Kaspersky
Mystery hackers use novel SharkLoader dropper against governments, software devs
Kaspersky researchers have uncovered a previously unknown cyberattack campaign that has compromised government organizations and software development companies in multiple …
Malware attacks strip Roblox developers of entire games
Hackers who once focused on stealing valuable Roblox items are now taking over entire games. Although Roblox operates the service, users can create and publish their own games …
Attackers compromised Daemon Tools software to deliver backdoors
Kaspersky researchers uncovered another supply chain compromise involving a popular Windows tool: Daemon Tools, an app for mounting disk image files as virtual drives that is …
Hackers hijacked CPUID downloads, served STX RAT to victims
If you tried to download software from CPUID’s website late last week, you might have downloaded malware instead. “Investigations are still ongoing, but it appears …
Firmware-level Android backdoor found on tablets from multiple manufacturers
A new Android backdoor embedded directly in device firmware can quietly take control of apps and harvest data, Kaspersky researchers found. The malware, named Keenadu, was …
Notepad++ supply chain attack: Researchers reveal details, IoCs, targets
Rapid7 researchers have attributed the recent hijacking of the Notepad++ update mechanism to Lotus Blossom (aka Billbug), a Chinese state-sponsored group known for targeting …
Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits
Malware peddlers are targeting infosec enthusiasts, budding security professionals, and aspiring hackers with the Webrat malware, masquerading the threat as proof-of-concept …
Italian-made spyware Dante linked to Chrome zero-day exploitation campaign
CVE-2025-2783, a Chrome zero-day vulnerability that was detected being exploited in March 2025 and was subsequently fixed by Google, was used by unknown attackers to deliver …
Infostealer crackdown: Operation Secure takes down 20,000 malicious IPs and domains
More than 20,000 malicious IP addresses and domains used by information-stealing malware were taken down during an international cybercrime crackdown led by INTERPOL. Called …
Beware fake AutoCAD, SketchUp sites dropping malware
Malware peddlers are saddling users with the TookPS downloader and the Lapmon and TeviRat backdoors via malicious sites that mimic official ones and ostensibly offer …
Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)
Google’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser …
Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783)
Google is in the process of rolling out Chrome v134.0.6998.178 to Windows users to fix CVE-2025-2783, a zero-day vulnerability that allowed attackers to to bypass Chrome …
Featured news
Resources
Don't miss
- JSP webshells being dropped on unpatched PTC Windchill instances
- Mozilla warns of indirect prompt injection risk in AI coding agents
- DarkMoon: Open-source AI pentesting platform
- Sycophantic chatbots and the harms that build over many chats
- Companies keep bolting AI onto their products, and the security bill is coming due