Malicious NPM Package with 56K Downloads Steals WhatsApp Messages
A dangerous npm package named “lotusbail” has been stealing WhatsApp messages and user data from thousands of developers worldwide. The package, which has been downloaded…
Category: CyberSecurityNews
Arcane Werewolf Hacker Group Added Loki 2.1 Malware Toolkit to their Arsenal
The threat actor group known as Arcane Werewolf, also tracked as Mythic Likho, has refreshed its attack capabilities by deploying a new version of its…
Nissan Confirms Data Breach Following Unauthorized Access to Red Hat Servers
Nissan Motor Corporation has publicly confirmed a significant data breach stemming from unauthorized access to Red Hat servers. Managed by a third-party contractor responsible for…
Microsoft Brokering File System Vulnerability Let Attackers Escalate Privileges
Microsoft has patched a significant use-after-free vulnerability in its Brokering File System (BFS) driver, tracked as CVE-2025-29970. The flaw enables local attackers to escalate privileges…
BlindEagle Hackers Attacking Government Agencies with Powershell Scripts
BlindEagle, a South American threat group, has launched a sophisticated campaign against Colombian government agencies, demonstrating an alarming evolution in attack techniques. In early September…
PoC Exploit Released for Use-After-Free Vulnerability in Linux Kernel’s POSIX CPU Timers Implementation
A proof-of-concept (PoC) exploit has been publicly released for CVE-2025-38352, a race condition vulnerability affecting the Linux kernel’s POSIX CPU timer implementation. The flaw enables…
SideWinder APT Hackers Attacking Indian Entities by Masquerading as the Income Tax Department of India
The campaign is run by the SideWinder advanced persistent threat group and aims to plant a silent Windows backdoor on victim machines. Once active, the…
Sleeping Bouncer Vulnerability Impacts Motherboards from Gigabyte, MSI, ASRock and ASUS
A significant security vulnerability has emerged affecting motherboards from Gigabyte, MSI, ASRock, and ASUS. Riot Games analysts and researchers identified a critical flaw during their…
Docker Open Sources Production-Ready Hardened Images for Free
Docker has announced a significant shift in its container security strategy, making its Docker Hardened Images (DHI) freely available to all developers. Previously a commercial-only offering, DHI…
New Wonderland Android Malware with Bidirectional SMS-Stealing Capabilities Stealing OTPs
A sophisticated new Android malware family called Wonderland has emerged as a significant threat to users in Uzbekistan and the broader Central Asia region. The…
Hackers Exploiting .onmicrosoft.com Domains to Launch TOAD Scam Attack
Cybercriminals are increasingly weaponizing legitimate Microsoft infrastructure to bypass security filters and trick users into falling for Telephone-Oriented Attack Delivery (TOAD) scams. By abusing the…
Lies-in-the-Loop Attack Turns AI Safety Dialogs into Remote Code Execution Attack
A newly discovered attack technique has exposed a critical weakness in artificial intelligence code assistants by weaponizing their built-in safety features. The attack, known as…