Security researchers have uncovered a serious vulnerability in nopCommerce, a popular open-source ecommerce platform used by major companies, including Microsoft, Volvo, and BMW. The flaw allows attackers to hijack user accounts by exploiting captured session cookies, even after legitimate users have logged out. Field Details CVE ID CVE-2025-11699 Vulnerability Title Insufficient Session Cookie Invalidation Platform […]
The Raspberry Pi Foundation has announced immediate availability of a new 1GB version of the Raspberry Pi 5, marking a significant expansion of its affordable computing platform.
The new entry-level model arrives at $45, making high-performance computing more accessible to budget-conscious consumers and developers worldwide.
The 1GB Raspberry Pi 5 retains all the flagship capabilities that have made the platform popular among hobbyists, educators, and professionals.
It features a powerful quad-core 2.4GHz Arm Cortex-A76 processor, dual-band Wi-Fi connectivity, and a PCI Express port for expandable storage and peripherals.
These specifications ensure users get enterprise-grade computing power at a fraction of the cost of traditional computers.
The launch comes as the Raspberry Pi Foundation addresses the unprecedented rise in LPDDR4 memory costs, mainly driven by competition from artificial intelligence infrastructure projects.
To maintain memory supplies and navigate an increasingly constrained market anticipated for 2026. The organization has announced strategic price increases across select Raspberry Pi 4 and Raspberry Pi 5 products.
These adjustments mirror previous increases announced in October for Compute Module products. The pricing structure reflects the foundation’s commitment to affordability while maintaining operational sustainability.
Higher-capacity models experience more significant increases: Lower-capacity variants of Raspberry Pi 4, older Raspberry Pi 3+ models, and Raspberry Pi Zero products maintain their existing prices, providing continued options for cost-sensitive users.
Raspberry Pi 5 Pricing Changes
Memory Capacity
Old Price
New Price
Price Increase
Percentage Increase
2GB
$50
$55
$5
10%
4GB
$60
$70
$10
16.7%
8GB
$80
$95
$15
18.75%
16GB
$120
$145
$25
20.8%
Raspberry Pi 4 Pricing Change
Memory Capacity
Old Price
New Price
Price Increase
Percentage Increase
4GB
$55
$60
$5
9.1%
8GB
$75
$85
$10
13.3%
The 16GB Compute Module 5, which remained unchanged during October’s price adjustment, now sees a $20 increase.
The Raspberry Pi Foundation believes the current memory shortages are temporary and continues its mission to provide affordable, high-performance computers worldwide.
Leadership emphasizes its commitment to unwinding these price increases once memory market conditions stabilize and competitive pressures from AI infrastructure projects ease.
The new 1GB Raspberry Pi 5 offers developers and makers a powerful, affordable entry into the ecosystem, combining modern processors with essential connectivity at a low price.
Multiple Ukrainian hacktivist groups have launched an extensive spearphishing campaign targeting Russia’s critical aerospace and defence industries, according to a new threat intelligence report by Intrinsec. The coordinated attacks between June and September 2025 represent an escalating cyber warfare strategy aimed at disrupting Russian military capabilities and civilian aviation operations. The campaign involves several prominent […]
A sophisticated threat actor has been conducting a persistent phishing campaign against United States educational institutions since April 2025, leveraging the open-source Evilginx framework to bypass multi-factor authentication (MFA). The campaign, which has targeted at least 18 universities to date, utilizes adversary-in-the-middle (AiTM) techniques to intercept login credentials and session cookies by mimicking legitimate single […]
The Glassworm malware campaign has resurfaced with unprecedented scale, deploying 24 malicious extensions across Microsoft Visual Studio Marketplace and OpenVSX over the past week.
This latest wave of attacks demonstrates the persistent threat posed by supply chain compromises targeting developer tools.
The malware specifically clones legitimate extensions for popular frameworks, including Flutter, Tailwind, Vim, Yaml, Svelte, React Native, and Vue, making it difficult for developers to distinguish between authentic and fraudulent packages.
The attack mechanism exploits the trust developers place in extension marketplaces by initially publishing seemingly legitimate packages that pass security reviews.
