A critical security flaw affecting 7-Zip, tracked as CVE-2025-11001, is currently being actively exploited in the wild. The issue allows remote code execution via symbolic links in ZIP archives and impacts versions prior to 25.00, which was released in July 2025. Details of the Vulnerability The vulnerability arises from improper handling of symbolic links in […]
Cybersecurity analysts have uncovered a new campaign that combines social engineering with WhatsApp account hijacking to spread a Delphi based banking trojan known as Eternidade Stealer. This large scale operation specifically targets users in Brazil and relies on a Python powered WhatsApp worm to propagate malicious attachments. How the Campaign Operates Research from Trustwave SpiderLabs
Python Based WhatsApp Worm Spreads Eternidade Stealer Across Devices in Brazil Read More »
A China aligned threat actor known as PlushDaemon has been identified using a new Go based network backdoor called EdgeStepper. This tool enables adversary in the middle attacks by hijacking DNS queries and redirecting them to malicious infrastructure. Through this method, attackers can compromise legitimate software update channels and deliver harmful payloads. How the Attack
Fortinet has issued an important warning regarding a newly discovered security flaw in its FortiWeb product. The vulnerability, identified as CVE 2025 58034, has already been exploited in real world attacks, raising concerns for organizations that rely on FortiWeb for application security. About the Vulnerability This flaw is rated as medium severity and has a
Cybersecurity analysts have shared new details about a cyberattack attempt that targeted a major real estate company in the United States. The attackers used an emerging command and control framework known as Tuoni. Although the intrusion was unsuccessful, the campaign reveals a concerning trend where red team tools are frequently abused for malicious operations. Tuoni
Researchers Explain Tuoni C2’s Involvement in a 2025 Real-Estate Cyberattack Attempt Read More »
A sophisticated Iran associated threat group has been observed conducting extensive espionage activity against organizations in the aerospace, aviation, and defense sectors across the Middle East. The attackers have used custom backdoors, including TWOSTROKE and DEEPROOT, to maintain long term access and gather sensitive information. Mandiant has linked this campaign to a cluster known as
Security analysts have identified a group of seven npm packages created by a single threat actor who used Adspect cloaking to mislead visitors and redirect them to fraudulent crypto themed websites. These packages relied on traffic filtering techniques to separate real victims from security professionals, allowing attackers to hide malicious behavior while pushing unsuspecting users
Seven NPM Packages Use Adspect Cloaking to Lure Users to Crypto Scam Pages Read More »
Security analysts have identified a new wave of cyberattacks that rely on the ClickFix method to trick victims into running harmful commands. This activity is being monitored by eSentire under the name EVALUSION. The attackers are deploying two serious threats, the Amatera Stealer and the NetSupport RAT, through deceptive phishing pages that imitate security checks.
New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT Read More »
A threat actor known as Dragon Breath has launched a sophisticated operation using a multi layered tool called RONINGLOADER. This loader is designed to disable major endpoint security products, evade modern defenses, and ultimately deploy a modified version of Gh0st RAT. The campaign mainly targets Chinese speaking victims and relies on trojanized installers that appear
Dragon Breath Deploys RONINGLOADER to Disable Security Tools and Install Gh0st RAT Read More »
Phishing remains one of the most consistent cyber threats faced by organizations worldwide. Attackers continuously refine their strategies to steal credentials and sensitive data, and a recently uncovered phishing framework shows how far these tactics have evolved. Security analysts discovered a multi layered phishing system designed to impersonate Aruba S.p.A, an Italian IT and web