-
A severe Remote Code Execution (RCE) vulnerability has been identified in RubitMQ job workers, stemming from unsafe JSON deserialization practices. The issue arises not from memory corruption or complex undefined behavior, but from design-level trust a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers Per Idenfeldt Okuyama and Sam Eizad have uncovered a critical physical attack vulnerability in the Moxa UC-1222A Secure Edition industrial computer, demonstrating that its LUKS full-disk encryption can be fully defeated by passivel…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are abusing steganography in PNG images to smuggle a Pulsar Remote Access Trojan (RAT) into Windows systems through a malicious NPM package named buildrunner‑dev. The attack starts with a typosquatted NPM package, buildrunner‑dev, which imperso…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A typosquatted copy of the popular Huorong Security antivirus site is being used to deliver ValleyRAT, a modular remote access trojan (RAT) built on the Winos4.0 framework, to users who believe they are downloading legitimate protection software. The a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A notorious cybercriminal group, ShinyHunters, has claimed responsibility for a massive data breach involving Odido and BEN, exposing millions of customer records. The group asserts that Odido, a Dutch telecommunications provider, was not truthful in i…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new wave of the ClickFix Infostealer campaign that abuses fake CAPTCHA pages to deliver credential-stealing malware. Initially detected through late-stage Endpoint Detection and Response (EDR) alerts, the campaign shows strong similarities to the Cli…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
WhatsApp is developing a new feature to significantly strengthen account security by introducing optional account passwords. Currently available in the Google Play Beta Program through version 2.26.7.8, this functionality aims to add another robust lay…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are using commercial AI models DeepSeek and Claude to automate attacks against FortiGate firewalls worldwide, turning basic misconfigurations into a high‑volume intrusion campaign. In early February 2026, a misconfigured SimpleHTTP server runni…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has rolled out an emergency security update for its Chrome browser, addressing three high-severity vulnerabilities. This update targets users on Windows, Mac, and Linux platforms, aiming to patch critical flaws that could compromise system secur…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GrayCharlie is abusing compromised WordPress sites to silently load malicious JavaScript that pushes NetSupport RAT, often followed by Stealc and SectopRAT, via fake browser updates and ClickFix lures. Insikt Group tracks GrayCharlie as a financially m…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
