-
Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners. The package in question is eslint-plugin-unicorn-ts-2, which masquerades as a TypeScript extension of the popular ESLint plugin. It was uploaded to the registry by a user named “hamburgerisland” in February 2024. The package has been downloaded
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Candiru, an Israeli-based spyware vendor, has deployed sophisticated malware infrastructure across multiple countries to target high-value individuals including politicians, journalists, and business leaders.
The mercenary spyware, known as DevilsTongue, represents a growing threat to Windows users globally, with eight distinct operational clusters identified across Hungary, Saudi Arabia, Indonesia, and Azerbaijan.
This modular Windows malware combines advanced evasion techniques with extensive surveillance capabilities, making it one of the most dangerous cyber threats operating today.
DevilsTongue has emerged as a particularly concerning weapon in the mercenary spyware market, capitalizing on both advanced exploitation techniques and sophisticated persistence mechanisms.
The malware operates through multiple infection vectors, leveraging zero-day vulnerabilities in web browsers and weaponized documents to compromise target systems.
What makes this spyware distinctive is its ability to operate covertly once installed, stealing sensitive information while remaining virtually undetectable to standard security tools.
Recorded Future security analysts identified new infrastructure linked to Candiru’s operational clusters, revealing significant differences in how various groups manage their victim-facing systems.
Some clusters operate directly, while others route commands through intermediary layers or the Tor network, adding layers of complexity to defensive efforts.
The discovery highlights how Candiru continues adapting its operational security even after facing international sanctions from the US Department of Commerce in November 2021.
The licensing model for DevilsTongue underscores the commercial nature of this threat. According to leaked project proposals, Candiru charges based on concurrent infections, allowing customers to monitor multiple devices simultaneously.
A base contract starting at €16 million permits unlimited infection attempts with ten concurrent devices monitored, while additional fees unlock expanded capacity and geographic coverage across different countries.
.webp)
Candiru pricing options (Source – Recorded Future) This pricing structure attracts government clients with substantial budgets seeking persistent surveillance capabilities.
Technical Persistence and Evasion Mechanisms
DevilsTongue employs sophisticated techniques to maintain persistence and evade detection on infected Windows systems.
The malware utilizes COM hijacking by overwriting legitimate COM class registry keys, directing them toward a first-stage DLL located in C:\Windows\system32\IME.
This approach cleverly disguises the malware within legitimate system directories. A signed third-party driver called physmem.sys enables kernel-level memory access, allowing the malware to proxy API calls and avoid detection mechanisms.
During the hijacking process, DevilsTongue reinstates the original COM DLL through shellcode manipulation of the LoadLibraryExW return value, maintaining system stability to prevent triggering security alerts.
All additional payloads remain encrypted and execute exclusively in memory, preventing forensic recovery.
This design allows the malware to extract credentials from LSASS, browsers, and messaging applications like Signal Messenger before covering its tracks through metadata scrubbing and unique file hashing.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
The post Candiru’s DevilsTongue Spyware Attacking Windows Users in Multiple Countries appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Dashcams have become an essential accessory in vehicles across many countries, serving as impartial witnesses in the event of accidents and roadside disputes. Yet, new research presented at Security Analyst Summit 2025 by a team of Singaporean cybersecurity researchers has uncovered a disturbing reality: dashcams, even offline ones, are increasingly being exploited as convenient surveillance […]
The post Dash Cam Hack: How Criminals Can Seize Control in Seconds appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft is currently investigating a service disruption affecting the Microsoft Defender portal, which has blocked numerous security professionals from accessing critical threat management tools.
The issue, tracked under the identifier DZ1191468 in the Microsoft 365 admin center, sparked concerns early Tuesday as administrators reported timeouts and login failures when attempting to load the security dashboard.
The disruption began earlier today, with users across multiple regions experiencing difficulties reaching the Defender portal (security.microsoft.com). According to Microsoft’s status updates, the root cause has been linked to an unexpected “spike in traffic” that overwhelmed the service’s access capabilities.
While the portal is essential for Security Operations Center (SOC) teams to monitor alerts, investigate incidents, and manage endpoint security, the outage effectively left some organizations temporarily blind to real-time threat data.
Microsoft’s Official Response
Microsoft acknowledged the problem quickly, assigning it the case ID DZ1191468. In a statement provided to administrators, the company confirmed the nature of the anomaly:
Following the implementation of traffic management mitigations, service availability has largely recovered. However, Microsoft notes that while the core issue is resolved, they are still “reviewing isolated error reports” to ensure complete stability for all tenants.
For enterprise security teams, access to the Microsoft Defender portal is non-negotiable. It serves as the central hub for Extended Detection and Response (XDR), allowing analysts to triage malware alerts and isolate compromised devices.
Even brief access interruptions can impede a SOC’s ability to respond to active threats or verify automated remediations. During the downtime, automated background protection services (like Defender Antivirus on endpoints) likely remained operational, but the administrative visibility required for human oversight was temporarily severed.
