Category: Uncategorized

  • ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

    ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

    A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild.
    The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0.
    It relates to a case of unrestricted file upload that stems from improper validation of
  • JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025

    JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025

    Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware family called JanelaRAT.
    A modified version of BX RAT, JanelaRAT is known to steal financial and cryptocurrency data associated with specific financial entities, as well as track mouse inputs, log keystrokes, take screenshots, and collect system metadata.
    “One of the
  • FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts

    FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts

    The U.S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the infrastructure associated with a global phishing operation that leveraged an off-the-shelf toolkit called W3LL to steal thousands of victims’ account credentials and attempt more than $20 million in fraud.
    In tandem, authorities detained the alleged developer, who has&
  • ⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

    ⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

    Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that is finally coming to light. It is one of those mornings where the gap between a quiet shift and a full-blown incident response is basically
  • Your MTTD Looks Great. Your Post-Alert Gap Doesn’t

    Your MTTD Looks Great. Your Post-Alert Gap Doesn’t

    Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks’ Wendi Whitmorewarned that similar capabilities are weeks or months from proliferation. CrowdStrike’s 2026 Global Threat Report puts average eCrime breakout time at 29 minutes. Mandiant’s M-Trends 2026
  • North Korea’s APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

    North Korea’s APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

    The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT.
    “The threat actor used two Facebook
  • OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

    OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

    OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised.
    “Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps,” OpenAI said in a post last week. “We found
  • CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

    CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

    Unknown threat actors compromised CPUID (“cpuid[.]com”), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT.
    The incident lasted from approximately April 9, 15:00 UTC, to about April 10, 10:00 UTC, with
  • Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data

    Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data

    Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc.
    The tool was developed by Israeli company Cobwebs Technologies and is now sold by its successor Penlink after the two firms merged in July 2023
  • GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

    GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

    Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that’s designed to stealthily infect all integrated development environments (IDEs) on a developer’s machine.
    The technique has been discovered in an Open VSX extension named “specstudio.code-wakatime-activity-tracker,” which masquerades as WakaTime, a