The Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Android Framework vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in […]
WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts
A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. The vulnerability, CVE-2025-8489 […]
Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation
Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company’s November 2025 Patch […]
Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud
The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) […]
Hybrid 2FA phishing kits are making attacks harder to detect
Some 2FA-phishing attacks are becoming significantly harder to spot as threat actors blend two previously distinct phishing-as-a-service (PhaaS) kits: Salty2FA and Tycoon2FA, into a single […]
AI Bolsters Python Variant of Brazilian WhatsApp Attacks
Water Saci has upgraded its self-propagating malware to compromise banks and cryptocurrency exchanges by targeting enterprise users of the popular chat app. ​The original article […]
Get poetic in prompts and AI will break its guardrails
Poetry can be a perplexing art form for humans to decipher at times, and apparently AI is being tripped up by it too. Researchers from […]
The Ransomware Holiday Bind: Burnout or Be Vulnerable
Ransomware groups target enterprises during off-hours, weekends, and holidays when security teams are stretched thin and response times lag. ​The original article found on darkreading […]
Neue bösartige Browser-Erweiterungen entdeckt
Cyberangreifer nutzen Chrome- und Edge-Add-ons zur Datenerfassung, Suchmanipulation und als Backdoor. Ascannio – shutterstock.com Forscher des Security-Anbieters Koi haben eine Cyberbande namens „ShadyPanda“ dabei ertappt, […]
Massive Phishing Attack Uses Parking Ticket and Medical Test Themes, Attributed to Storm-0900
In a brazen attempt to exploit the chaotic pre-holiday rush, Microsoft Security has detected and dismantled a large-scale phishing campaign launched on Thanksgiving Eve. The […]