With attacks on the critical firewall vulnerability, WatchGuard joins a list of edge device vendors that have been targeted in recent weeks. Read More
Cybersecurity researchers have disclosed details of a new malicious package on the npm repository that works as a fully functional WhatsApp API, but also contains the ability to intercept every message and link the attacker’s device to a victim’s WhatsApp account. The package, named “lotusbail,” has been downloaded over 56,000 times since it was first […]
A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts, and gain access to the account. […] Read More
As the internet becomes an essential part of daily life, its environmental footprint continues to grow. Data centers, constant connectivity, and resource-heavy browsing habits all contribute to energy consumption and digital waste. While individual users may not see this impact directly, the collective effect of everyday browsing is significant. Choosing a browser designed with Read More
A Ukrainian national pleaded guilty on Friday to conducting Nefilim ransomware attacks that targeted high-revenue businesses across the United States and other countries. […] Read More
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More
More than a 1,000 Docker Hardened Images (DHI) are now freely available and open source for software builders, under the Apache 2.0 license. […] Read More
Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in Uzbekistan. “Previously, users received ‘pure’ Trojan APKs that acted as malware immediately upon installation,” Group-IB said in an analysis published last week. “Now, adversaries increasingly deploy Read More
An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or ongoing exploitation. A closer look, however, shows the CVE documents a historic supply-chain attack in an End-of-Life (EoL) software product, not a new attack. […] Read More