Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds… Read More »Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack
Cybersecurity researchers have warned of a new campaign that’s leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware. “The observed campaign uses a… Read More »New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site
A team of academics from ETH Zürich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 (DDR5) memory chips from South Korean semiconductor… Read More »Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. “The compromised versions include… Read More »40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials
The China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk. “The worm… Read More »Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs
In a world where threats are persistent, the modern CISO’s real job isn’t just to secure technology—it’s to preserve institutional trust and ensure business continuity. This week, we saw a… Read More »⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More
Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we’ll explore what a “browser-based attack” is, and why they’re proving… Read More »6 Browser-Based Attacks Security Teams Need to Prepare For Right Now
A new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package Index (PyPI) repository, raising concerns that it could… Read More »AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns
Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute malware. “The attackers manipulated search rankings with SEO plugins and… Read More »HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks
The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for a… Read More »FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks