-
A China-linked threat group known as Silver Fox is running a new wave of cyber campaigns using fake tax audit notifications and software update lures to deliver malware across Asia. Active since at least 2022, the group initially focused on financially…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft announced a major evolution for Copilot in Outlook, shifting the tool from a passive assistant to an autonomous agent. Instead of simply drafting emails or summarizing threads on command, the AI now actively manages ongoing daily tasks. This …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Chinese-language phishing-as-a-service (PhaaS) platforms are rapidly expanding their global reach by leveraging SMS and over-the-top (OTT) messaging channels such as iMessage and Rich Communication Services (RCS). Over the past several months, research…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A significant evolution in Sandworm (APT-C-13) tradecraft, revealing the group’s use of SSH-over-Tor tunneling to achieve long-term, covert persistence inside targeted networks. Sandworm, also known as FROZENBARENTS, is a state-sponsored threat group a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
WhatsApp is actively developing an independent, first-party cloud backup service featuring mandatory end-to-end encryption. This upcoming feature aims to reduce users’ reliance on third-party storage providers such as Google Drive and Apple’s iCl…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical pre-authentication SQL injection vulnerability, identified as CVE-2026-42208, has been discovered in the popular LiteLLM gateway, allowing attackers to access databases without credentials. Cybercriminals have already been observed exploitin…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
APT-C-49 (OilRig), an Iranian state-sponsored advanced persistent threat group also known as APT34 and Helix Kitten, has deployed a sophisticated new attack campaign that conceals command-and-control configurations inside Google Drive images using LSB …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A major security flaw in the popular productivity platform ClickUp has exposed sensitive data, including 959 email addresses tied to Fortune 500 companies and government agencies. The primary vulnerability stems from a hardcoded Split.io SDK token left…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new Android malware campaign is masquerading as a “Banking KYC” verification app and spreading via WhatsApp messages to target banking users in India. The malware is delivered as an APK shared over WhatsApp, posing as an urgent bank KYC or account ve…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new string injection vulnerability, tracked as CVE-2026-3008, has been discovered in Notepad++ version 8.9.3. This critical flaw allows attackers to crash the application or to instantly and secretly extract sensitive memory information. The Cybersec…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
