Aug 26, 2025Ravie LakshmananVulnerability / Mobile Security A team of academics has devised a novel attack…
Technology
Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775
Aug 26, 2025Ravie LakshmananVulnerability / Remote Code Execution Citrix has released fixes to address three security…
ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners
A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site…
MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers
Cybersecurity researchers are calling attention to a sophisticated social engineering campaign that’s targeting supply chain-critical manufacturing…
HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands
Aug 26, 2025Ravie Lakshmanan Cybersecurity researchers have discovered a new variant of an Android banking trojan…
CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git
Aug 26, 2025Ravie LakshmananVulnerability / Data Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on…
Google to Verify All Android Developers in 4 Countries to Block Malicious Apps
Aug 26, 2025Ravie LakshmananMobile Security / Data Privacy Google has announced plans to begin verifying the…
Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads
Cybersecurity researchers have flagged a new phishing campaign that’s using fake voicemails and purchase orders to…
Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3
Aug 25, 2025Ravie LakshmananContainer Security / Vulnerability Docker has released fixes to address a critical security…
UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats
Aug 25, 2025Ravie LakshmananMalware / Cyber Espionage A China-nexus threat actor known as UNC6384 has been…