Cybersecurity in Japan has hit a new low as the Financial Services Agency (FSA) reports a staggering increase in unauthorized access to internet trading accounts, […]
Magecart Launches New Attack Using Malicious JavaScript to Steal Credit Card Data
The notorious Magecart group has been identified by the Yarix Incident Response Team as the culprits behind a recent credit card data theft operation on […]
Latest Lumma InfoStealer Variant Found Using Code Flow Obfuscation
Researchers have uncovered a sophisticated new variant of the notorious Lumma InfoStealer malware, employing advanced code flow obfuscation techniques to evade detection. This new development […]
New Rust-Based Botnet Hijacks Routers to Inject Remote Commands
A new malware named “RustoBot” has been discovered exploiting vulnerabilities in various router models to gain unauthorized access and initiate Distributed Denial of Service (DDoS) […]
CISA Issues Warning Against Using Censys, VirusTotal in Threat Hunting Ops
The Cybersecurity and Infrastructure Security Agency (CISA) has alerted its threat hunting teams to immediately discontinue use of two widely trusted cyber threat intelligence tools, […]
Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach
Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it’s also in […]
PoC Released for Critical Unauthenticated Erlang/OTP RCE Vulnerability
A critical remote code execution (RCE) vulnerability in Erlang/OTP’s SSH implementation (CVE-2025-32433) has now entered active exploit risk after researchers published a proof-of-concept (PoC) this […]
Fake Certificate Issued for Alibaba Cloud After SSL.com Validation Trick
A critical vulnerability in SSL.com’s domain validation process allowed unauthorized parties to fraudulently obtain TLS certificates for high-profile domains, including Alibaba Cloud’s aliyun.com, researchers revealed this […]
WordPress Ad-Fraud Plugins Trigger Massive 1.4 Billion Daily Ad Requests
Cybersecurity researchers have uncovered a sprawling ad-fraud operation exploiting WordPress plugins to trigger over 1.4 billion fraudulent ad requests every day. Dubbed “Scallywag,” this scheme […]
Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation
A newly discovered vulnerability in the Windows Update Stack, tracked as CVE-2025-21204, has sent shockwaves through the cybersecurity community after researchers revealed it could enable […]