Jan 06, 2026Ravie LakshmananVulnerability / Web Security Users of the “@adonisjs/bodyparser” npm package are being advised to update to the latest version following the disclosure of a critical security vulnerability that, if successfully exploited, could…
Jan 05, 2026Ravie LakshmananCyber Espionage / Windows Security The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver malicious ZIP archives.…
Jan 05, 2026Ravie LakshmananIoT Security / Mobile Security The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient. “Key actors involved…
Jan 05, 2026Ravie LakshmananHacking News / Cybersecurity The year opened without a reset. The same pressure carried over, and in some places it tightened. Systems people assume are boring or stable are showing up in…
Jan 05, 2026The Hacker NewsData Protection / Artificial Intelligence Featuring: Cybersecurity is being reshaped by forces that extend beyond individual threats or tools. As organizations operate across cloud infrastructure, distributed endpoints, and complex supply chains,…
Jan 05, 2026Ravie LakshmananCryptocurrency / Financial Crime Ilya Lichtenstein, who was sentenced to prison last year for money laundering charges in connection with his role in the massive hack of cryptocurrency exchange Bitfinex in 2016,…
Jan 05, 2026Ravie LakshmananThreat Intelligence / Windows Security Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that’s capable of harvesting Discord credentials and tokens.…
The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over…
Attack Surface Management (ASM) tools promise reduced risk. What they usually deliver is more information. Security teams deploy ASM, asset inventories grow, alerts start flowing, and dashboards fill up. There is visible activity and measurable…
Cybersecurity researchers have disclosed details of a phishing campaign that involves the attackers impersonating legitimate Google-generated messages by abusing Google Cloud’s Application Integration service to distribute emails. The activity, Check Point said, takes advantage of…