Malware

North Korea’s Contagious Interview APT Uses JSON Keeper and GitLab to Deliver BeaverTail Spyware North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korea’s Contagious Interview APT Uses JSON Keeper and GitLab to Deliver BeaverTail Spyware

Do Son November 17, 2025

Security researchers at NVISO have identified a significant evolution in the long-running Contagious Interview malware campaign, a...

Record Supply Chain Attack: 150,000+ Malicious npm Packages Flooded Registry for Token Farming Rewards npm Token Farming, Supply Chain Flooding

npm Token Farming, Supply Chain Flooding

Record Supply Chain Attack: 150,000+ Malicious npm Packages Flooded Registry for Token Farming Rewards

Do Son November 17, 2025

In one of the largest open-source supply chain incidents ever recorded, Amazon Inspector security researchers have uncovered...

Lumma Stealer Resurfaces After Doxxing with New Browser Fingerprinting to Target High-Value Victims Lumma Browser Fingerprinting, Infostealer Resurgence

Lumma Browser Fingerprinting, Infostealer Resurgence

Lumma Stealer Resurfaces After Doxxing with New Browser Fingerprinting to Target High-Value Victims

Do Son November 17, 2025

Trend Micro researchers have observed a significant resurgence in Lumma Stealer activity—also tracked as Water Kurita—despite a...

New Yurei Ransomware Emerges: Go-Based Threat Uses ChaCha20-Poly1305 for Irreversible Double Extortion Yurei Ransomware, GoLang ChaCha20

Yurei Ransomware, GoLang ChaCha20

New Yurei Ransomware Emerges: Go-Based Threat Uses ChaCha20-Poly1305 for Irreversible Double Extortion

Do Son November 17, 2025

Security researchers at AhnLab have identified Yurei, a newly emerging ransomware group first observed in early September...

Sui Blockchain Seed Stealer: Malicious Chrome Extension Hides Mnemonic Exfiltration in Microtransactions Chrome Crypto Stealer, Sui Blockchain Exfiltration

Chrome Crypto Stealer, Sui Blockchain Exfiltration

Sui Blockchain Seed Stealer: Malicious Chrome Extension Hides Mnemonic Exfiltration in Microtransactions

Do Son November 14, 2025

The Socket Threat Research Team has uncovered a highly sophisticated malicious Chrome extension posing as an Ethereum...

macOS Threat: AppleScript (.scpt) Files Emerge as New Stealth Vector for Stealer Malware AppleScript Malware, macOS Supply Chain

AppleScript Malware, macOS Supply Chain

macOS Threat: AppleScript (.scpt) Files Emerge as New Stealth Vector for Stealer Malware

Do Son November 14, 2025

A new malware distribution trend is emerging across the macOS threat landscape, according to fresh research from...

Malware Disguised as SteamCleaner Uses Valid Signature to Inject Node.js RCE Backdoor steam

steam

Malware Disguised as SteamCleaner Uses Valid Signature to Inject Node.js RCE Backdoor

Do Son November 13, 2025

Researchers from the AhnLab Security Intelligence Center (ASEC) have discovered a new malware campaign that abuses a...

Legacy Malware Resurfaces: DarkComet RAT Uses Bitcoin Wallet Lure to Deploy UPX-Packed Payload DarkComet Bitcoin Lure, Legacy RAT

DarkComet Bitcoin Lure, Legacy RAT

Legacy Malware Resurfaces: DarkComet RAT Uses Bitcoin Wallet Lure to Deploy UPX-Packed Payload

Do Son November 13, 2025

The Lat61 Threat Intelligence Team has uncovered a new campaign using Bitcoin-themed lures to distribute DarkComet RAT,...

Delphi PatoRAT Backdoor Hijacks LogMeIn Resolve and PDQ Connect RMM Tools for Full System Takeover PatoRAT RMM Abuse, LogMeIn Hijacking

PatoRAT RMM Abuse, LogMeIn Hijacking

Delphi PatoRAT Backdoor Hijacks LogMeIn Resolve and PDQ Connect RMM Tools for Full System Takeover

Do Son November 13, 2025

Researchers from the AhnLab Security Intelligence Center (ASEC) have uncovered a new malware campaign exploiting Remote Monitoring...

North Korea’s KONNI APT Hijacks Google Find Hub to Remotely Wipe and Track South Korean Android Devices AdaptixC2 Abuse, Russian Cybercrime RondoDox Botnet, Exploit Shotgun China Cyber Power, Red Hackers Nvidia cyberattack

AdaptixC2 Abuse, Russian Cybercrime RondoDox Botnet, Exploit Shotgun China Cyber Power, Red Hackers Nvidia cyberattack

North Korea’s KONNI APT Hijacks Google Find Hub to Remotely Wipe and Track South Korean Android Devices

Do Son November 11, 2025

The Genians Security Center (GSC) has uncovered a new phase in the KONNI APT campaign, revealing a...

Lazarus Group Attacks Aerospace/Defense with New ChaCha20-Encrypted Comebacker Backdoor Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Lazarus Group Attacks Aerospace/Defense with New ChaCha20-Encrypted Comebacker Backdoor

Do Son November 11, 2025

Cybersecurity researchers at ENKI have identified a new variant of the Comebacker backdoor, attributed to the North...

