Microsoft’s Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that was behind a phishing-as-a-service (Phaas) toolkit used to steal…
Sep 16, 2025Ravie LakshmananVulnerability / Cloud Security Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments. “Attackers need only minimal in-cluster…
Sep 16, 2025Ravie LakshmananAd Fraud / Mobile Security A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million downloads across 228 countries and territories. “These…
Sep 16, 2025Ravie LakshmananMalware / Social Engineering Cybersecurity researchers have warned of a new campaign that’s leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware. “The observed campaign…
Sep 16, 2025Ravie LakshmananVulnerability / Spyware Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an…
Sep 16, 2025The Hacker NewsAI Security / Enterprise Security AI agents are rapidly becoming a core part of the enterprise, being embedded across enterprise workflows, operating with autonomy, and making decisions about which systems to…
Sep 16, 2025Ravie LakshmananHardware Security / Vulnerability A team of academics from ETH Zürich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 (DDR5) memory chips from South…
Sep 16, 2025Ravie LakshmananMalware / Cyber Attack Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. “The compromised…
Sep 15, 2025Ravie LakshmananMalware / Network Security The China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk.…
Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we’ll explore what a “browser-based attack” is, and why they’re proving to be so effective. What…