Popular extension clone (Source – Secure Annex)
Once approved, the extensions receive updates containing hidden malicious code, allowing the attackers to bypass existing security filters.
Secure Annex security researchers identified that these malicious extensions employ sophisticated techniques to manipulate download counts and artificially inflate installation statistics, positioning the fake extensions directly alongside legitimate ones within the IDE interface.
This social engineering tactic makes it challenging for users to identify the correct extension during installation.
Infection Mechanism and Evolution
The infection process begins when developers install what appears to be a legitimate extension from the marketplace.
The malicious payload activates immediately after the extension loads into the development environment. Once activated, the code executes embedded implants that were previously hidden within the extension package.
The attackers have evolved their evasion tactics significantly, transitioning from invisible Unicode characters in earlier iterations to Rust-based implants embedded directly inside the extensions.
When the extension activates, it runs the malicious code within the developer’s system context, giving attackers access to sensitive information such as environment variables, authentication tokens, and project source code.
Malicious extensions (Source – Secure Annex)
The sophisticated obfuscation techniques make detection difficult without specialized security analysis tools. Secure Annex analysts noted the consistent attack signatures and patterns across the campaigns, linking various techniques together despite their evolution.
The researchers discovered that many extensions continue staging operations while manipulating download statistics to build credibility before final deployment.
The identified compromised packages span both marketplaces, with notable examples including prisma-inc.prisma-studio-assistance, prettier-vsc.vsce-prettier, and flutter-extension across both platforms.
Organizations using these extensions face significant risk from unauthorized system access and data exfiltration.
Security professionals recommend immediately auditing installed extensions and implementing marketplace scanning solutions to detect and prevent future compromises.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
A new malware campaign has emerged that exploits the trust users place in popular applications.
Threat actors are distributing trojanized installers for Telegram, WinSCP, Google Chrome, and Microsoft Teams to deploy ValleyRat, a remote access trojan designed for long-term system compromise.
The campaign has been attributed to the China-aligned APT group known as Silver Fox, which has remained active since at least 2022.
The infection begins when victims download what appears to be a legitimate application installer through spear-phishing emails or malicious advertisements.
On the surface, users see a normal installation interface, but hidden processes run silently in the background.
The malware stages files, deploys kernel-level drivers, tampers with endpoint security, and ultimately launches a ValleyRat beacon that maintains persistent access to the compromised system.
Nextron Systems security researchers identified this campaign through their detailed analysis of the entire infection chain.
Their investigation revealed that the attackers combine multiple layers of obfuscation, endpoint security tampering, and kernel-level techniques to evade detection while establishing command-and-control communications with remote servers.
Silver Fox Telegram installer infection chain (Source – Nextron Systems)
The distribution primarily occurs through trojanized Telegram installers. One analyzed sample, named tg.exe, carries the SHA-256 hash 9ede6da5986d8c0df3367c395b0b3924ffb12206939f33b01610c1ae955630d1.
Telegram UI showing Version 6.0.2 (Source – Nextron Systems)
The PE header timestamp dates to 2019, while its first VirusTotal submission occurred in August 2025, representing an unusual six-year gap for a frequently updated application.
Infection Mechanism and Defense Evasion
Once executed, the installer creates the directory C:\ProgramData\WindowsData\ and drops essential files, including a renamed 7-Zip binary (funzip.exe) and an encrypted archive disguised as main.xml.
The malware then uses PowerShell to add a Microsoft Defender exclusion for the entire C:\ drive, effectively silencing antivirus protection.
The archive extraction command reveals the embedded password:-
"C:\ProgramData\WindowsData\funzip.exe" x -y -phtLcENyRFYwXsHFnUnqK -o"C:\ProgramData\WindowsData" "C:\ProgramData\WindowsData\main.xml"
This extraction deploys men.exe, the main orchestrator that performs environmental reconnaissance by scanning for security processes, including Microsoft Defender’s MsMpEng.exe and Chinese security products like ZhuDongFangYu.exe and 360tray.exe.
