Researchers Created a Linux Rootkit that Evades Elastic Security EDR Detection
A sophisticated Linux kernel rootkit designed to slip past the defenses of Elastic Security, a leading endpoint detection and response (EDR) platform. Released on GitHub…
Category: CyberSecurityNews
CISA Warns of VMware Tools and Aria Operations 0-Day Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-41244 to its Known Exploited Vulnerabilities catalog. This local privilege escalation flaw affects Broadcom’s VMware Aria…
New Windows-Based Airstalk Malware Employs Multi-Threaded C2 Communication to Steal Logins
A newly discovered Windows malware family named Airstalk has emerged as a sophisticated threat capable of exfiltrating sensitive browser credentials through an innovative covert command-and-control…
New Agent-Aware Cloaking Leverages OpenAI ChatGPT Atlas Browser to Deliver Fake Content
A new agent-aware cloaking technique uses AI browsers like OpenAI’s ChatGPT Atlas to deliver misleading content. This method allows malicious actors to poison the information…
New Lampion Stealer Uses ClickFix Attack to Silently Steal Login Credentials
Researchers have uncovered a sophisticated campaign leveraging the Lampion banking trojan, a malware strain that has operated since 2019 with a renewed focus on Portuguese…
700+ Malicious Android Apps Abusing NFC Relay to Exfiltrate Banking Login Credentials
A sophisticated malware campaign exploiting Near Field Communication technology on Android devices has expanded dramatically since its emergence in April 2024. What began as isolated…
RediShell RCE Vulnerability Exposes 8,500+ Redis Instances to Code Execution Attacks
The cybersecurity landscape faced a critical threat in early October 2025 with the public disclosure of RediShell, a severe use-after-free vulnerability in Redis’s Lua scripting…
Critical Vulnerability In Chromium’s Blink Let Attackers Crash Chromium-based Browsers Within Seconds
Security researcher Jofpin has disclosed “Brash,” a critical flaw in Google’s Blink rendering engine that enables attackers to crash Chromium-based browsers almost instantly. Affecting billions…
CISA Releases Best Security Practices Guide for Hardening Microsoft Exchange Server
In a timely response to escalating threats against email infrastructure, the Cybersecurity and Infrastructure Security Agency (CISA), alongside the National Security Agency (NSA), Australian Cyber…
New Malware Targeting WooCommerce Sites with Malicious Plugins Steals Credit Card Data
A sophisticated malware campaign has emerged targeting WordPress e-commerce sites, particularly those leveraging the WooCommerce plugin to process customer transactions. The threat, discovered in August…
12 Malicious Extension in VSCode Marketplace Steal Source Code and Exfiltrate Login Credentials
A recent discovery has shaken the Visual Studio Code (VSCode) ecosystem, unveiling a sophisticated supply chain attack targeting developers worldwide. At least a dozen malicious…
Multiple Jenkins Vulnerability SAML Authentication Bypass And MCP Server Plugin Permissions
The Jenkins project released Security Advisory 2025-10-29 on October 28, 2025, disclosing multiple vulnerabilities across 13 plugins that power the popular open-source automation server. These…