Microsoft Threat Intelligence researchers have discovered a new variant of the XCSSET malware for macOS. The new version monitors the system clipboard to intercept cryptocurrency transactions and achieves persistence using a new method.
CONTINUE READING 🡒 Category: News
Hackers attacked tech and legal organizations in the US using…
Google researchers report that suspected Chinese hackers used the Brickstorm malware in espionage operations targeting U.S. organizations in the technology and legal sectors. The attackers remained hidden in the compromised companies’ networks for about 400 days.
CONTINUE READING 🡒 
PyPI users warned again about phishing attacks
The Python Software Foundation team is once again warning developers who use the Python Package Index (PyPI) about a phishing campaign. The attackers are using domain spoofing to harvest credentials.
CONTINUE READING 🡒 
Two malicious packages found on Crates.io, the Rust repository
Two malicious packages, totaling about 8,500 downloads, have been discovered in the official Rust repository. The malware scanned developers’ systems to steal private cryptocurrency keys and other secrets.
CONTINUE READING 🡒 
A zero-day vulnerability threatens two million Cisco devices, and hackers…
Numerous Cisco devices are vulnerable to an actively exploited zero-day vulnerability (CVE-2025-20352) in IOS and IOS XE. The issue allows attackers to remotely trigger a denial-of-service condition or execute code on vulnerable devices.
CONTINUE READING 🡒 
ShadowV2 botnet uses misconfigured Docker containers for DDoS attacks
Darktrace researchers have discovered a new DDoS botnet that infects misconfigured Docker containers and then sells access to customers so they can launch attacks themselves.
CONTINUE READING 🡒 
Ransomware operator involved in European airport disruptions arrested
The UK National Crime Agency (NCA) has arrested a suspect in a ransomware attack that disrupted operations at European airports earlier this week.
CONTINUE READING 🡒 
Kali Linux 2025.3 Released with Ten New Tools
The developers have released Kali Linux 2025.3 — the third release of this year, featuring 10 new tools, Nexmon support, and improvements to NetHunter.
CONTINUE READING 🡒 
Valve advises users who installed BlockBlasters to reinstall their OS
Valve is sending warnings to users who installed and launched the malicious game BlockBlasters, recently discovered on Steam. Affected users are advised to scan their systems with antivirus software and also consider a complete OS reinstallation.
CONTINUE READING 🡒 
Unpatched vulnerability in OnePlus devices allows any app to read…
Rapid7 specialists discovered a vulnerability in several versions of OxygenOS (the Android-based OS used on OnePlus devices). The bug allows any installed application to access SMS message data and metadata without permissions or user interaction.
CONTINUE READING 🡒 
Malicious npm package used QR codes to deliver malware
Researchers have discovered a malicious npm package, fezbox, that steals victims’ cookies. To keep the malicious activity unnoticed, QR codes are used to download the malware from the attackers’ server.
CONTINUE READING 🡒 
GitHub Tightens npm Security with Mandatory 2FA and Other Measures
GitHub developers reported that they are working on a set of protective measures aimed at countering supply chain attacks, which recently led to several major incidents on the platform.
CONTINUE READING 🡒 
Researchers have compiled a list of the 25 key MCP…
Adversa researchers have published an analysis of the top 25 Model Context Protocol (MCP) vulnerabilities. They describe this list as “the most comprehensive analysis of MCP vulnerabilities to date.”
CONTINUE READING 🡒 
Cloudflare Reports 22.2 Tbps DDoS Attack
Cloudflare reports a new record in the DDoS arena. The company mitigated a DDoS attack that peaked at a record 22.2 Tbps and 10.6 billion packets per second. Just three weeks ago, the company reported mitigating a…
CONTINUE READING 🡒 
US Secret Service discovered 100,000 SIM cards that “could have…
The U.S. Secret Service reported that in the New York region (the states of New York, New Jersey, and Connecticut), a network of electronic devices was discovered, concentrated around the venue of the UN General Assembly. More…
CONTINUE READING 🡒 
Fake password manager apps infect macOS with Atomic Stealer
LastPass developers warn that attackers are targeting macOS users and impersonating popular products, spreading infostealers via GitHub.
CONTINUE READING 🡒 
Customer data stolen from automaker Stellantis
Stellantis representatives reported that attackers gained access to a third-party service provider’s platform and stole data on North American customers. Apparently, this attack is related to the Salesforce breach.
CONTINUE READING 🡒 
Creating real-time video and audio deepfakes starts at $30
Experts at Kaspersky Lab discovered darknet ads offering real-time video and audio deepfake creation. The price of such services depends on the complexity and duration of the fake content, starting at $50 for video and $30 for…
CONTINUE READING 🡒 
A Steam game stole money from hundreds of people. A…
Another malicious game has been discovered on Steam — BlockBlasters. Attention to the issue was drawn by the case of streamer Raivo Plavnieks, known as RastalandTV. He was trying to raise money for stage-four cancer treatment, but…
CONTINUE READING 🡒 
Scammers Are Creating Fake Websites While Impersonating the FBI
The FBI warned that attackers are spoofing the website of the Internet Crime Complaint Center (IC3) to commit financial fraud or steal visitors’ personal data.
CONTINUE READING 🡒