-
Hackers linked to China are increasingly abusing compromised routers and edge devices to build covert networks, enabling stealthy cyber operations that are harder to detect and block. Instead of relying on dedicated servers or purchased hosting, threat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are using Telegram bots and AI tooling to run a structured, at-scale exploitation campaign abusing the critical React2Shell vulnerability (CVE-2025-55182), with evidence of 900+ confirmed compromises. Investigators found an exposed server tied …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A recent investigation by Citizen Lab has uncovered sophisticated, multi-year surveillance campaigns exploiting foundational vulnerabilities in global mobile networks. The report, titled “Bad Connection,” reveals how suspected commercial su…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ransomware operators introduced a custom-built data exfiltration tool, signaling a notable evolution in attack techniques. Unlike most ransomware groups that rely on publicly available utilities such as Rclone or MegaSync, Trigona affiliates are now us…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly identified cyber threat group, UNC6692, is using a clever mix of social engineering and custom malware to infiltrate corporate networks. By impersonating IT helpdesk personnel on Microsoft Teams, these hackers trick employees into downloading a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Socket have uncovered a major supply chain compromise affecting the Bitwarden CLI. Attackers successfully abused a GitHub Action in Bitwarden’s CI/CD pipeline to inject malicious code into the popular password manager’…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Vercel has confirmed a security breach involving unauthorised access to certain internal systems, and the company says the incident affected a limited number of customer accounts and stored data. The cloud platform provider disclosed that it is activel…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitLab has released emergency security patches addressing 11 vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE), including three high-severity flaws that could allow attackers to execute malicious code, forge requests, and st…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Harvester APT group has quietly expanded its espionage arsenal with a new Linux variant of its GoGra backdoor, one that cleverly hides its command-and-control (C2) traffic within Microsoft Outlook mailboxes, making it significantly harder to detect…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Malicious npm package js-logger-pack is now abusing Hugging Face not just as a malware CDN, but also as a live exfiltration backend for stolen data, turning a popular AI platform into part of a full-featured cross‑platform implant chain. Earlier campai…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
