Socket Threat Research has discovered a malicious NPM package named fezbox, published by a user going by janedu. Ostensibly a harmless library, the package conceals an unusually sophisticated payload: it uses a QR code...
A critical vulnerability, CVE-2025-10184, has been identified in the OxygenOS operating system used on OnePlus smartphones, allowing any application on the device to read the contents of SMS messages and related metadata without requesting...
The major casino and hotel operator Boyd Gaming, headquartered in Las Vegas, has disclosed to U.S. regulators a cyberattack that allowed intruders to gain access to its internal IT systems and exfiltrate certain data....
Shoggoth Shoggoth is an open-source project based on C++ and asmjit library used to encrypt given shellcode, PE, and COFF files polymorphically. Shoggoth will generate an output file that stores the payload and its...
The U.S. Department of Justice and British police have brought charges against 19-year-old East London resident Talha Jubair, identified by investigators as one of the key figures in Scattered Spider—the group behind a series...
Cisco has released security updates addressing a zero-day in IOS and IOS XE that is already being exploited in the wild. CVE-2025-20352 is a stack-based buffer-overflow in the SNMP subsystem that affects any device...
The developers of Kali Linux have unveiled their latest release—2025.3, which broadens the distribution’s capabilities and introduces ten new tools for penetration testing. The update enhances deployment processes in virtualized environments, restores wireless driver...
In an interview with ITV, UK Chancellor Rachel Reeves asserted that “hostile states such as Russia” were behind recent cyberattacks on British companies. According to her, “a number of attacks are carried out from...
The Unit 42 team at Palo Alto Networks has uncovered a large-scale search poisoning campaign dubbed Operation Rewrite, in which Chinese-speaking threat actors deployed malicious BadIIS components onto internet-facing servers and used compromised websites...
European law enforcement authorities, with the support of Eurojust and Europol, have carried out a major operation against a vast cryptocurrency investment fraud scheme that had been operating for several years across 23 countries....