A cybersecurity researcher has released a new open-source scanner designed to detect a critical vulnerability affecting Microsoft SharePoint servers, providing organizations with a crucial tool […]
New DCHSpy Android Malware Targets WhatsApp, Call Logs, Audio, and Photos
Security researchers at Lookout have identified four novel samples of DCHSpy, an advanced Android surveillanceware attributed to the Iranian threat actor group MuddyWater, believed to […]
Apache Jena Vulnerability Allows Arbitrary File Access
Critical security vulnerabilities in Apache Jena have been disclosed that enable administrators to access and create files outside designated server directories, potentially compromising system security. […]
Prettier-ESLint npm packages hijacked in a sophisticated supply chain attack
Popular configuration packages for integrating Prettier with ESLint, the widely used code formatting tools within JavaScript and TypeScript projects, were hijacked after a maintainer fell […]
Hackers Selling macOS 0-Day LPE Exploit on Dark Forums
A threat actor claiming to possess a zero-day Local Privilege Escalation (LPE) exploit targeting Apple’s macOS operating system has emerged on underground cybercriminal forums, offering […]
Dark Web Travel Agencies Exploit Cheap Deals to Steal Credit Card Data
Dark web travel agencies have developed into highly skilled organizations operating in the murky corners of cybercrime, using hacked credit card information, compromised loyalty accounts, […]
PoisonSeed überlistet FIDO-Schlüssel
Cyberkriminelle nutzen die geräteübergreifende Anmeldeoption von FIDO aus, um eine von ihnen kontrollierte authentifizierte Sitzung zu erstellen. ArtemisDiana – shutterstock.com FIDO-Schlüssel verwenden eine hardwarebasierte Multi-Faktor-Authentifizierung, […]
Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access
The recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings from Check Point Research. The […]
Cybercriminals Merge Android Malware with Click Fraud Apps to Harvest Credentials
Researchers uncovered an active Android malware cluster that ingeniously combines brand impersonation with traffic monetization tactics, targeting users across multiple regions. These malicious Android Package […]
Financial Institutions Under Siege by Greedy Sponge Hackers’ Modified AllaKore RAT
A financially motivated threat actor, now identified as Greedy Sponge, has been relentlessly targeting Mexican organizations with a customized version of the AllaKore Remote Access […]