DragonForce Ransomware Evolves with BYOVD to Kill EDR and Fixes Encryption Flaws in Conti V3 Codebase DragonForce BYOVD, Conti Codebase

DragonForce BYOVD, Conti Codebase

DragonForce Ransomware Evolves with BYOVD to Kill EDR and Fixes Encryption Flaws in Conti V3 Codebase

Do Son November 11, 2025

The Acronis Threat Research Unit (TRU) has identified a new DragonForce ransomware variant that showcases a dramatic...

Zero-Click Samsung Zero-Day (CVE-2025-21042) Delivered LANDFALL Spyware Via Malicious DNG Images Samsung Zero-Click Spyware, LANDFALL

Samsung Zero-Click Spyware, LANDFALL

Zero-Click Samsung Zero-Day (CVE-2025-21042) Delivered LANDFALL Spyware Via Malicious DNG Images

Do Son November 10, 2025

Researchers from Unit 42, the threat intelligence team at Palo Alto Networks, have discovered a previously unknown...

Fantasy Hub RAT MaaS Uncovered: Russian Spyware Uses Telegram Bot and WebRTC to Hijack Android Devices Fantasy Hub MaaS, Android RAT WebRTC

Fantasy Hub MaaS, Android RAT WebRTC

Fantasy Hub RAT MaaS Uncovered: Russian Spyware Uses Telegram Bot and WebRTC to Hijack Android Devices

Do Son November 10, 2025

Researchers at zLabs have uncovered a sophisticated Android Remote Access Trojan (RAT) known as Fantasy Hub, being...

NuGet Sabotage: Time-Delayed Logic in 9 Packages Risks Total App Destruction on Hardcoded Dates NuGet Supply Chain Sabotage, Time-Delayed Destructive Logic

NuGet Supply Chain Sabotage, Time-Delayed Destructive Logic

NuGet Sabotage: Time-Delayed Logic in 9 Packages Risks Total App Destruction on Hardcoded Dates

Do Son November 10, 2025

A sophisticated supply-chain attack has been uncovered in the NuGet package registry, where nine packages published under...

GlassWorm Worm Resurfaces: Invisible Unicode Malware Re-Infects VS Code Extensions, Spreads to GitHub LokiBot Steganography, .NET Loader PlugX malware YiBackdoor, ransomware

LokiBot Steganography, .NET Loader PlugX malware YiBackdoor, ransomware

GlassWorm Worm Resurfaces: Invisible Unicode Malware Re-Infects VS Code Extensions, Spreads to GitHub

Do Son November 10, 2025

A sophisticated, self-propagating malware campaign known as GlassWorm has re-emerged, infecting three new VS Code extensions and...

Vidar Infostealer Hits npm for the First Time via 17 Typosquatted Packages and Postinstall Scripts Vidar npm Supply Chain, Typosquatting

Vidar npm Supply Chain, Typosquatting

Vidar Infostealer Hits npm for the First Time via 17 Typosquatted Packages and Postinstall Scripts

Do Son November 10, 2025

Researchers at Datadog Security Research have uncovered a major supply-chain compromise in the npm ecosystem involving 17...

Kimsuky APT Uses JavaScript Loader and Certutil to Achieve Minute-by-Minute Persistence via Windows Scheduled Task kimu

kimu

Kimsuky APT Uses JavaScript Loader and Certutil to Achieve Minute-by-Minute Persistence via Windows Scheduled Task

Do Son November 10, 2025

The North Korean advanced persistent threat (APT) group Kimsuky has once again emerged with a new, JavaScript-driven...

DragonForce Ransomware Strikes Manufacturing Sector with Brute-Force, Exfiltrating Data Over SSH to Russian Host DragonForce RaaS, Manufacturing Ransomware

DragonForce RaaS, Manufacturing Ransomware

DragonForce Ransomware Strikes Manufacturing Sector with Brute-Force, Exfiltrating Data Over SSH to Russian Host

Do Son November 7, 2025

Cybersecurity firm Darktrace has published a detailed investigation into a DragonForce-affiliated ransomware attack that targeted a manufacturing...

Next-Gen Threat: Google Exposes AI-Enabled Malware That Rewrites Its Own Code with Gemini LLM BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

Next-Gen Threat: Google Exposes AI-Enabled Malware That Rewrites Its Own Code with Gemini LLM

Do Son November 6, 2025

The Google Threat Intelligence Group (GTIG) has released a report revealing that threat actors have moved beyond...

🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

CVE-2026-42208
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version...
CVE-2018-1273CVSS 9.8
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a...
CVE-2026-20230CVSS 8.6
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified...
CVE-2026-12569
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The...
CVE-2026-28496CVSS 9.4
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template...
CVE-2026-21509CVSS 7.8
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a...
CVE-2026-34908CVSS 10.0
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi...
CVE-2026-34909CVSS 10.0
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS...
CVE-2026-34910CVSS 10.0
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi...
CVE-2025-67038CVSS 9.8
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write...