Created scheduled task WindowsPowerShell.WbemScripting.SWbemLocator executing X.vbe (Source – Nextron Systems)
The campaign establishes persistence through a scheduled task named WindowsPowerShell.WbemScripting.SWbemLocator, designed to mimic legitimate Windows components, which executes an encoded VBScript launching the ValleyRat beacon for continued system access.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
SmartTube, a popular open-source YouTube client for Android TV devices with over 25,900 GitHub stars, has been compromised after its digital signing keys were exposed, prompting an urgent security response from developer Yurii Liskov (yuliskov). The incident, disclosed on November 27, 2025, has forced affected users to reinstall the application under a new digital signature […]
Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and keeping track of all the vulnerability alerts, notifications, and updates can be a burden on resources and often leads to missed vulnerabilities.
Taking into account that nearly 10% of
Researchers at Insikt Group have uncovered new infrastructure linked to multiple operational clusters associated with Israeli spyware vendor Candiru, revealing an ongoing campaign deploying the sophisticated DevilsTongue malware against Windows users across several nations. The discovery highlights the persistent threat posed by commercial surveillance tools despite international regulatory efforts to curb their abuse. The investigation […]
The Evil Crow Cable Wind is a stealthy tool for red teamers that hides a powerful hacking implant inside what appears to be a standard USB charging cable.
Designed by security researcher Joel Serna Moreno, this device functions as a Human Interface Device (HID) capable of executing automated keystroke attacks at speeds of up to 1,000 characters per minute.
Unlike traditional BadUSB tools that require pre-configured scripts, the Evil Crow Cable Wind integrates an ESP32-S3 chip, allowing attackers to control the device remotely via Wi-Fi through a web-based interface.
This specific model follows the lineage of high-end espionage tools like the NSA’s $20,000 COTTONMOUTH-I implant, but makes similar capabilities available to penetration testers for approximately $43.
The defining feature of the Evil Crow Cable Wind is its wireless management, without installing specialized software or mobile applications.
Users can connect to the cable’s Wi-Fi hotspot and access a browser-based dashboard to deploy payloads, manage configurations, or update firmware over the air.
This web interface includes a live payload editor with syntax highlighting and an “AutoExec” feature that automatically runs specific scripts when the cable is plugged into a target device.
The hardware is versatile, available in both USB-A to USB-C and USB-C to USB-C configurations, making it compatible with a broad range of modern laptops and smartphones.
Advanced Features: OS Detection and Remote Shell
According to Mobile-hacker analysis, Beyond simple keystroke injection, the EvilCrow CableWind offers sophisticated reconnaissance and control features.
The device can detect the operating system of the host machine, identifying Windows, macOS, Linux, or Android, and conditionally execute payloads tailored to that specific environment.
Furthermore, the tool supports a “Remote Shell” capability that establishes a serial connection between the target and the attacker’s interface.
This allows red teamers to execute system commands on air-gapped machines that lack internet access, bridging the gap between physical access and remote execution, Joel Serna Moreno added.
When placed alongside competitors like the O.MG Cable and USB Ninja, the Evil Crow Cable Wind positions itself as a cost-effective open-source alternative that prioritizes essential functionality over premium stealth features.
While the O.MG Cable Elite offers advanced capabilities like hardware keylogging and geo-fencing, it costs significantly more. Conversely, the USB Ninja offers a stealthy design but lacks the dynamic web-based control found in Serna Moreno’s creation.
The following table outlines the key differences between these popular hardware implants.
Feature
Evil Crow Cable Wind
USB Ninja
O.MG Cable (Elite)
Price
~$43
~$161
$150–$180
Control Mechanism
Wi-Fi (Web Interface)
RF Remote
Wi-Fi, App
Payload Editing
Web-based (Live)
None
Web-based
OS Detection
Yes
No
Yes
Remote Shell
Yes
No
Yes
Keylogger
No
No
Yes
Open Source
Yes
No
No
Comparison table (Source: Mobile-hacker)
The Evil Crow Cable Wind represents a significant evolution in accessible physical security testing tools. By combining the ease of Wi-Fi control with powerful features like OS detection and air-gap bridging, it offers a robust solution for security professionals simulating insider threats.
Although it lacks the hardware keylogging found in more expensive alternatives, its open-source nature and support for custom firmware such as the USB Army Knife project ensure it remains a flexible and adaptable asset for red team operations.
.webp)
.webp)
.webp)
.webp)
.webp)
