Threat

GootLoader Returns Using New Font Trick to Conceal Malware on WordPress Sites

GootLoader has reemerged, showing fresh innovations in evasion and delivery. Recent investigations by Huntress found multiple infections since October 27, 2025, including rapid hands-on-keyboard intrusions that led to domain controller compromise within 17 hours in two cases. The loader now uses custom web fonts and other subtle tricks to hide malicious payloads on compromised WordPress […]

GootLoader Returns Using New Font Trick to Conceal Malware on WordPress Sites Read More »

Konni Hackers Turn Google Find Hub into Remote Data Wiping Tool

A North Korea linked actor known as Konni, also tracked as Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia, has run targeted campaigns that compromise Android and Windows systems, steal credentials, and gain remote control of victims’ devices. Researchers at the Genians Security Center say the group used social engineering to distribute malware disguised as

Konni Hackers Turn Google Find Hub into Remote Data Wiping Tool Read More »

Large-Scale ClickFix Phishing Campaign Targets Hotel Systems Using PureRAT Malware

A widespread phishing operation is targeting the hospitality sector, tricking hotel staff and guests into revealing sensitive credentials and payment data. The campaign uses compromised email accounts to impersonate legitimate booking platforms, then redirects victims to ClickFix-style pages that ultimately deliver PureRAT, a modular remote access trojan. Security firms link the activity to attacks active

Large-Scale ClickFix Phishing Campaign Targets Hotel Systems Using PureRAT Malware Read More »

GlassWorm Malware Found in Three VS Code Extensions with Thousands of Installations

Cybersecurity researchers have uncovered a new wave of the persistent GlassWorm campaign, revealing three malicious Visual Studio Code (VS Code) extensions designed to steal developer credentials and cryptocurrency. With thousands of combined installations, these extensions demonstrate a continued and evolving threat to the software development ecosystem. The Malicious Extensions and Their Reach The campaign involves

GlassWorm Malware Found in Three VS Code Extensions with Thousands of Installations Read More »

New Browser Security Report Highlights Emerging Enterprise Threats

A new Browser Security Report 2025 reveals a fundamental shift in the corporate threat landscape. The user’s browser has become the central hub where identity, SaaS, and AI-related risks converge. Traditional security tools, operating at a lower level, are failing to protect this new, parallel attack surface where unmanaged extensions, personal AI accounts, and stolen

New Browser Security Report Highlights Emerging Enterprise Threats Read More »

Microsoft Uncovers ‘Whisper Leak’ Attack Revealing AI Chat Topics Through Encrypted Traffic

Microsoft has revealed a novel side-channel attack, dubbed “Whisper Leak,” that can compromise the privacy of conversations with AI chatbots. The technique allows an eavesdropper to infer the topic of a user’s prompt by analyzing encrypted network traffic, even when protected by HTTPS, posing a significant risk to user and enterprise confidentiality. How the Whisper

Microsoft Uncovers ‘Whisper Leak’ Attack Revealing AI Chat Topics Through Encrypted Traffic Read More »

Zero-Click Samsung Flaw Used to Deliver LANDFALL Android Spyware Through WhatsApp

A critical security vulnerability in Samsung Galaxy Android devices was exploited as a zero-day to deploy a sophisticated commercial-grade spyware known as LANDFALL. The targeted attacks, focused in the Middle East, used a specially crafted image file sent through WhatsApp to compromise devices without any user interaction. The Exploited Vulnerability and Its Patch The flaw,

Zero-Click Samsung Flaw Used to Deliver LANDFALL Android Spyware Through WhatsApp Read More »

China’s Hackers Repurpose Legacy Flaws, from Log4j to IIS, into Global Espionage Tools

Chinese state aligned hacking groups continue to rely on long standing software vulnerabilities to conduct stealthy cyber operations across the globe. A recent incident involving a U.S. based non profit organization shows how older flaws such as Log4j, Atlassian, Struts, and IIS weaknesses are still being reused to gain long term access for intelligence gathering.

China’s Hackers Repurpose Legacy Flaws, from Log4j to IIS, into Global Espionage Tools Read More »

Hidden Logic Bombs in Malicious NuGet Packages Set to Detonate Years After Installation

A sophisticated software supply chain attack has been uncovered, involving nine malicious NuGet packages designed to lie dormant for years before activating their destructive payloads. These “logic bombs,” set to trigger in 2027 and 2028, aim to sabotage databases and corrupt critical industrial control systems, posing a long-term threat to organizations. A Patient and Stealthy

Hidden Logic Bombs in Malicious NuGet Packages Set to Detonate Years After Installation Read More »

Vibe-Coded Malicious VS Code Extension Found Containing Built-In Ransomware Functionality

Cybersecurity researchers have uncovered a malicious extension for Microsoft’s Visual Studio Code (VS Code) that contains basic ransomware functionality. The extension, which appears to have been “vibe-coded” or created with the assistance of artificial intelligence, highlights a new frontier in software supply chain threats. A Brazenly Malicious Extension Discovered by Secure Annex researcher John Tuckner,

Vibe-Coded Malicious VS Code Extension Found Containing Built-In Ransomware Functionality Read More »