Daily Cyber News

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

CISA Flags TP-Link and WhatsApp Flaws in KEV Catalog Amid Ongoing Exploitation image import The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added two newly discovered vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations about the growing risk of active exploitation. These flaws impact TP-Link TL-WA855RE Wi-Fi Range Extenders and the […]

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation Read More »

Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack

Cloudflare has once again proven the strength of its global defense infrastructure by automatically stopping a record-breaking 11.5 terabits per second (Tbps) distributed denial-of-service (DDoS) attack. This massive cyber offensive is now the largest volumetric DDoS attack ever mitigated, highlighting both the scale of modern threats and the growing sophistication of attackers. The Attack in

Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack Read More »

Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations

Salesloft has announced that it will temporarily take Drift offline after a large-scale cyberattack led to the theft of OAuth tokens from hundreds of organizations. The decision, revealed on Tuesday, comes after reports confirmed that attackers had compromised Drift’s systems, affecting many companies that rely on its chatbot and integration services. Why Drift Is Going

Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations Read More »

Ukrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP Devices

Cybersecurity researchers have identified a Ukraine-based IP network, FDN3 (AS211736), as the source of massive brute-force and password spraying attacks against SSL VPN and RDP systems. These activities took place between June and July 2025 and have raised concerns about the growing abuse of bulletproof hosting infrastructure to launch large-scale cyberattacks. The Origin of Attacks

Ukrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP Devices Read More »

Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets

Discovery of a Malicious Package Cybersecurity experts have identified a deceptive npm package called nodejs-smtp, designed to compromise desktop applications for cryptocurrency wallets such as Atomic and Exodus on Windows systems. The package was uploaded to the npm registry in April 2025 by a user named “nikotimon.” Although it has since been removed, it managed

Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets Read More »

Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans

Cybersecurity experts have noticed a notable shift in Android malware campaigns, where dropper apps—traditionally used to deliver banking trojans—are now distributing simpler malicious software such as SMS stealers and lightweight spyware. According to a report by ThreatFabric last week, these campaigns often impersonate government or banking apps in India and other Asian countries. The Dutch

Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans Read More »

Hackers Exploit Windows Defender Application Control Policies to Disable EDR Agents

Cyber attackers are abusing Windows Defender Application Control (WDAC) policies to shut down Endpoint Detection and Response (EDR) agents, leaving organizations with serious visibility gaps in their defenses. What started as a proof-of-concept has now evolved into a real-world threat adopted by advanced groups, including ransomware operators such as Black Basta. Key Insights According to

Hackers Exploit Windows Defender Application Control Policies to Disable EDR Agents Read More »

AI Waifu RAT Targets Users With Novel Social Engineering Techniques

A new and highly targeted malware campaign is spreading within niche Large Language Model (LLM) role-playing communities, using advanced social engineering tactics to deliver a dangerous Remote Access Trojan (RAT). Researchers have named the malware “AI Waifu RAT”, which disguises itself as an AI companion enhancement tool promising advanced “meta” interactions between users and their

AI Waifu RAT Targets Users With Novel Social Engineering Techniques Read More »

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

Discovery of New Campaign Cybersecurity experts have identified a fresh phishing operation conducted by the North Korean state-sponsored threat group ScarCruft (APT37). The attackers are using a well-known malware called RokRAT to infiltrate systems and steal sensitive information. Researchers at Seqrite Labs named this campaign Operation HanKook Phantom, noting that the attacks are aimed at

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics Read More »

Attackers Abuse Velociraptor Tool to Deploy VS Code for C2 Tunneling

Cybersecurity experts have uncovered a recent attack where unknown adversaries misused Velociraptor, an open-source digital forensic and endpoint monitoring tool, to further their malicious activities. This case highlights the ongoing abuse of legitimate software by threat actors to avoid detection. According to a report by the Sophos Counter Threat Unit Research Team, the attackers utilized

Attackers Abuse Velociraptor Tool to Deploy VS Code for C2 Tunneling Read More »