DPRK Actors Deploy VS Code Tunnels for Remote Hacking
Dark Reading
DPRK Actors Deploy VS Code Tunnels for Remote Hacking
A spear-phishing campaign tied to the Democratic People
CrowdCyber
npub1xm6q...7acu
Revolutionizing and Democratizing Cybersecurity
INC ransomware opsec fail allowed data recovery for 12 US orgs
BleepingComputer
INC ransomware opsec fail allowed data recovery for 12 US orgs
An operational security failure allowed researchers to recover data that the INC ransomware gang stole from a dozen U.S. organizations.
'Contagious Interview' Attack Now Delivers Backdoor Via VS Code
Dark Reading
'Contagious Interview' Attack Now Delivers Backdoor Via VS Code
Once trust is granted to the repository
Fortinet admins report patched FortiGate firewalls getting hacked
BleepingComputer
Fortinet admins report patched FortiGate firewalls getting hacked
Fortinet customers are seeing attackers exploiting a patch bypass for a previously fixed critical FortiGate authentication vulnerability (CVE-2025-...
Cisco fixes Unified Communications RCE zero day exploited in attacks
BleepingComputer
Cisco fixes Unified Communications RCE zero day exploited in attacks
Cisco has fixed a critical Unified Communications and Webex Calling remote code execution vulnerability, tracked as CVE-2026-20045, that has been a...
CVE-2025-13878: High-Severity BIND Flaw Exposes Servers to Remote Crash
Daily CyberSecurity
CVE-2025-13878: High-Severity BIND Flaw Exposes Servers to Remote Crash
High-severity BIND 9 flaw CVE-2025-13878 allows remote server crashes via single packet. Update to v9.18.44 or v9.20.18 immediately to prevent DoS.
Chainlit AI framework bugs let hackers breach cloud environments
BleepingComputer
Chainlit AI framework bugs let hackers breach cloud environments
Two high-severity vulnerabilities in Chainlit, a popular open-source framework for building conversational AI applications, allow reading any file ...
Smishing Alert: Telegram Bots Power New PNB MetLife Phishing Campaign
Daily CyberSecurity
Smishing Alert: Telegram Bots Power New PNB MetLife Phishing Campaign
Scammers target PNB MetLife users via mobile phishing. Attackers use Telegram bots to steal data & manipulate clipboards for UPI fraud.
_NicoElNino_Alamy.png?disable=upscale&width=1200&height=630&fit=crop)
Redis RCE Exposed: Researchers Detail Exploit for “Simple” Stack Overflow in Official Containers
Daily CyberSecurity
Redis RCE Exposed: Researchers Detail Exploit for "Simple" Stack Overflow in Official Containers
Public exploit disclosed for Redis CVE-2025-62507. Missing stack canaries in Docker allow unauthenticated RCE. Update to v8.3.2 immediately.
'CrashFix' Scam Crashes Browsers, Delivers Malware
Dark Reading
'CrashFix' Scam Crashes Browsers, Delivers Malware
The attack consists of a NexShield malicious browser extension, a social engineering technique to crash the browser, and a Python-based RAT.
GitLab Alert: High-Severity 2FA Bypass & DoS Flaws Patched in Urgent Update
Daily CyberSecurity
GitLab Alert: High-Severity 2FA Bypass & DoS Flaws Patched in Urgent Update
GitLab patches high-severity 2FA bypass (CVE-2026-0723) & DoS flaws. Update to 18.8.2, 18.7.2, or 18.6.4 immediately to secure your instance.
PurpleBravo’s Targeting of the IT Software Supply Chain
PurpleBravo’s Targeting of the IT Software Supply Chain
Discover how PurpleBravo, a North Korean threat group, exploits fake job offers to target software supply chains, using RATs and infostealers like ...
“Contagious” Code: North Korean Hackers Infiltrate Developer Workflows via Visual Studio Code
Daily CyberSecurity
"Contagious" Code: North Korean Hackers Infiltrate Developer Workflows via Visual Studio Code
"Contagious Interview" evolves: DPRK hackers now abuse VS Code tasks & npm install to breach developer systems. Jamf warns of new infection...
Crypto Foundation Cracked: One-Byte Overflow in GNU libtasn1 (CVE-2025-13151)
Daily CyberSecurity
Crypto Foundation Cracked: One-Byte Overflow in GNU libtasn1 (CVE-2025-13151)
CVE-2025-13151: A one-byte overflow in GNU libtasn1 risks memory corruption during cert parsing. Patch now to secure your cryptographic applications.
Fake extension crashes browsers to trick users into infecting themselves
Malwarebytes
Fake extension crashes browsers to trick users into infecting themselves
A fake ad blocker crashes your browser, then uses ClickFix tricks to make you run the malware yourself.
Hidden in Plain Site: PURELOGS Stealer Hides Malware in Archive.org Images
Daily CyberSecurity
Hidden in Plain Site: PURELOGS Stealer Hides Malware in Archive.org Images
New PURELOGS campaign uses Archive.org images to hide malware. For just $150, this MaaS steals crypto & passwords via fileless attacks. Spot the si...
WhisperPair: Critical Fast Pair Flaw Exposes Headphones to Hijacking
Daily CyberSecurity
WhisperPair: Critical Fast Pair Flaw Exposes Headphones to Hijacking
WhisperPair flaw (CVE-2025-36911) exposes Google Fast Pair devices to hijacking and tracking. Update your headphone firmware now to block silent at...
VoidLink cloud malware shows clear signs of being AI-generated
BleepingComputer
VoidLink cloud malware shows clear signs of being AI-generated
The recently discovered cloud-focused VoidLink malware framework is believed to have been developed by a single person with the help of an artifici...
Vulnerabilities Threaten to Break Chainlit AI Framework
Dark Reading
Vulnerabilities Threaten to Break Chainlit AI Framework
Familiar bugs in a popular open source framework for AI chatbots could give attackers dangerous powers in the cloud.