Experts from Solar 4RAYS of the “Solar” Group discovered a new hacking group called Proxy Trickster, which engages in cryptocurrency mining and proxyjacking (hijacking control over servers for transformation and sale). Over the course of a year,…
CONTINUE READING 🡒 Category: News
Scammers Discover Method to Bypass FIDO Multi-Factor Authentication
Operators of the phishing campaign PoisonSeed have found a method to bypass FIDO (in this case — FIDO2 with WebAuthn) by exploiting the authentication mechanism between devices implemented in WebAuthn. The attackers deceive victims into approving login…
CONTINUE READING 🡒 
HPE Aruba Instant On Access Points Contained Hardcoded Credentials
Hewlett-Packard Enterprise (HPE) has warned that hardcoded credentials have been discovered in Aruba Instant On access points. These credentials allow bypassing standard device authentication to gain access to the web interface.
CONTINUE READING 🡒 
Critical Bug in CrushFTP Allows for Administrative Access
The developers of CrushFTP warn about a zero-day vulnerability (CVE-2025-54309), which hackers are already exploiting. This issue allows for administrative access to vulnerable servers through the web interface.
CONTINUE READING 🡒 
Trojan Chaos RAT Discovered in Arch User Repository
Developers of Arch Linux discovered three malicious packages in the Arch User Repository (AUR). These packages were used to install the Chaos remote access trojan (RAT) on Linux devices.
CONTINUE READING 🡒 
Microsoft Releases Emergency Patch: 0-Day Vulnerabilities in SharePoint Exploited in…
Critical zero-day vulnerabilities in Microsoft SharePoint (CVE-2025-53770 and CVE-2025-53771) have been actively exploited since the end of last week, compromising at least 85 servers worldwide.
CONTINUE READING 🡒 
Google Sues Operators of BadBox 2.0 Botnet Infecting Over 10…
Google has filed a lawsuit against the anonymous operators of the Android botnet BadBox 2.0, accusing them of orchestrating a global fraud scheme targeting the company’s advertising platforms.
CONTINUE READING 🡒 
Malware LameHug Utilizes LLM to Generate Commands on Infected Machines
The new malware family LameHug utilizes LLM (Large Language Model) to generate commands that are executed on compromised systems running Windows.
CONTINUE READING 🡒 
Malware Hidden Inside DNS Records
Experts at DomainTools discovered that hackers are hiding malicious payloads within DNS records. This simplifies the retrieval of malware binaries, as it eliminates the need to download them from suspicious sites or attach them to emails.
CONTINUE READING 🡒 
Curl Developer Considers Ending Bug Bounties Due to AI-Generated Junk
The founder and lead developer of Curl, Daniel Stenberg, announced that due to an abundance of AI-generated junk, he is prepared to completely terminate the project’s bug bounty program. The issue is that he and other maintainers…
CONTINUE READING 🡒 
Chrome Addresses Sandbox Escape Vulnerability Already Exploited in Attacks
Google has released fixes for six vulnerabilities in the Chrome browser. One of these vulnerabilities was already being exploited in real attacks to bypass the browser’s sandbox.
CONTINUE READING 🡒 
APK Files of Konfety Malware Obfuscated to Evade Detection
Experts have discovered a new variant of the Android malware Konfety with a distorted ZIP structure and other obfuscation techniques that allow it to evade analysis and detection.
CONTINUE READING 🡒 
Law Enforcement Dismantles Diskstation Group That Attacked NAS Devices
Law enforcement reported the dismantling of the Romanian ransomware hacker group Diskstation, which had previously successfully encrypted the systems of several companies in Italy, paralyzing their businesses.
CONTINUE READING 🡒 
Malware XORIndex Discovered in 67 npm Packages
North Korean hackers have deployed 67 malicious packages on npm, through which a new malware loader called XORIndex was distributed. In total, the packages accounted for over 17,000 downloads.
CONTINUE READING 🡒 
British Police Arrest Four Individuals Involved in Attacks on Retailers
The UK’s National Crime Agency (NCA) arrested four individuals suspected of involvement in attacks on major retailers in the country, including Marks & Spencer, Co-op, and Harrods.
CONTINUE READING 🡒 
Vulnerability in Railway Protocol Allows Train to Be Stopped Using…
Back in 2012, independent cybersecurity researcher Neil Smith reported to the U.S. government about a vulnerability in a communication standard used in trains. However, the issue has not yet been resolved, and the researcher’s concerns were dismissed…
CONTINUE READING 🡒 
FileFix Technique Used for Delivering Interlock Malware
The ransomware hacking group Interlock is distributing a Remote Access Trojan (RAT) through compromised websites. The hackers use FileFix attacks to deliver the malware.
CONTINUE READING 🡒 
Gigabyte Motherboards Vulnerable to UEFI Malware
Many models of Gigabyte motherboards utilize vulnerable UEFI firmware, which allows for the installation of bootkits that are invisible to the operating system.
CONTINUE READING 🡒 
Hackers Exploit Critical RCE Vulnerability in Wing FTP Server
Hackers began exploiting a critical vulnerability in Wing FTP Server just one day after technical details about the issue were published.
CONTINUE READING 🡒 
eSIM Vulnerabilities Allow Card Cloning and User Spying
AG Security Research researchers have discovered vulnerabilities in the eSIM technology used in modern smartphones. The issues impact the eUICC software package by Kigen, which is used by billions of devices.
CONTINUE READING 🡒