Google’s artificial intelligence system, called Big Sleep, has recently discovered five new security flaws in Apple’s WebKit engine. WebKit is the main technology that powers the Safari browser and several apps on Apple devices that display web content. These newly found flaws were serious and could be exploited by attackers if left unpatched. As soon … Continued
Researchers have discovered two new Android malware strains named BankBot-YNRK and DeliveryRAT that are actively stealing users’ financial and personal information. These trojans were found disguised as legitimate applications and are spreading through deceptive downloads and fake app packages targeting Android devices. BankBot-YNRK is a mobile banking trojan that hides inside apps pretending to be … Continued
Researchers have identified a new backdoor named HttpTroy used in a targeted cyberattack against a victim in South Korea. Security analysts link the campaign to the APT group Kimsuky, which has been associated with North Korea and known for focused espionage operations. The attackers delivered the malware through a realistic-looking VPN invoice. The invoice was … Continued
The Eclipse Foundation has announced that it has revoked a small number of access tokens used in its Open VSX Registry after a security firm discovered they had been leaked. These tokens were used by developers to publish or update extensions, and if misused, they could have allowed attackers to upload malicious versions. The Foundation … Continued
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a new VMware zero-day vulnerability, tracked as CVE-2025-41244. The flaw has been added to CISA’s Known Exploited Vulnerabilities (KEV) list, which means it is being actively used in real-world attacks. Security experts say this vulnerability needs immediate attention from all organizations using … Continued
A major data breach has occurred at Ravin Academy, a cybersecurity training centre established in 2019 in Tehran and linked to Iran’s Ministry of Intelligence and Security (MOIS). The academy confirmed the incident through a statement on its official Telegram channel on October 22, saying that one of its online platforms was attacked and that … Continued
Security researchers recently discovered that ten malicious npm packages were uploaded to the public npm registry. These packages were designed to look like legitimate ones but had slightly altered names, a trick known as typosquatting. The goal was to make developers accidentally install them, allowing attackers to secretly execute malicious code during the installation process … Continued
Russian hackers have launched a new cyberattack campaign targeting Ukrainian organizations. Security researchers discovered that these hackers used legitimate system tools already present on computers instead of traditional malware. This stealthy method allowed them to move through networks quietly, steal information, and remain undetected for long periods. The investigation revealed that two Ukrainian organizations were … Continued
SideWinder, a known hacking group, has launched a new cyber campaign targeting diplomats and government organizations across South Asia. Security experts from the Trellix Advanced Research Center uncovered this operation and revealed that the group is now using PDF files and ClickOnce installers to spread malware. This shows how SideWinder continues to evolve its techniques … Continued
In a startling development for the cybersecurity sector, F5 Networks (NASDAQ: FFIV) has sounded the alarm: a significant security incident is now expected to impact its sales momentum and has already precipitated a slide in its share price. The Incident at a Glance F5 disclosed that adversaries — believed to be state-backed actors — achieved … Continued
