Malware Alert
Researchers Uncover Pre-Stuxnet Fast16 Malware Targeting Engineering Software From 2005
Researchers have uncovered Fast16, a sophisticated malware dating back to 2005 that predates Stuxnet. The cyberweapon targeted engineering software, silently altering calculations to cause real-world…
Hackers Deploy SNOW Malware Suite via Microsoft Teams
A cyber group known as UNC6692 is targeting companies by impersonating IT helpdesk staff through Microsoft Teams. The attackers trick employees into installing malware, raising…
Adobe Patches PDF Zero-Day That Hackers Exploited for Four Months
Adobe has patched a critical zero-day vulnerability in its PDF software that hackers exploited for months. The flaw allowed attackers to install malware and potentially…
GlassWorm Escapes JavaScript Sandbox to Silently Spread Across Developer Tools
A new GlassWorm variant hides inside a fake VS Code extension, uses a Zig-compiled binary to escape the JavaScript sandbox, and silently infects every IDE…
This Botnet Deliberately Avoids Detection to Keep Its DDoS Business Running
Cybersecurity researchers have exposed Masjesu, a stealthy botnet that has been marketed on Telegram as a DDoS-for-hire service since 2023. The botnet targets IoT devices…
China-Linked Storm-1175 Uses Zero Days To Deploy Medusa Ransomware
A China linked threat group known as Storm 1175 is using zero day vulnerabilities to deploy Medusa ransomware in rapid cyber attacks.
Hackers Are Now Spreading Malware Using Claude Code Leak on GitHub
Hackers are exploiting Anthropic’s accidental Claude Code source leak to distribute Vidar and GhostSocks malware through fake GitHub repositories. The campaign targets developers searching for…
New Chrome Zero Day Lets Hackers Run Code Through Web Pages
Google released an emergency update for Chrome on April 1 to fix 21 security flaws, including a zero-day vulnerability attackers are already using. If you…
Google Expands Drive Security With Automatic Ransomware Detection
Google has enabled ransomware detection by default in Google Drive for paid Workspace users, expanding its push into built in cloud security protections.
OpenAI Patches ChatGPT Bug That Could Have Leaked All Your Conversations
OpenAI has patched a previously unknown vulnerability in ChatGPT that allowed conversation data to be secretly stolen through a hidden DNS channel in the AI’s…
Critical Flaw in Claude Chrome Extension Allowed Malicious Prompt Injection
Security researchers uncover vulnerability enabling attackers to hijack AI assistant without user interactionCybersecurity researchers have disclosed a significant vulnerability in Anthropic’s Claude Google Chrome Extension…
Hackers Compromise Developer Tools In Major Supply Chain Attack
The threat group TeamPCP, which breached Aqua Security’s Trivy vulnerability scanner last week, has used stolen credentials from that attack to compromise two GitHub Actions…
LeakNet Ransomware Tricks Victims Into Infecting Themselves Through Hacked Websites
The ransomware group has adopted the ClickFix social engineering tactic, using compromised legitimate websites to serve fake CAPTCHA pages that trick users into running malicious…
