Live Feeds
-
RondoDox Exploits Unpatched XWiki Servers (CVE-2025-24893)
RondoDox is exploiting CVE-2025-24893 in XWiki to run miners, gain shells and add servers to DDoS botnets.
-
What is PureHVNC?
PureHVNC is a RAT delivered via staged loaders using malicious SVG attachments; this explainer summarizes the infection chain, IOCs and detection steps.
-
Fake AI and WhatsApp apps on third‑party Android stores hide spyware, ad fraud
Appknox warns that fake ChatGPT, DALL·E and WhatsApp apps on third‑party Android stores range from harmless wrappers to spyware that intercepts OTPs.
-
Hijack Loader Delivers PureHVNC in Latin America; Insider Sells Exploits
Hijack Loader used malicious SVGs to deliver PureHVNC in Latin America; a separate DOJ case details an insider selling exploit tooling for cryptocurrency.
-
North Korea’s ‘Contagious Interview’ Malware Delivery
North Korean threat actors in the “Contagious Interview” campaign are now using JSON storage services to host and deliver malicious payloads, signaling an evolving strategy to evade detection and maintain persistence.
-
What is Operation Endgame?
Operation Endgame is a major international law enforcement initiative aimed at disrupting and dismantling significant cybercrime infrastructure globally, targeting widespread malware families, botnets, and other illicit tools.
-
Defense Marketing: Information Leakage & National Security
This article discusses the paradox of defense marketing, where emerging defense companies, in their pursuit of market position and investment, inadvertently leak sensitive information, compromising national security and strategic deterrence.
-
What is an npm Worm?
An npm worm is a self-propagating campaign that exploits the npm registry by distributing fake or deceptive software packages to flood the registry. These financially motivated campaigns often use automated means, deceptive naming schemes, and self-propagating mechanisms to proliferate and obscure legitimate packages within the software supply chain, posing a significant risk to its integrity…
-
Why Natural Disasters Outpace Cyber Threats in Destructive Power
This article provides a ‘Cyber Threat Perspective,’ comparing the destructive power of cyber incidents with natural catastrophes. It highlights that while cyberattacks cause economic disruption and data loss, their long-term physical destruction rarely matches the damage from natural disasters. The piece emphasizes the importance of a balanced view for robust risk management and policy-making.
-
Unnamed APT Exploits Zero-Days in Citrix and Cisco, Targeting Critical Infrastructure
An unnamed advanced persistent threat (APT) group exploited zero-day vulnerabilities in Citrix NetScaler ADC and Gateway, dubbed “CitrixBleed 2,” and a critical flaw in Cisco Identity Service Engine (ISE). The attacks targeted essential identity and network access control infrastructure.