-
North Korean state-backed hackers are using weaponized Excel-themed files to infect pharmaceutical and life science companies with malware, abusing Windows shortcut files, PowerShell, and cloud storage for stealthy data theft. The campaign begins with …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenClaw, a rapidly adopted open-source autonomous AI agent framework, has released critical security updates to address three moderate-severity vulnerabilities. Found in npm package versions before 2026.4.20, these complex flaws expose systems to seve…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has rolled out urgent security updates for its Gemini CLI and the accompanying GitHub Action to address a critical vulnerability. Tracked as GHSA-wpqr-6v78-jr5g, this flaw exposes continuous integration and continuous deployment (CI/CD) pipeline…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly uncovered npm malware campaign is targeting packages linked to Namastex Labs, abusing developer trust to steal sensitive secrets and silently spread across both npm and PyPI ecosystems. The malicious activity centers on Namastex.ai, a company t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Tenable has disclosed a high-severity security vulnerability in its Nessus Agent software for Windows that could allow attackers to execute malicious code with full SYSTEM-level privileges. The flaw, tracked as CVE-2026-33694, has been patched in the n…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly identified ClickFix attack variant is raising concerns among cybersecurity researchers after it was observed replacing traditional PowerShell-based delivery with a stealthier technique leveraging native Windows utilities. The infection begins w…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Vidar has evolved from a basic Arkei-based credential stealer into a multi-stage, stealth-focused infostealer that now hides second‑stage payloads within JPEG and TXT files to evade modern defenses. First observed in 2018, Vidar now operates as a matur…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have published a working Proof of Concept (PoC) exploit for a critical vulnerability in Metabase Enterprise. Tracked as CVE-2026-33725, this security flaw allows attackers to achieve Remote Code Execution (RCE) and read arbitrary f…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A previously unknown cyber sabotage framework called fast16, whose core components date back to 2005. This makes it the earliest known sabotage malware of its kind, predating the infamous Stuxnet worm by at least five years. The fast16 framework consis…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Nozomi Networks Labs published critical research detailing three new vulnerabilities in the CODESYS Control runtime. When chained together, these security flaws allow an authenticated attacker with low-level privileges to replace a legitimate industria…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
