Security News

⚡ Weekly Recap: VPN Exploits, Oracle's Silent Breach, ClickFix Surge and More
2025-04-07 11:25

Today, every unpatched system, leaked password, and overlooked plugin is a doorway for attackers. Supply chains stretch deep into the code we trust, and malware hides not just in shady apps — but...

PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks
2025-04-07 07:29

A malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management (CRM) tools and bulk email providers to send spam messages containing...

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
2025-03-31 16:41

The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp....

Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
2025-03-31 12:04

Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites....

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
2025-03-30 05:07

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched...

BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability
2025-03-29 03:52

In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial...

Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection
2025-03-27 20:05

Microsoft’s .NET MAUI lets developers build cross-platform apps in C#, but its use of binary blob files poses new risks by bypassing Android’s DEX-based security checks.

Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!
2025-03-27 10:00

Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office...

CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices
2025-03-27 06:23

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited...

EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
2025-03-26 13:53

The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and...