Threat

Banking Malware Exploits WhatsApp to Take Remote Control of Computers

A newly discovered malware campaign is spreading rapidly across Brazil, using WhatsApp as its main delivery channel. Cybersecurity experts have identified this advanced banking Trojan as “Maverick”, a threat capable of taking remote control of infected computers and stealing sensitive financial data. Massive Scale of Infection Researchers report that over 62,000 infection attempts were blocked […]

Banking Malware Exploits WhatsApp to Take Remote Control of Computers Read More »

Chinese Threat Group ‘Jewelbug’ Infiltrates Russian IT Network Undetected for Months

A Chinese-linked cyber threat group, known as Jewelbug, has successfully infiltrated a Russian IT service provider for five months, marking the group’s expansion beyond its traditional targets in Southeast Asia and South America. This operation, running from January to May 2025, underscores the continued reach of Chinese cyber espionage. Background on Jewelbug and Related Clusters

Chinese Threat Group ‘Jewelbug’ Infiltrates Russian IT Network Undetected for Months Read More »

Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code

Veeam has issued an urgent security update to fix several critical remote code execution (RCE) vulnerabilities affecting Veeam Backup & Replication version 12. These flaws could let authenticated domain users execute malicious code on backup servers and infrastructure hosts, posing a severe threat to organizations. Two of the most dangerous vulnerabilities specifically impact domain-joined installations

Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code Read More »

Hackers Use 13,000+ Domains via Cloudflare to Conduct ClickFix Attacks

In mid-2025, cybersecurity researchers at Lab539 detected an unexpected rise in a new browser-based malware campaign known as ClickFix. First appearing quietly in July, this threat quickly grew by registering over 13,000 unique domains aimed at tricking users into running malicious commands on their own devices. How ClickFix Works ClickFix attacks utilize compromised or low-cost

Hackers Use 13,000+ Domains via Cloudflare to Conduct ClickFix Attacks Read More »

100+ VS Code Extensions Found Exposing Developers to Hidden Supply Chain Threats

Recent research has revealed that more than 100 Visual Studio Code (VS Code) extensions have inadvertently leaked access tokens, creating a critical risk in the software supply chain. Malicious actors could exploit these tokens to push updates to the extensions, potentially compromising developers’ systems. Critical Risk of Leaked Tokens According to Wiz security researcher Rami

100+ VS Code Extensions Found Exposing Developers to Hidden Supply Chain Threats Read More »

F5 BIG-IP Source Code Exposed in Breach by Nation-State Hackers

U.S.-based cybersecurity firm F5 disclosed on Wednesday that unauthorized actors infiltrated its systems and obtained files containing portions of the BIG-IP source code, along with information about undisclosed vulnerabilities in the product. The company attributed the attack to a “highly sophisticated nation-state threat actor,” noting that the intruders maintained prolonged access to its network. According

F5 BIG-IP Source Code Exposed in Breach by Nation-State Hackers Read More »

Attackers Exploit ICTBroadcast Cookie Flaw to Obtain Remote Shell Access

Cybersecurity researchers have reported an active exploitation of a serious security flaw in ICTBroadcast, the autodialer software developed by ICT Innovations. The vulnerability, tracked as CVE-2025-2611 and assigned a CVSS score of 9.3, arises from insufficient input validation. This flaw allows unauthenticated remote code execution, as the call center application improperly passes session cookie data

Attackers Exploit ICTBroadcast Cookie Flaw to Obtain Remote Shell Access Read More »

New SAP NetWeaver Vulnerability Allows Server Takeover Without Authentication

SAP has released updates addressing 13 security flaws, with special focus on a critical vulnerability in SAP NetWeaver AS Java that could allow attackers to execute arbitrary commands. Tracked as CVE-2025-42944, this flaw has a CVSS score of 10.0, making it highly severe. Security experts classify it as an insecure deserialization issue. According to CVE.org,

New SAP NetWeaver Vulnerability Allows Server Takeover Without Authentication Read More »

Two Critical Red Lion RTU Flaws Rated CVSS 10.0 Could Give Hackers Full Industrial Control

Cybersecurity researchers have disclosed two severe vulnerabilities in Red Lion Sixnet remote terminal units, RTUs, that together can allow unauthenticated attackers to gain root level code execution on affected devices. The issues, tracked as CVE-2023-40151 and CVE-2023-42770, carry the maximum CVSS score, 10.0, highlighting the high risk to industrial control systems across energy, water, transportation,

Two Critical Red Lion RTU Flaws Rated CVSS 10.0 Could Give Hackers Full Industrial Control Read More »

GhostBat RAT Masquerades as Fake RTO Android Apps to Steal Banking Data from Indian Users

A new, persistent Android campaign, attributed to GhostBat RAT, impersonates Regional Transport Office, RTO, applications to steal banking data from Indian users. Attackers distribute malicious droppers through WhatsApp, SMS with shortened URLs, GitHub hosted APKs, and compromised websites, then use multi stage loading, ZIP header manipulation, native libraries, and extensive string obfuscation to avoid detection

GhostBat RAT Masquerades as Fake RTO Android Apps to Steal Banking Data from Indian Users Read More »