The emerging threat landscape has introduced a new challenge as DeepLoad uses the ClickFix social engineering tactic to distribute a sophisticated and previously undocumented malware loader. According to researchers at ReliaQuest, DeepLoad employs AI-assisted obfuscation and process injection to deftly bypass static scanning, making its detection challenging. Once deployed, the malware focuses on credential theft, […]
The Qilin ransomware group has claimed a significant breach against Dow Inc., a worldwide leader in chemical manufacturing. This group has allegedly added Dow Inc. to its list of victims on a Tor leak site. Yet, it has not provided any proof supporting the claim of the Dow Inc. Qilin leak. Dow Inc., which generates […]
The Dutch Finance Ministry shuts a treasury banking portal following a breach, which prompted officials to take some systems offline amid an ongoing investigation. This cyberattack, uncovered two weeks ago, has forced the ministry to bolster its defenses and scrutinize affected networks. Authorities are focusing on ensuring that the security of public finances remains uncompromised […]
The axios compromise pushes a Remote Access Trojan (RAT) across platforms, igniting significant concern in the cybersecurity space. The attack exploits a supply chain vulnerability in two npm package versions of the popular HTTP client, Axios. Specifically, versions 1.14.1 and 0.30.4 introduced a deceptive dependency, ‘plain-crypto-js’ version 4.2.1, which has been crafted for malicious intent. […]
Shares in cybersecurity firms took a hit on Friday as Anthropic tested its powerful new AI model, Mythos, which is causing ripples in the industry. The cutting-edge artificial intelligence, part of a project codenamed “Capybara,” outshines Anthropic’s previous models in crucial areas like academic reasoning, software coding, and uncovering cybersecurity vulnerabilities. The Global X Cybersecurity […]
Attackers are actively probing a critical vulnerability in Citrix NetScaler Gateway, tracked as CVE-2026-3055, which could leak sensitive data. This flaw, a memory overread issue, has a CVSS score of 9.3 and affects systems configured as a SAML Identity Provider (SAML IDP). Citrix issued security updates this week to address this and another vulnerability. Without […]
Russia-linked TA446, notorious for its persistent targeting strategies, has turned its focus to iPhones by utilizing the DarkSword iOS exploit kit. This advanced threat group, also known as SEABORGIUM and ColdRiver, is conducting spear-phishing campaigns aimed at compromising iOS devices through malevolent emails. TA446 has been a thorn in the side of NATO countries since […]
The European Commission has experienced a data breach after the cyberattack on its Europa.eu web platform, which hackers from the ShinyHunters extortion group have claimed. This incident underscores the growing cybersecurity threats targeting governmental institutions. As cybercriminals become more sophisticated, the breach raises questions about the robustness of digital defenses across critical entities within the […]
PolyShell attacks hit Magento as cybercriminals exploit vulnerabilities in version 2 of Magento Open Source and Adobe Commerce installations. Reports indicate that more than half of all vulnerable stores have been targeted. The PolyShell vulnerability poses a significant threat to online retailers using the affected versions. Attackers may leverage this exploit to gain unauthorized access […]
TP-Link has swiftly addressed a critical vulnerability in its Archer NX series by releasing a patch, following the discovery of a missing authentication check. This oversight allowed unprivileged attackers to upload firmware maliciously, posing significant security risks to users. The patch arrives amid TP-Link’s ongoing legal challenges. The company is currently embroiled in a lawsuit […]
A large-scale phishing campaign has hit GitHub, targeting software developers by utilizing fake Visual Studio Code security alerts. These alerts mimic legitimate advisories, urging developers to download a “patched” version via a misleading link. The phishing scheme has surfaced with thousands of nearly identical posts in GitHub repositories, creating the illusion of urgency and legitimacy […]
NVIDIA has rolled out critical updates to address severe security vulnerabilities in its primary AI and machine learning frameworks. These vulnerabilities, found in Megatron-LM, Triton Inference Server, and others, posed risks of remote code execution (RCE) and denial-of-service (DoS) attacks. The patches aim to fortify NVIDIA’s ecosystem against potential exploitation. Among the notable vulnerabilities are […]