WinRAR 0-Day Vulnerabilities Exploited in Wild by Hackers
The cybersecurity landscape has been significantly impacted by the discovery and active exploitation of two critical zero-day vulnerabilities in WinRAR, one of the world’s most…
Category: CyberSecurityNews
PoC Exploit Released for Chrome 0-Day Vulnerability Exploited in the Wild
Google has disclosed a critical zero-day vulnerability in the V8 JavaScript engine used by Chrome, tracked as CVE-2025-5419. Before a patch could be rolled out…
French Retailer Auchan Cyberattack – Thousands of Customers Personal Data Exposed
Major French retail chain Auchan announced on August 21, 2025, that it suffered a significant cybersecurity incident resulting in the unauthorized access and theft of…
X/Twitter The Most Aggressive Social Media App Collecting Users Location Information
A comprehensive analysis of the top 10 social media platforms reveals that X (formerly Twitter) stands out as the most invasive collector of user location…
Malicious Bing Ads deploy Weaponized PuTTY to Exploit Kerberos and Attack Active Directory services
A malvertising campaign using sponsored results on Microsoft’s search platform delivered a weaponized PuTTY that established persistence, enabled hands-on keyboard control, and executed Kerberoasting to…
Threat Actors Adapting Android Droppers Even to Deploy Simple Malware to Stay Future-Proof
Android droppers have evolved from niche installers for heavyweight banking Trojans into universal delivery frameworks, capable of deploying even rudimentary spyware or SMS stealers. Initially,…
Chinese UNC6384 Hackers Leverages Valid Code Signing Certificates to Evade Detection
A stealthy espionage campaign emerged in early 2025 targeting diplomats and government entities in Southeast Asia and beyond. At the heart of this operation lies…
Hackers Actively Scanning to Exploit Microsoft Remote Desktop Protocol Services 30,000+ IP’s
A massive coordinated scanning campaign targeting Microsoft Remote Desktop Protocol (RDP) services, with threat actors deploying over 30,000 unique IP addresses to probe for vulnerabilities…
0-Click Zendesk Account Takeover Vulnerability Enables Access to all Zendesk Tickets
A critical security vulnerability has been discovered in Zendesk’s Android SDK implementation that allows attackers to perform mass account takeovers without any user interaction. The…
Threat Actors Weaponizes AI Generated Summaries With Malicious Payload to Execute Ransomware
A novel adaptation of the ClickFix social engineering technique has been identified, leveraging invisible prompt injection to weaponize AI summarization systems in email clients, browser…
Beware of Website Mimicking Google Play Store Pages to Deliver Android Malware
A sophisticated Android malware campaign has resurfaced, exploiting deceptive websites that perfectly mimic legitimate Google Play Store application pages to distribute the notorious SpyNote Remote…
New Android Spyware Disguised as an Antivirus Attacking Business Executives
In recent months, security teams have observed the emergence of a highly versatile Android backdoor, Android.Backdoor.916.origin, masquerading as a legitimate antivirus application. Distributed via private…