Threat

Hackers Exploit Triofox Flaw to Install Remote Access Tools via Antivirus Feature

A critical vulnerability in the Triofox file-sharing platform is being actively exploited by threat actors to gain full system control. The attackers are using a clever technique: they are weaponizing the platform’s own built-in antivirus feature to download and execute remote access tools, effectively turning a security function into an attack vector. The Authentication Bypass […]

Hackers Exploit Triofox Flaw to Install Remote Access Tools via Antivirus Feature Read More »

Android Trojan ‘Fantasy Hub’ Turns Telegram into a Malware Service Hub for Hackers

A sophisticated new Android Remote Access Trojan (RAT) named “Fantasy Hub” is being marketed as Malware-as-a-Service (MaaS) on Russian-speaking Telegram channels. This malware provides attackers with comprehensive control over infected devices, posing a direct threat to both individual mobile banking users and enterprises with Bring Your Own Device (BYOD) policies. A Professionalized Cybercrime Service Fantasy

Android Trojan ‘Fantasy Hub’ Turns Telegram into a Malware Service Hub for Hackers Read More »

Malicious npm Package Discovered Targeting GitHub-Owned Repositories

Cybersecurity researchers have identified a malicious npm package, “@acitons/artifact”, that mimics GitHub’s legitimate “@actions/artifact” library. The goal appears to be the compromise of GitHub-owned repositories through build process manipulation and credential theft. This discovery highlights the growing threat of typosquatting attacks within open-source ecosystems that target trusted supply chains. Discovery and attacker intent According to

Malicious npm Package Discovered Targeting GitHub-Owned Repositories Read More »

GootLoader Returns Using New Font Trick to Conceal Malware on WordPress Sites

GootLoader has reemerged, showing fresh innovations in evasion and delivery. Recent investigations by Huntress found multiple infections since October 27, 2025, including rapid hands-on-keyboard intrusions that led to domain controller compromise within 17 hours in two cases. The loader now uses custom web fonts and other subtle tricks to hide malicious payloads on compromised WordPress

GootLoader Returns Using New Font Trick to Conceal Malware on WordPress Sites Read More »

Konni Hackers Turn Google Find Hub into Remote Data Wiping Tool

A North Korea linked actor known as Konni, also tracked as Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia, has run targeted campaigns that compromise Android and Windows systems, steal credentials, and gain remote control of victims’ devices. Researchers at the Genians Security Center say the group used social engineering to distribute malware disguised as

Konni Hackers Turn Google Find Hub into Remote Data Wiping Tool Read More »

Large-Scale ClickFix Phishing Campaign Targets Hotel Systems Using PureRAT Malware

A widespread phishing operation is targeting the hospitality sector, tricking hotel staff and guests into revealing sensitive credentials and payment data. The campaign uses compromised email accounts to impersonate legitimate booking platforms, then redirects victims to ClickFix-style pages that ultimately deliver PureRAT, a modular remote access trojan. Security firms link the activity to attacks active

Large-Scale ClickFix Phishing Campaign Targets Hotel Systems Using PureRAT Malware Read More »

GlassWorm Malware Found in Three VS Code Extensions with Thousands of Installations

Cybersecurity researchers have uncovered a new wave of the persistent GlassWorm campaign, revealing three malicious Visual Studio Code (VS Code) extensions designed to steal developer credentials and cryptocurrency. With thousands of combined installations, these extensions demonstrate a continued and evolving threat to the software development ecosystem. The Malicious Extensions and Their Reach The campaign involves

GlassWorm Malware Found in Three VS Code Extensions with Thousands of Installations Read More »

New Browser Security Report Highlights Emerging Enterprise Threats

A new Browser Security Report 2025 reveals a fundamental shift in the corporate threat landscape. The user’s browser has become the central hub where identity, SaaS, and AI-related risks converge. Traditional security tools, operating at a lower level, are failing to protect this new, parallel attack surface where unmanaged extensions, personal AI accounts, and stolen

New Browser Security Report Highlights Emerging Enterprise Threats Read More »

Microsoft Uncovers ‘Whisper Leak’ Attack Revealing AI Chat Topics Through Encrypted Traffic

Microsoft has revealed a novel side-channel attack, dubbed “Whisper Leak,” that can compromise the privacy of conversations with AI chatbots. The technique allows an eavesdropper to infer the topic of a user’s prompt by analyzing encrypted network traffic, even when protected by HTTPS, posing a significant risk to user and enterprise confidentiality. How the Whisper

Microsoft Uncovers ‘Whisper Leak’ Attack Revealing AI Chat Topics Through Encrypted Traffic Read More »

Zero-Click Samsung Flaw Used to Deliver LANDFALL Android Spyware Through WhatsApp

A critical security vulnerability in Samsung Galaxy Android devices was exploited as a zero-day to deploy a sophisticated commercial-grade spyware known as LANDFALL. The targeted attacks, focused in the Middle East, used a specially crafted image file sent through WhatsApp to compromise devices without any user interaction. The Exploited Vulnerability and Its Patch The flaw,

Zero-Click Samsung Flaw Used to Deliver LANDFALL Android Spyware Through WhatsApp Read More »