A sophisticated new cyberattack targeting Android devices in South Korea has been uncovered, leveraging Google’s asset-tracking feature, Find Hub, to remotely wipe sensitive user data. Threat actors disguised as psychological counselors and North Korean human rights activists have distributed malware…
Tag: EN
New Phishing Campaign Exploits Meta Business Suite to Target SMBs Across the U.S. and Beyond
With more than 5.4 billion users worldwide (according to Statista), Facebook remains the world’s most influential social platform and a critical marketing channel for small and medium-sized businesses. Its vast reach and trusted brand make it a prime target for…
LangGraph Vulnerability Allows Malicious Python Code Execution During Deserialization
A critical remote code execution vulnerability has been discovered in LangGraph’s checkpoint serialization system. The flaw CVE-2025-64439 affects versions of langgraph-checkpoint before 3.0. It allows attackers to execute arbitrary Python code when untrusted data is deserialized. The vulnerability resides in…
Critical Vulnerability in Popular NPM Library Exposes AI and NLP Apps to Remote Code Execution
A critical security flaw has been discovered in the widely used npm package expr-eval, potentially exposing AI and natural language processing applications to remote code execution attacks. The vulnerability, tracked as CVE-2025-12735, allows attackers to execute arbitrary system commands through maliciously…
Fantasy Hub is spyware for rent—complete with fake app kits and support
Fantasy Hub RAT-for-rent hides in fake Android apps, stealing logins, PINs, and messages—all with a single SMS permission. This article has been indexed from Malwarebytes Read the original article: Fantasy Hub is spyware for rent—complete with fake app kits and…
Generative AI: The Double-Edged Sword of Cybersecurity
As GenAI transforms cyberattacks and defenses, organizations must strengthen the human layer. Learn how AI multiplies both risk and resilience in 2025. The post Generative AI: The Double-Edged Sword of Cybersecurity appeared first on Security Boulevard. This article has been indexed…
TP-Link Routers May Get Banned in US Due to Alleged Links With China
TP-Link routers may soon shut down in the US. There’s a chance of potential ban as various federal agencies have backed the proposal. Alleged links with China The news first came in December last year. According to the WSJ, officials…
Zero STT Med Sets New Benchmark in Clinical Speech Recognition Efficiency
Shunyalabs.ai has taken a decisive step into transforming medical transcription and clinical documentation by introducing Zero STT Med, a powerful automatic speech recognition (ASR) system developed especially for the medical and clinical fields. Shunyalabs.ai is a pioneer in enterprise-grade…
CISA Warns: Linux Kernel Flaw Actively Exploited in Ransomware Attacks
A critical Linux kernel vulnerability (CVE-2024-1086) is now actively exploited in ransomware attacks, according to a recent update from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). First publicly disclosed on January 31, 2024, this flaw stems from a…
NuGet Supply-Chain Exploit Uses Timed Destructive Payloads Against ICS
A sophisticated supply chain attack has compromised critical industrial control systems through nine malicious NuGet packages designed to inject time-delayed destructive payloads into database operations and manufacturing environments. Socket’s Threat Research Team identified these weapons of code, published under the…
Why a lot of people are getting hacked with government spyware
Government surveillance vendors want us to believe their spyware products are only used in limited and targeted operations against terrorists and serious criminals. That claim is increasingly difficult to justify, given the broad range of victims — journalists, activists, and…
Staying Safe After a Cyber Attack
One minute, everything’s fine. The next? Something feels off. Maybe there’s an unfamiliar charge on your bank account, or an email says your password has been changed, except you didn’t do it. Or perhaps your social media starts posting things…
New Report Warns of Threat Actors Actively Adopting AI Platforms to Attack Manufacturing Companies
The manufacturing sector faces an escalating threat landscape as cybercriminals increasingly exploit cloud-based platforms and artificial intelligence services to conduct sophisticated attacks. A comprehensive analysis by Netskope Threat Labs reveals that approximately 22 out of every 10,000 manufacturing users encounter…
Fired Intel Engineer Stolen 18,000 Files, Many of which Were Classified as “Top Secret”
Intel has filed a federal lawsuit against a former employee accused of downloading thousands of classified documents shortly after being terminated, raising serious concerns about corporate data security and insider threats. Jinfeng Luo, a software developer who has worked at…
Crypto-less Crypto Investment Scams: A California Case
My readers will know by now that I am addicted to PACER – the Public Access to Court Electronic Records. When I see headlines like this one, I am compelled to dive in and read every publicly released document related…
Two New Web Application Risk Categories Added to OWASP Top 10
OWASP has added two new categories to the revised version of its Top 10 list of the most critical risks to web applications. The post Two New Web Application Risk Categories Added to OWASP Top 10 appeared first on SecurityWeek.…
MAD-CAT “Meow” Tool Sparks Real-World Data Corruption Attacks
The infamous Meow attack, which devastated unsecured databases since 2020, has resurfaced with renewed force through MAD-CAT (Meow Attack Data Corruption Automation Tool). This custom-built adversarial simulation tool demonstrates how easily attackers can corrupt data across multiple database platforms simultaneously, highlighting a…
GlassWorm Malware Returns to Open VSX, Emerges on GitHub
Three more VS Code extensions were infected last week and the malware has emerged in GitHub repositories as well. The post GlassWorm Malware Returns to Open VSX, Emerges on GitHub appeared first on SecurityWeek. This article has been indexed from…
New Browser Security Report Reveals Emerging Threats for Enterprises
According to the new Browser Security Report 2025, security leaders are discovering that most identity, SaaS, and AI-related risks converge in a single place, the user’s browser. Yet traditional controls like DLP, EDR, and SSE still operate one layer too…
⚡ Weekly Recap: Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More
Cyber threats didn’t slow down last week—and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild. But that’s just the surface. From sleeper logic…