Cybercrime

xRAT Malware Targets Windows Users Masquerading as Adult Game

A new malware threat called xRAT, also known as QuasarRAT, has been targeting Windows users across Korea, exploiting popular webhard file-sharing services.The Ahnlab Security Intelligence Center (ASEC) recently detected xRAT being distributed as fake adult games. The remote access trojan (RAT) combines advanced evasion techniques with social engineering, making it particularly dangerous for everyday users. Attackers exploit […]

xRAT Malware Targets Windows Users Masquerading as Adult Game Read More »

Fog Ransomware Targets US Organizations Using Compromised VPN Credentials

A new ransomware variant known as Fog has emerged as a notable threat to organizations in the education and recreation sectors across the United States. Overview of the Threat Starting in early May 2024, Arctic Wolf Labs began monitoring Fog ransomware in multiple incident response cases. Approximately 80 percent of affected organizations operate in education,

Fog Ransomware Targets US Organizations Using Compromised VPN Credentials Read More »

WhatsApp Worm Propagates Astaroth Banking Trojan in Brazil Through Auto-Messaging

Cybersecurity researchers have uncovered a new malware campaign that abuses WhatsApp as a distribution channel to spread the Astaroth banking trojan across Brazil. The operation specifically targets Windows users and represents an evolution in how financial malware is propagated in the region. The campaign has been named Boto Cor-de-Rosa by the Acronis Threat Research Unit.

WhatsApp Worm Propagates Astaroth Banking Trojan in Brazil Through Auto-Messaging Read More »

CISA Flags Microsoft Office and HPE OneView Vulnerabilities as Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security vulnerabilities affecting Microsoft Office and HPE OneView to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence that the flaws are being actively abused by threat actors. The move highlights growing concerns about unpatched enterprise software being leveraged in real-world attacks. Vulnerabilities Added to KEV Catalog The following security

CISA Flags Microsoft Office and HPE OneView Vulnerabilities as Actively Exploited Read More »

Microsoft Warns That Misconfigured Email Routing Can Enable Internal Domain Phishing

Microsoft has issued a warning that threat actors are exploiting misconfigured email routing and weak spoofing protections to carry out phishing attacks that appear to originate from within an organization’s own domain. According to the Microsoft Threat Intelligence team, attackers are abusing these routing weaknesses to deliver phishing emails that impersonate internal communications. These messages

Microsoft Warns That Misconfigured Email Routing Can Enable Internal Domain Phishing Read More »

Unpatched Firmware Vulnerability Leaves TOTOLINK EX200 Open to Full Remote Device Takeover

The CERT Coordination Center (CERT/CC) has issued a security advisory detailing a serious unpatched vulnerability affecting the TOTOLINK EX200 wireless range extender, which could allow a remote attacker to gain complete control over the device. The vulnerability, tracked as CVE-2025-65606, originates from improper error handling within the device’s firmware upload mechanism. Although no CVSS score has been

Unpatched Firmware Vulnerability Leaves TOTOLINK EX200 Open to Full Remote Device Takeover Read More »

Critical AdonisJS Bodyparser Vulnerability (CVSS 9.2) Allows Arbitrary File Write on Servers

Users of the @adonisjs/bodyparser npm package are being urged to update immediately after the disclosure of a critical security vulnerability that could allow remote attackers to write arbitrary files on affected servers. The issue is tracked as CVE-2026-21440 and carries a CVSS score of 9.2, indicating high severity. According to project maintainers, the flaw stems from a path traversal vulnerability within AdonisJS’s

Critical AdonisJS Bodyparser Vulnerability (CVSS 9.2) Allows Arbitrary File Write on Servers Read More »

Russia-Aligned Hackers Exploit Viber to Target Ukrainian Military and Government Entities

A Russia aligned cyber threat group tracked as UAC-0184 has been observed abusing the Viber messaging platform to conduct targeted attacks against Ukrainian military and government organizations. The activity was detailed in a new technical report released by the 360 Threat Intelligence Center. Researchers stated that the group has maintained a high operational tempo throughout 2025, focusing

Russia-Aligned Hackers Exploit Viber to Target Ukrainian Military and Government Entities Read More »

Kimwolf Android Botnet Infects Over 2 Million Devices Through Exposed ADB and Proxy Networks

Cybersecurity researchers have uncovered large scale activity linked to an Android botnet known as Kimwolf, which has compromised more than two million devices by abusing exposed Android Debug Bridge (ADB) services and tunneling through residential proxy networks. The findings were revealed in a recent analysis by Synthient. According to researchers, threat actors operating the Kimwolf botnet

Kimwolf Android Botnet Infects Over 2 Million Devices Through Exposed ADB and Proxy Networks Read More »

New VVS Stealer Malware Targets Discord Accounts Using Obfuscated Python Code

Cybersecurity researchers have uncovered a new Python based information stealing malware known as VVS Stealer, also referred to as VVS $tealer, which is actively targeting Discord users by harvesting account credentials and authentication tokens. According to an analysis published by Palo Alto Networks Unit 42, this stealer has been circulating in underground Telegram channels since at least

New VVS Stealer Malware Targets Discord Accounts Using Obfuscated Python Code Read More »