A Cobalt Strike Like Tool That Turns Chrome into C2 Platform
At DEF CON 33, security researcher Mike Weber of Praetorian Security unveiled ChromeAlone — a Chromium-based browser Command & Control...
Read more →Author: Cybernoz
CastleBot MaaS Unleashes Diverse Payloads in Coordinated Ransomware Attacks
IBM X-Force has uncovered CastleBot, a nascent malware framework operating as a Malware-as-a-Service (MaaS) platform, enabling cybercriminals to deploy a...
Read more →
Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom
Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom Pierluigi Paganini August 09, 2025 WinRAR flaw CVE-2025-8088, fixed in v7.13,...
Read more →
5,000+ Fake Online Pharmacies Websites Selling Counterfeit Medicines
A sophisticated cybercriminal enterprise operating over 5,000 fraudulent online pharmacy websites has been exposed in a comprehensive investigation, revealing one...
Read more →
Threat Actors Using Typosquatted PyPI Packages to Steal Cryptocurrency from Bittensor Wallets
A sophisticated cryptocurrency theft campaign has emerged targeting the Bittensor ecosystem through malicious Python packages distributed via the Python Package...
Read more →
Huge Wave of Malicious Efimer Malicious Script Attack Users via WordPress Sites, Malicious Torrents, and Email
A sophisticated malware campaign dubbed “Efimer” has emerged as a significant threat to cryptocurrency users worldwide, employing a multi-vector approach...
Read more →
CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials
Cybersecurity researchers have discovered over a dozen vulnerabilities in enterprise secure vaults from CyberArk and HashiCorp that, if successfully exploited,...
Read more →
DarkCloud Stealer Employs New Infection Chain and ConfuserEx-Based Obfuscation
A sophisticated information-stealing malware campaign has emerged, utilizing advanced obfuscation techniques and multiple infection vectors to evade traditional security controls....
Read more →
Multiple 0-days to Bypass BitLocker and Extract All Protected Data
Researchers have disclosed a series of critical zero-day vulnerabilities that completely bypass Windows BitLocker encryption, allowing attackers with physical access...
Read more →
28,000 Microsoft Exchange Servers Vulnerable to CVE-2025-53786 Exposed Online
Over 28,000 unpatched Microsoft Exchange servers are exposed on the public internet and remain vulnerable to a critical security flaw...
Read more →
Why an Effective Detection and Response Strategy Must Focus on Very Attacked People (VAPs)
When a business is considering its vulnerabilities and turns to consider which of its people might pose the most of...
Read more →
CastleBot Malware-as-a-Service Deploys Range of Payloads Linked to Ransomware Attacks
A sophisticated new malware framework named CastleBot has emerged as a significant threat to cybersecurity, operating as a Malware-as-a-Service (MaaS)...
Read more →