Administrators experiencing lingering connection issues are advised to monitor the Service Health Dashboard in the Microsoft 365 admin center under DZ1191468 for the latest recovery confirmation.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Microsoft Investigation Defender portal Issue That Blocking Users Access appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian nation-state actors that have delivered a previously undocumented backdoor called MuddyViper. The activity has been attributed by ESET to a hacking group known as MuddyWater (aka Mango
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers at Nisos have identified a critical gap in insider threat detection: organizations often fail to correlate early behavioral anomalies with external intelligence sources, leaving meaningful warning signs buried beneath operational noise until incidents escalate into confirmed breaches. Most insider threats do not announce themselves with apparent malicious activity. Instead, security teams encounter subtle […]
The post Early Indicators of Insider Threats Through Authentication and Access Controls appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have uncovered a serious vulnerability in nopCommerce, a popular open-source ecommerce platform used by major companies, including Microsoft, Volvo, and BMW. The flaw allows attackers to hijack user accounts by exploiting captured session cookies, even after legitimate users have logged out. Field Details CVE ID CVE-2025-11699 Vulnerability Title Insufficient Session Cookie Invalidation Platform […]
The post nopCommerce Flaw Lets Attackers Access Accounts Using Captured Cookies appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Raspberry Pi Foundation has announced immediate availability of a new 1GB version of the Raspberry Pi 5, marking a significant expansion of its affordable computing platform.
The new entry-level model arrives at $45, making high-performance computing more accessible to budget-conscious consumers and developers worldwide.The 1GB Raspberry Pi 5 retains all the flagship capabilities that have made the platform popular among hobbyists, educators, and professionals.
It features a powerful quad-core 2.4GHz Arm Cortex-A76 processor, dual-band Wi-Fi connectivity, and a PCI Express port for expandable storage and peripherals.
These specifications ensure users get enterprise-grade computing power at a fraction of the cost of traditional computers.
Feature Specification Processor Quad-core 2.4GHz Arm Cortex-A76 RAM 1GB Wi-Fi Dual-band (2.4GHz and 5GHz) Expansion PCI Express port for storage and peripherals Price $45 Use Cases Educational projects, IoT applications, lightweight servers The launch comes as the Raspberry Pi Foundation addresses the unprecedented rise in LPDDR4 memory costs, mainly driven by competition from artificial intelligence infrastructure projects.
To maintain memory supplies and navigate an increasingly constrained market anticipated for 2026. The organization has announced strategic price increases across select Raspberry Pi 4 and Raspberry Pi 5 products.
These adjustments mirror previous increases announced in October for Compute Module products. The pricing structure reflects the foundation’s commitment to affordability while maintaining operational sustainability.
Higher-capacity models experience more significant increases: Lower-capacity variants of Raspberry Pi 4, older Raspberry Pi 3+ models, and Raspberry Pi Zero products maintain their existing prices, providing continued options for cost-sensitive users.
Raspberry Pi 5 Pricing Changes
Memory Capacity Old Price New Price Price Increase Percentage Increase 2GB $50 $55 $5 10% 4GB $60 $70 $10 16.7% 8GB $80 $95 $15 18.75% 16GB $120 $145 $25 20.8% Raspberry Pi 4 Pricing Change
Memory Capacity Old Price New Price Price Increase Percentage Increase 4GB $55 $60 $5 9.1% 8GB $75 $85 $10 13.3% The 16GB Compute Module 5, which remained unchanged during October’s price adjustment, now sees a $20 increase.
The Raspberry Pi Foundation believes the current memory shortages are temporary and continues its mission to provide affordable, high-performance computers worldwide.
Leadership emphasizes its commitment to unwinding these price increases once memory market conditions stabilize and competitive pressures from AI infrastructure projects ease.
The new 1GB Raspberry Pi 5 offers developers and makers a powerful, affordable entry into the ecosystem, combining modern processors with essential connectivity at a low price.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Raspberry Pi 5 Now Available With 1GB RAM With Dual-Band Wi-Fi and PCI Express Port Support appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Multiple Ukrainian hacktivist groups have launched an extensive spearphishing campaign targeting Russia’s critical aerospace and defence industries, according to a new threat intelligence report by Intrinsec. The coordinated attacks between June and September 2025 represent an escalating cyber warfare strategy aimed at disrupting Russian military capabilities and civilian aviation operations. The campaign involves several prominent […]
The post Ukrainian Hackers Target Russian Aerospace and Defense Sectors appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated threat actor has been conducting a persistent phishing campaign against United States educational institutions since April 2025, leveraging the open-source Evilginx framework to bypass multi-factor authentication (MFA). The campaign, which has targeted at least 18 universities to date, utilizes adversary-in-the-middle (AiTM) techniques to intercept login credentials and session cookies by mimicking legitimate single […]
The post Evilginx Attack Techniques Allow Hackers to Defeat MFA Through SSO Phishing appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
