Adobe has swiftly issued a critical security patch to address a zero-day vulnerability in Acrobat Reader that is being actively exploited in the wild. Identified as CVE-2026-34621, this flaw allows attackers to execute arbitrary code on compromised systems by exploiting the Prototype Pollution weakness. The vulnerability, highlighted under CWE-1321, arises from improper control over object […]
North Korean hacking group APT37 uses Facebook to execute a sophisticated social engineering campaign. This cyber espionage endeavor involved targeting unwary users by forming connections through friend requests on the social media platform. Threat actors leveraged these newly established relationships to deploy RokRAT, a remote access trojan that can exfiltrate sensitive data. APT37, also known […]
OpenAI has been hit by a major cybersecurity breach linked to North Korean actors, impacting its supply chain. The incident has raised alarms within the tech industry, prompting immediate actions from the artificial intelligence company. OpenAI discovered that a macOS code signing certificate, essential for validating software authenticity and security, may have been compromised as […]
The vipertunnel backdoor is a new threat infiltrating enterprise networks by hiding within a fake DLL file laced with multiple layers of obfuscation. This Python-based malware leverages a SOCKS5 proxy tunnel to connect with a remote command-and-control server, enabling attackers to maintain their hold on compromised systems persistently. The backdoor’s stealthy presence is facilitated by […]
Basic-Fit confirms data theft involving personal information of about a million gym members, marking a significant cybersecurity breach. Unauthorized access compromised names, addresses, dates of birth, and bank details, though passwords remain secure. This breach raises concerns about data safety protocols in widespread use in the fitness industry. The attack highlights vulnerabilities in standard data […]
A newly discovered Claude clone site poses a significant cybersecurity threat by distributing the PlugX remote access Trojan (RAT). This malicious operation cleverly mimics the legitimate Anthropic software installation. Hackers employ a technique known as DLL sideloading to deceive users and deploy the covert malware onto targeted systems. After installation, the malware efficiently cleans up […]
The new ‘Storm’ infostealer hijacks sessions by bypassing local decryption, opting instead to send browser data directly to attacker-controlled servers. This method enables server-side decryption, effectively allowing hackers to intercept and hijack user sessions without needing to crack passwords or bypass multi-factor authentication. Cybersecurity firm Varonis highlights the risk posed by such tactics, which exploit […]
North Korea’s APT37 uses Facebook as a strategic tool in a recent cyber campaign, according to cybersecurity researchers. Known as ScarCruft, this group engages in social engineering by friending targets on Facebook. They exploit this connection to deploy RokRAT, a potent remote access trojan. This multi-stage attack showcases the evolving tactics of APT37, as they […]
Adobe finally patches an Acrobat and Reader zero-day vulnerability, which attackers have exploited for several months, with the release of a critical fix. The vulnerability, tracked as CVE-2026-34621, posed significant risks to users of these widely used software tools. Released on April 11, the patch aims to secure systems against potential threats that had remained […]