Researchers from the Solar 4RAYS team have identified a previously unknown modular backdoor dubbed ShadowRelay inside the infrastructure of a Russian government organization. The malware is designed for long‑term, covert presence, loading of additional espionage modules, and remote control of hosts that have no direct access to the internet. Discovery of the ShadowRelay modular backdoor … Read more
The newly disclosed StackWarp vulnerability (CVE-2025-29943) exposes a critical weakness in AMD’s confidential computing stack, affecting a wide range of Zen 1 through Zen 5 processors. Researchers from the Helmholtz Center for Information Security (CISPA) have shown that a privileged attacker on the host can subvert AMD SEV-SNP, compromising the integrity of code execution inside … Read more
A critical security flaw in the popular Modular DS plugin for WordPress is being actively exploited to take over production websites. Tracked as CVE-2026-23550, the vulnerability affects all versions of the plugin up to and including 2.5.1 and has been assigned the maximum CVSS score of 10.0, reflecting its potential for complete site compromise without … Read more
Microsoft has released an out-of-band update, Windows 11 KB5077797, after January’s cumulative patches disrupted core power management features in the operating system. Affected PCs stopped shutting down, rebooting, or entering sleep correctly, impacting both home users and enterprise environments that rely on predictable shutdown and maintenance windows. Emergency Windows 11 update KB5077797: what the patch … Read more
Google is expanding the use of artificial intelligence in Chrome security while simultaneously giving users more control over these technologies. In the experimental Chrome Canary build, a new option has appeared that allows users to disable and remove the local AI model that powers the browser’s Enhanced Protection feature. Chrome Enhanced Protection and the role … Read more
CyberArk researchers have uncovered a critical XSS vulnerability in the web-based admin panel of the well-known info‑stealer StealC, and successfully turned it against the malware’s own operators. By exploiting insecure code in the management interface, the team collected technical details about attackers’ devices, their approximate geolocation, and even hijacked active sessions via stolen cookies. StealC … Read more
Operators of the Gootloader malware family have adopted an unusual evasion technique that significantly complicates the work of antivirus engines, sandboxes, and automated analysis tools. The loader is now delivered inside an intentionally corrupted ZIP archive assembled from hundreds of other ZIP files, causing many popular utilities to fail when attempting to unpack it. How … Read more
Microsoft’s January security updates address two high-severity Windows NTFS driver vulnerabilities in ntfs.sys, the core component responsible for the NTFS file system in all modern versions of Windows. Both flaws, discovered by Positive Technologies researcher Sergey Tarasov, enable local privilege escalation to SYSTEM, effectively granting an attacker full control over a compromised Windows host after … Read more
The security of legacy Windows environments has taken a significant hit: Mandiant has released rainbow tables capable of cracking any Net-NTLMv1 hash in under 12 hours using hardware that costs less than $600. The tables, hosted in Google Cloud, target the Net-NTLMv1 protocol variant commonly used for network authentication to services such as SMB file … Read more
Researchers from the Computer Security and Industrial Cryptography (COSIC) group at KU Leuven have disclosed a critical Google Fast Pair vulnerability, tracked as CVE-2025-36911 and dubbed WhisperPair. The flaw allows attackers to silently take over millions of Bluetooth headphones and speakers, force connections, track users’ movements and, in some cases, activate microphones for covert eavesdropping. … Read more
