Skip to content
cyber updates

cyber updates

Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature

Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature

Nov 10, 2025Ravie LakshmananVulnerability / Incident Response Google’s Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet’s Triofox file-sharing and remote access platform. The critical vulnerability, tracked… 

Read More »Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature
Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More

Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More

Cyber threats didn’t slow down last week—and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild. But that’s just… 

Read More »Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More
Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware

Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware

Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers to ClickFix-style pages and harvest their credentials by deploying malware like PureRAT. “The attacker’s modus operandi involved… 

Read More »Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware
GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs

GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs

Nov 10, 2025Ravie LakshmananMalware / Threat Intelligence Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio… 

Read More »GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs
Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic

Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic

Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details about model conversation topics despite encryption protections under certain… 

Read More »Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic
Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp

Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp

Nov 07, 2025Ravie LakshmananMobile Security / Vulnerability A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle… 

Read More »Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp
From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools

From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools

A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. entities that are linked… 

Read More »From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools
Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation

Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation

Nov 07, 2025Ravie LakshmananSupply Chain Attack / Malware A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems. According to… 

Read More »Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation