New Linux Kernel Vulnerability Directly Exploited from Chrome Renderer Sandbox
August 9, 2025 — A critical vulnerability in the Linux kernel, identified as CVE-2025-38236, has exposed a flaw that could allow attackers to escalate privileges…
Month: August 2025
Germany limits police spyware use to serious crimes
Germany limits police spyware use to serious crimes Pierluigi Paganini August 09, 2025 Germany’s top court ruled police can use spyware only for crimes punishable…
A Cobalt Strike Like Tool That Turns Chrome into C2 Platform
At DEF CON 33, security researcher Mike Weber of Praetorian Security unveiled ChromeAlone — a Chromium-based browser Command & Control (C2) framework capable of replacing…
CastleBot MaaS Unleashes Diverse Payloads in Coordinated Ransomware Attacks
IBM X-Force has uncovered CastleBot, a nascent malware framework operating as a Malware-as-a-Service (MaaS) platform, enabling cybercriminals to deploy a spectrum of payloads ranging from…
Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom
Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom Pierluigi Paganini August 09, 2025 WinRAR flaw CVE-2025-8088, fixed in v7.13, was exploited as a zero-day…
5,000+ Fake Online Pharmacies Websites Selling Counterfeit Medicines
A sophisticated cybercriminal enterprise operating over 5,000 fraudulent online pharmacy websites has been exposed in a comprehensive investigation, revealing one of the largest pharmaceutical fraud…
Threat Actors Using Typosquatted PyPI Packages to Steal Cryptocurrency from Bittensor Wallets
A sophisticated cryptocurrency theft campaign has emerged targeting the Bittensor ecosystem through malicious Python packages distributed via the Python Package Index (PyPI). The attack leverages…
Huge Wave of Malicious Efimer Malicious Script Attack Users via WordPress Sites, Malicious Torrents, and Email
A sophisticated malware campaign dubbed “Efimer” has emerged as a significant threat to cryptocurrency users worldwide, employing a multi-vector approach that combines compromised WordPress websites,…
CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials
Cybersecurity researchers have discovered over a dozen vulnerabilities in enterprise secure vaults from CyberArk and HashiCorp that, if successfully exploited, can allow remote attackers to…
DarkCloud Stealer Employs New Infection Chain and ConfuserEx-Based Obfuscation
A sophisticated information-stealing malware campaign has emerged, utilizing advanced obfuscation techniques and multiple infection vectors to evade traditional security controls. The DarkCloud Stealer, first documented…
Multiple 0-days to Bypass BitLocker and Extract All Protected Data
Researchers have disclosed a series of critical zero-day vulnerabilities that completely bypass Windows BitLocker encryption, allowing attackers with physical access to extract all protected data…
28,000 Microsoft Exchange Servers Vulnerable to CVE-2025-53786 Exposed Online
Over 28,000 unpatched Microsoft Exchange servers are exposed on the public internet and remain vulnerable to a critical security flaw designated CVE-2025-53786, according to new…