Windows malware called ResokerRAT, a Telegram‑based Remote Access Trojan (RAT) that gives attackers stealthy remote control over infected systems. Instead of relying on a traditional command‑and‑control (C2) server, ResokerR…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
