Researchers at Socket have identified seven malicious npm packages that weaponized the cloud-based traffic service Adspect to hide their behavior and redirect users to cryptocurrency scam websites. The incident illustrates how legitimate anti-bot and traffic-filtering tools can be repurposed as cloaking mechanisms in software supply chain attacks against the open-source ecosystem. How Attackers Abused npm … Read more
Attackers are actively abusing a critical remote code execution (RCE) vulnerability CVE-2023-48022 in the popular Ray framework to hijack artificial intelligence (AI) clusters and assemble a self-propagating botnet dubbed ShadowRay 2.0. Research by Oligo Security shows that compromised Ray clusters are being weaponized for cryptomining, data theft, distributed denial-of-service (DDoS) attacks and automated internet-wide scanning. … Read more
SecurityScorecard researchers have disclosed a large-scale malware operation dubbed WrtHug, targeting consumer and SOHO Asus routers. The campaign has already compromised an estimated 50,000 devices, primarily older AC and AX series models that are no longer regularly updated. This incident highlights how poorly maintained home networking equipment has become a strategic asset for cybercriminals and … Read more
Google Threat Intelligence Group (GTIG) has detailed a multi‑year cyber espionage operation attributed to the Chinese threat actor APT24 (also known as Pitty Tiger). The campaign, active for roughly three years, targets organizations in the United States and Taiwan and relies on a previously undocumented malware family dubbed BadAudio to steal sensitive intellectual property. Target … Read more
Microsoft has announced plans to add Sysmon (System Monitor) as a native, installable component in Windows 11 and Windows Server 2025 starting in 2026. This move significantly changes how enterprises deploy and maintain one of the most widely used tools for Windows security monitoring, incident response, and threat hunting. Sysmon in Windows 11 and Windows … Read more
In the second half of last month, CrowdStrike, one of the leading global cybersecurity vendors, confirmed an insider-driven data leak involving screenshots of internal systems. The images were later used by the cybercriminal coalition Scattered Lapsus$ Hunters to claim a broader compromise of CrowdStrike’s infrastructure, raising questions about insider risk and single sign-on (SSO) security. … Read more
A critical security flaw tracked as CVE-2025-41115 has been discovered in the commercial edition of Grafana Enterprise, scoring the maximum 10.0 on the CVSS scale. Under specific conditions, an attacker can create an account that Grafana treats as an existing internal user — including administrators — leading to complete compromise of the affected Grafana instance. … Read more
The popular dual-band router D-Link DIR-878, widely used in homes and small offices, has been found to contain several serious security vulnerabilities. D-Link has officially acknowledged the issues but confirmed that the model is no longer supported and will not receive firmware updates. In practice, owners are left with one reliable option: hardware replacement. New … Read more
Microsoft has effectively shut down one of the most widely used illicit activation methods for Windows—KMS38. Users report that the offline mechanism no longer functions on Windows 10 and Windows 11, despite the absence of explicit notes in recent release documentation. This outcome caps years of incremental hardening aimed at informal tools from the Massgrave … Read more
A critical remote code execution (RCE) vulnerability CVE-2025-24893 in XWiki Platform is being actively exploited by the emerging RondoDox botnet, with attack traffic growing sharply since early November. The flaw has already been added to the CISA Known Exploited Vulnerabilities (KEV) catalog, which typically signals widespread exploitation in the wild and elevates the urgency for … Read more
