Skip to content
cyber attacks

cyber attacks

Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features

Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features

Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher, as another upgraded version of ClayRat has been spotted in the wild. The findings come from Intel 471, CYFIRMA, and… 

Read More »Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features
Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks

Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks

A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence. The remote code execution vulnerability in question is CVE-2025-6389 (CVSS score: 9.8), which… 

Read More »Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign

MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign

Dec 08, 2025Ravie LakshmananNetwork Security / Vulnerability The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes. The… 

Read More »MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign
Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Dec 06, 2025Ravie LakshmananAI Security / Vulnerability Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with legitimate features to achieve data exfiltration… 

Read More »Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks
Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

Dec 06, 2025Ravie LakshmananVulnerability / Patch Management The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog… 

Read More »Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation
Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

Dec 05, 2025Ravie LakshmananEmail Security / Threat Research A new agentic browser attack targeting Perplexity’s Comet browser that’s capable of turning a seemingly innocuous email into a destructive action that wipes a user’s entire Google… 

Read More »Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

Dec 05, 2025Ravie LakshmananApplication Security / Vulnerability A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack. The vulnerability, tracked as CVE-2025-66516, is rated… 

Read More »Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch
Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

Dec 05, 2025Ravie LakshmananVulnerability / Software Security Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge.… 

Read More »Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability
Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery

Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery

A human rights lawyer from Pakistan’s Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa’s Predator spyware,… 

Read More »Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery