Threat

Google Uncovers Three New Russian Malware Families Developed by COLDRIVER Hackers

Google’s Threat Intelligence Group (GTIG) has revealed new details about the Russian-linked hacking group known as COLDRIVER, uncovering three newly developed malware families that reflect the group’s increasing cyber activity since May 2025. According to GTIG’s research, COLDRIVER has significantly expanded its malware arsenal just days after its previously known malware, LOSTKEYS, was publicly exposed. […]

Google Uncovers Three New Russian Malware Families Developed by COLDRIVER Hackers Read More »

PolarEdge Botnet Expands, Targeting Cisco, ASUS, QNAP, and Synology Routers

Cybersecurity researchers have uncovered the inner workings of a router-focused botnet called PolarEdge, which targets devices from Cisco, ASUS, QNAP, and Synology. First reported by Sekoia in February 2025, PolarEdge uses a TLS-based ELF implant to take control of vulnerable routers and expose them to remote commands, creating a network of compromised devices for purposes

PolarEdge Botnet Expands, Targeting Cisco, ASUS, QNAP, and Synology Routers Read More »

Meta Introduces New Security Tools to Protect WhatsApp and Messenger Users from Scams

Meta has announced a new set of security tools aimed at strengthening protection for WhatsApp and Messenger users against online scams. According to Meta, these new updates are designed to help users identify and prevent fraudulent attempts that target personal data, financial information, and digital identities. Screen-Sharing Warnings on WhatsApp WhatsApp is rolling out new

Meta Introduces New Security Tools to Protect WhatsApp and Messenger Users from Scams Read More »

China’s MSS Accuses NSA of Using 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems

China’s Ministry of State Security (MSS) has accused the United States National Security Agency (NSA) of executing a planned cyberattack against the National Time Service Center (NTSC). The Chinese agency described the U.S. as a “hacker empire” and “the greatest source of chaos in cyberspace.” According to MSS, the attack targeted China’s official time infrastructure,

China’s MSS Accuses NSA of Using 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems Read More »

New .NET CAPI Backdoor Targets Russian Automotive and E-Commerce Firms via Phishing ZIPs

Cybersecurity researchers have uncovered a fresh phishing campaign that appears aimed at organizations in Russia’s automotive and e-commerce sectors, using a previously unseen .NET implant, named CAPI Backdoor. According to Seqrite Labs, attackers distributed a ZIP attachment to trigger infection, and the ZIP artifact was uploaded to VirusTotal on October 3, 2025. image import–phishing-zip-sample Attack

New .NET CAPI Backdoor Targets Russian Automotive and E-Commerce Firms via Phishing ZIPs Read More »

Microsoft Revokes 200 Fake Certificates Abused in Rhysida Ransomware Attacks

Microsoft has taken decisive action against a cyber campaign linked to the Rhysida ransomware group by revoking more than 200 fraudulent code-signing certificates. These certificates were misused by a threat actor known as Vanilla Tempest to disguise malicious software as legitimate Microsoft Teams installers. Discovery and Disruption According to the Microsoft Threat Intelligence team, the

Microsoft Revokes 200 Fake Certificates Abused in Rhysida Ransomware Attacks Read More »

LinkPro Linux Rootkit Uses eBPF to Hide, Activates via Magic TCP Packets

An investigation into a compromise of Amazon Web Services, AWS, hosted infrastructure uncovered a new GNU/Linux rootkit named LinkPro, according to Synacktiv. The backdoor relies on two eBPF, extended Berkeley Packet Filter, modules for stealth and remote activation. The initial access vector was an exposed Jenkins server exploited via CVE-2024-23897, after which a malicious Docker

LinkPro Linux Rootkit Uses eBPF to Hide, Activates via Magic TCP Packets Read More »

Attackers Use Blockchain Smart Contracts to Distribute Malware Through Compromised WordPress Sites

Cybersecurity researchers have observed a financially motivated threat actor, tracked as UNC5142, leveraging blockchain smart contracts to distribute information-stealing malware targeting both Windows and macOS systems. This operation demonstrates how attackers combine traditional web compromises with modern Web3 technology to evade detection and increase operational resilience. Malware Distribution via WordPress and Blockchain According to the

Attackers Use Blockchain Smart Contracts to Distribute Malware Through Compromised WordPress Sites Read More »

Windows BitLocker Flaws Allow Attackers to Bypass Encryption Security

Microsoft has revealed two major security vulnerabilities in its Windows BitLocker encryption system that could let attackers with physical access bypass data protection and read encrypted files. The flaws, listed as CVE-2025-55338 and CVE-2025-55333, were disclosed on October 14, 2025, as part of Microsoft’s Patch Tuesday updates. Both issues are rated Important with a CVSS

Windows BitLocker Flaws Allow Attackers to Bypass Encryption Security Read More »

CISA Warns of Adobe AEM Vulnerability Rated CVSS 10.0 Under Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a severe security flaw affecting Adobe Experience Manager (AEM). The flaw, now listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog, has been confirmed to be under active exploitation. With a CVSS score of 10.0, this bug represents the highest level of

CISA Warns of Adobe AEM Vulnerability Rated CVSS 10.0 Under Active Exploitation Read More »