Cyber Security

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Avoid Takedown

Cybersecurity researchers have uncovered a sophisticated botnet loader named Aeternum C2 that leverages blockchain technology to maintain a resilient and takedown resistant command and control infrastructure. Instead of relying on conventional domains or centralized servers, the malware stores encrypted instructions directly on the Polygon blockchain. According to research published by Qrator Labs, this strategy enables […]

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Avoid Takedown Read More »

Google Disrupts UNC2814 GRIDTIDE Campaign Following 53 Breaches in 42 Countries

Google has announced a coordinated effort with industry partners to dismantle the infrastructure of a suspected China linked cyber espionage group identified as UNC2814. The campaign is confirmed to have compromised at least 53 organizations across 42 countries, making it one of the most extensive cyber espionage operations uncovered in recent years. According to a

Google Disrupts UNC2814 GRIDTIDE Campaign Following 53 Breaches in 42 Countries Read More »

Claude Code Vulnerabilities Enable Remote Code Execution and API Key Theft

Cybersecurity researchers have revealed several critical security flaws in Anthropic’s Claude Code, an AI-driven coding assistant, which could allow attackers to execute remote code and steal API credentials. Check Point researchers Aviv Donenfeld and Oded Vanunu reported, “These vulnerabilities exploit multiple configuration points, including Hooks, Model Context Protocol (MCP) servers, and environment variables. Attackers can

Claude Code Vulnerabilities Enable Remote Code Execution and API Key Theft Read More »

SLH Offers $500 to $1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks

The cybercrime collective Scattered LAPSUS$ Hunters (SLH) has been reported recruiting women to execute voice phishing (vishing) attacks against IT help desks. According to Dataminr, the group is offering $500–$1,000 per call and supplying pre-written scripts to maximize the chances of success. The initiative reflects a shift in social engineering tactics, leveraging the assumption that female voices may

SLH Offers $500 to $1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks Read More »

Malicious NuGet Packages Stole ASP.NET Data While npm Package Delivered Malware

Cybersecurity analysts have uncovered four harmful NuGet packages designed to infiltrate ASP.NET development environments and secretly extract sensitive application data. The campaign, identified by Socket, focused on compromising applications during development rather than directly attacking developers’ machines. The rogue packages were uploaded to the official NuGet repository between August 12 and 21, 2024, by a user

Malicious NuGet Packages Stole ASP.NET Data While npm Package Delivered Malware Read More »

Defense Contractor Employee Sentenced for Selling 8 Zero Days to Russian Broker

A former employee of U.S. defense contractor L3Harris has been sentenced to more than seven years in federal prison after admitting to selling eight highly sensitive zero-day exploits to a Russian exploit brokerage firm in exchange for millions in cryptocurrency. Peter Williams, 39, an Australian national, pleaded guilty in October 2025 to two counts of

Defense Contractor Employee Sentenced for Selling 8 Zero Days to Russian Broker Read More »

SolarWinds Fixes Four Critical Serv-U 15.5 Vulnerabilities Enabling Root Code Execution

SolarWinds has issued urgent security updates to resolve four critical vulnerabilities in its Serv-U file transfer platform. If exploited, these flaws could allow attackers to execute arbitrary code with root level privileges, creating severe security exposure for affected systems. All four vulnerabilities carry a CVSS score of 9.1, placing them in the critical severity category.

SolarWinds Fixes Four Critical Serv-U 15.5 Vulnerabilities Enabling Root Code Execution Read More »

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

The United States Cybersecurity and Infrastructure Security Agency has officially added a newly revealed security flaw in FileZen to its Known Exploited Vulnerabilities (KEV) catalog after confirming that threat actors are actively abusing the issue in real world attacks. The vulnerability, identified as CVE-2026-25108, carries a CVSS v4 severity rating of 8.7 and involves an operating

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability Read More »

RoguePilot Vulnerability in GitHub Codespaces Allowed GitHub Copilot to Expose GITHUB_TOKEN

A now patched security flaw in GitHub Codespaces could have allowed attackers to hijack repositories by abusing Copilot through a malicious GitHub issue. The vulnerability, discovered by Orca Security, was named RoguePilot and responsibly disclosed to Microsoft. How the Attack Worked The weakness stemmed from how Codespaces integrates Copilot into developer workflows. When a user launches a

RoguePilot Vulnerability in GitHub Codespaces Allowed GitHub Copilot to Expose GITHUB_TOKEN Read More »

UAC-0050 Targets European Financial Institution Using Spoofed Domain and RMS Malware

A Russia aligned cyber threat group has been linked to a targeted social engineering campaign against a European financial institution, marking a potential expansion beyond its usual Ukraine focused operations. The activity has been attributed to UAC-0050, also known as DaVinci Group. Threat intelligence firm BlueVoyant tracks the cluster under the name Mercenary Akula. The attack reportedly targeted

UAC-0050 Targets European Financial Institution Using Spoofed Domain and RMS Malware Read More »