Threat

Cloudflare Zero-Day Vulnerability Allows Any Host Access by Bypassing Security Protections

Security researchers have disclosed a critical zero-day flaw in Cloudflare’s Web Application Firewall that allowed attackers to bypass security rules and directly access origin servers that were supposed to be fully protected. The issue was identified by researchers from FearsOff, who discovered that HTTP requests sent to the /.well-known/acme-challenge/ path could reach backend servers even when customers […]

Cloudflare Zero-Day Vulnerability Allows Any Host Access by Bypassing Security Protections Read More »

Hackers Use LinkedIn Messages to Spread RAT Malware via DLL Sideloading

Cybersecurity researchers have identified a new phishing operation that weaponizes LinkedIn private messages to deliver malware, highlighting how social media platforms are increasingly being used as initial access vectors in cyberattacks. According to findings shared by ReliaQuest, the campaign relies on direct messages sent to targeted individuals, where attackers gradually build trust before convincing victims

Hackers Use LinkedIn Messages to Spread RAT Malware via DLL Sideloading Read More »

Google Gemini Prompt Injection Flaw Exposes Private Calendar Data Through Malicious Invites

Cybersecurity researchers have uncovered a security vulnerability that abused indirect prompt injection techniques against Google Gemini, allowing attackers to bypass authorization safeguards and misuse Google Calendar as a covert data exfiltration channel. According to Miggo Security’s Head of Research, Liad Eliyahu, the flaw enabled attackers to evade Google Calendar privacy controls by embedding a hidden

Google Gemini Prompt Injection Flaw Exposes Private Calendar Data Through Malicious Invites Read More »

New StackWarp Hardware Flaw Breaks AMD SEV SNP Protections on Zen 1 to 5 CPUs

Researchers from the CISPA Helmholtz Center for Information Security in Germany have revealed a newly discovered hardware vulnerability in AMD processors that weakens the security guarantees of confidential virtual machines. The flaw, named StackWarp, affects AMD Zen 1 through Zen 5 architectures and allows a malicious host with administrative privileges to execute unauthorized code inside

New StackWarp Hardware Flaw Breaks AMD SEV SNP Protections on Zen 1 to 5 CPUs Read More »

CrashFix Chrome Extension Spreads ModeloRAT Using ClickFix Style Browser Crash Lures

Cybersecurity analysts have uncovered an active malware campaign known as KongTuke, where attackers abuse a malicious Google Chrome extension to deliberately crash browsers and deceive users into executing harmful commands. The operation delivers a newly identified remote access trojan called ModeloRAT using a refined social engineering technique similar to ClickFix, now labeled CrashFix. The findings were disclosed by Huntress,

CrashFix Chrome Extension Spreads ModeloRAT Using ClickFix Style Browser Crash Lures Read More »

Security Flaw in StealC Malware Panel Allows Researchers to Monitor Threat Actor Operations

Cybersecurity researchers have revealed a cross site scripting vulnerability in the web based administration panel used by operators of the StealC information stealing malware, enabling analysts to observe and collect intelligence on one of the threat actors actively running the operation. CyberArk researcher Ari Novick stated that exploitation of the flaw allowed researchers to collect system fingerprints, track

Security Flaw in StealC Malware Panel Allows Researchers to Monitor Threat Actor Operations Read More »

Black Basta Ransomware Leader Added to EU Most Wanted List and INTERPOL Red Notice

Law enforcement authorities in Ukraine and Germany have identified two Ukrainian nationals suspected of supporting the Russia linked Black Basta ransomware as a service operation. Officials also confirmed that the alleged leader of the group has now been placed on both the European Union Most Wanted list and INTERPOL Red Notice database. The suspect has been named as Oleg Evgenievich Nefedov, a 35

Black Basta Ransomware Leader Added to EU Most Wanted List and INTERPOL Red Notice Read More »

GootLoader Malware Uses 500-1,000 Concatenated ZIP Archives to Evade Detection

Security researchers have identified a new evasion technique used by the GootLoader JavaScript malware, in which attackers rely on malformed ZIP files created by combining hundreds of compressed archives into a single payload to avoid analysis and detection. According to Expel security researcher Aaron Walton, the threat actor deliberately creates corrupted ZIP archives as an anti

GootLoader Malware Uses 500-1,000 Concatenated ZIP Archives to Evade Detection Read More »

Five Malicious Chrome Extensions Masquerade as Workday and NetSuite to Hijack Accounts

Cybersecurity researchers have identified five malicious Google Chrome extensions designed to mimic HR and ERP platforms such as Workday, NetSuite, and SuccessFactors, enabling attackers to hijack victim accounts. “These extensions operate together to steal authentication tokens, disable incident response features, and enable full account takeover via session hijacking,” said Socket researcher Kush Pandya in a

Five Malicious Chrome Extensions Masquerade as Workday and NetSuite to Hijack Accounts Read More »

LOTUSLITE Backdoor Targets U.S. Policy Entities Through Venezuela-Themed Spear Phishing

Cybersecurity researchers have revealed a new malware campaign aimed at U.S. government and policy organizations, using politically themed lures to deliver a backdoor called LOTUSLITE. The campaign exploits geopolitical tensions between the U.S. and Venezuela. Attackers distributed a ZIP archive named “US now deciding what’s next for Venezuela.zip”, which contains a malicious DLL. This DLL is executed

LOTUSLITE Backdoor Targets U.S. Policy Entities Through Venezuela-Themed Spear Phishing Read More »