Security analysts at Doctor Web have reported the discovery of Trojan.ChimeraWire, an unusual Windows-focused Trojan that weaponizes the Google Chrome browser to generate fake yet highly realistic user activity. Instead of encrypting data or stealing funds, this malware is designed to manipulate search rankings and traffic metrics while staying largely invisible to the victim. How … Read more

Security researchers at Zimperium have identified a new family of Android malware dubbed DroidLock. The threat stands out because it merges two dangerous capabilities: ransomware-style device locking and remote access trojan (RAT) functionality. Once installed, DroidLock can block access to the smartphone, demand a ransom, and at the same time give attackers near-complete control over … Read more

A large-scale analysis of credential leaks from 2023 to 2025 conducted by Kaspersky Lab highlights a long‑standing problem in password security: users continue to rely on weak, recycled passwords and frequently keep them unchanged for years, even after those passwords appear in public data breaches. Key findings from the 2023–2025 global password breach analysis Researchers … Read more

A critical zero‑day vulnerability in Gogs, a lightweight self‑hosted Git service written in Go and widely deployed as an alternative to GitLab and GitHub Enterprise, has triggered a large‑scale exploitation campaign. Tracked as CVE-2025-8110, the flaw enables remote code execution (RCE) and has already led to the compromise of hundreds of Gogs servers worldwide. Critical … Read more

Within days of the disclosure of the critical React2Shell (CVE-2025-55182) vulnerability, threat hunters from Sysdig have observed active exploitation against Next.js applications to deploy a new Linux-focused malware family dubbed EtherRAT. The malware abuses Ethereum smart contracts as a command-and-control (C2) layer and implements several persistence mechanisms, turning vulnerable React Server Components into an attractive … Read more

Microsoft has closed 57 security vulnerabilities in its December 2025 Patch Tuesday release, including three zero‑day issues affecting Windows, GitHub Copilot for JetBrains, and Windows PowerShell. One of these, a privilege escalation flaw in Windows, is already being actively exploited to gain SYSTEM‑level access, making timely patch deployment critical for both enterprise and individual users. … Read more

Google has unveiled a multi-layer security architecture for Chrome AI agents powered by Gemini, targeting one of the most pressing risks in modern AI: indirect prompt injection and fraud in the browser. The new protections are designed for scenarios where a Gemini-based agent autonomously browses the web, opens pages, parses content, clicks buttons, fills out … Read more

Analyst firm Gartner has released a report titled “Cybersecurity Should Block AI Browsers for Now”, advising organizations to temporarily restrict or fully block the use of AI-powered browsers in corporate environments. According to the report, the current generation of such tools introduces disproportionate cybersecurity and privacy risks, ranging from silent data leakage to unauthorized transactions … Read more

The U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) has released updated ransomware statistics based on thousands of suspicious activity reports filed under the Bank Secrecy Act. The data confirms that ransomware remains one of the most lucrative forms of cybercrime, with victims paying more than $4.5 billion to extortion groups between 2013 and 2024. FinCEN … Read more

The European Commission has imposed a €120 million fine on X (formerly Twitter) for alleged violations of the Digital Services Act (DSA), focusing on three areas with direct cybersecurity and information security implications: a misleading account verification system, an opaque advertising repository, and barriers to researcher access to public platform data. Digital Services Act (DSA): … Read more