I found a new Rust-written backdoor called ChaosBot. It uses Discord, a regular chat platform, as its command-and-control channel. The attackers create a Discord channel for each infected computer and send commands there. The infected machine replies by uploading text, files, or screenshots into that channel. Because Discord is a legitimate service, using it helps … Continued
Security researchers have uncovered a large-scale phishing campaign that used the npm ecosystem to host and distribute malicious code. A total of 175 npm packages were found to be part of the operation, with over 26,000 combined downloads. These packages were designed to redirect users to fake login pages that could steal their credentials. The … Continued
A new security discovery called CamoLeak revealed a major flaw in GitHub Copilot Chat that could expose private code and sensitive data. The issue was discovered by researchers from Legit Security, who demonstrated how hidden prompts could manipulate Copilot into leaking information from private repositories. The proof-of-concept attack showed how AI assistants could unintentionally become … Continued
Russian hackers are reportedly turning to artificial intelligence as their newest weapon in the cyber war against Ukraine. In recent months, Ukraine’s cyber agencies have noticed a sharp rise in AI-powered attacks that go beyond traditional phishing or malware. These operations are faster, more targeted, and far more deceptive than before. Ukraine’s State Service for … Continued
Hackers have claimed that they breached a system used by Discord and accessed data of around 5.5 million users. They said they stole about 1.6 terabytes of data, including support tickets, attachments, and partial billing details. The attack reportedly took place in late September 2025 and lasted nearly 58 hours. Discord, however, said its main … Continued
A major security flaw has been discovered in the Figma Model Context Protocol (MCP) server, a tool commonly used by developers to integrate design and AI workflows. This vulnerability allows hackers to remotely execute code on a user’s system, putting development environments at serious risk. The flaw has been identified as CVE-2025-53967 and classified as … Continued
A major cyberattack has disrupted one of Japan’s largest beverage companies, Asahi Group, causing a noticeable shortage of its popular beers in stores and restaurants across the country. The ransomware attack last week hit the company’s computer systems, making it difficult for Asahi to take new orders or deliver its products on time. The issue … Continued
Microsoft has reported that a threat actor it calls Storm-1175 is exploiting a critical vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) product. The attacks use a serious deserialization flaw in the GoAnywhere license servlet and have been tied to follow-up activity that included delivering Medusa ransomware. The technical problem is an unauthenticated deserialization bug … Continued
A serious security flaw has been found in Redis, a popular in-memory database used by many companies around the world. The bug is 13 years old and has been given a CVSS score of 10.0, which is the highest possible severity rating. This means the flaw is extremely dangerous and should be fixed immediately. The … Continued
A newly discovered zero-day flaw in Zimbra Collaboration has been used in real cyberattacks against military organizations in Brazil. Hackers exploited this vulnerability by sending specially crafted calendar files, known as ICS files, which contained malicious code designed to compromise systems. The attack was especially dangerous because it targeted a zero-day vulnerability one that was … Continued
