A newly identified Android banking trojan named Sturnus is raising concern among mobile security researchers. First documented by ThreatFabric, this malware combines classic banking fraud tools with full-featured remote-access capabilities, allowing attackers to read private messages, bypass end‑to‑end encryption on popular messengers, and control infected smartphones almost as if they were holding them in their … Read more

Dutch law enforcement has dismantled a major bulletproof hosting operation, seizing around 250 physical servers in data centers in The Hague and Zoetermeer. The takedown simultaneously knocked offline thousands of virtual servers that investigators say were heavily involved in cybercriminal activity. Large-Scale Takedown of Bulletproof Hosting in the Netherlands According to police statements, the unnamed … Read more

The widely used open-source archiver 7-Zip, long perceived as a safe and reliable utility, is now at the center of a serious security incident. According to a recent alert from NHS England Digital, the vulnerability CVE-2025-11001 in the Windows version of 7-Zip is being actively exploited in real-world attacks. Organizations are strongly advised to upgrade … Read more

CloudLinux has released a fix for a critical remote code execution (RCE) vulnerability in AI-bolit, the malware scanner component bundled with ImunifyAV and Imunify360 widely deployed by Linux hosting providers. Under certain scan conditions, an attacker could trigger arbitrary command execution on the host. Upgrading to AI-bolit 32.7.4.0 or newer addresses the flaw; a CVE … Read more

Dozens of paying clients of the Rhadamanthys info-stealer report sudden loss of access to their servers and web control panels. Forum posts surfaced by researchers g0njxa and Gi7w0rm, and cited by BleepingComputer, indicate a suspected intervention by German law enforcement, while associated Tor resources for Rhadamanthys have also gone offline—without the typical seizure notice that … Read more

Anthropic has disclosed a mid-September 2025 campaign in which the Chinese-linked APT group GTG-1002 used agentic artificial intelligence—specifically Claude Code and the Model Context Protocol (MCP)—to conduct coordinated intrusions against roughly 30 large organizations. Targets included technology firms, financial institutions, chemical manufacturers, and government entities. In several cases, the actors achieved access and exfiltrated data. … Read more

Microsoft’s latest Patch Tuesday resolves 63 vulnerabilities across Windows and related components. The release includes an actively exploited zero‑day in the Windows kernel (CVE‑2025‑62215), four issues rated critical, and dozens of high‑severity bugs affecting privilege escalation, remote code execution (RCE), information disclosure, and security feature bypass. Organizations should prioritize deployment on exposed endpoints and servers … Read more

Comparitech analyzed more than two billion passwords leaked in 2025 and circulating across hacker forums, Telegram channels, and other marketplaces. The results reinforce a long‑standing reality: ubiquitous, trivial passwords such as “123456”, “admin”, and “password” still dominate breach data, keeping credential‑based attacks highly effective. Most common passwords in 2025 leaks: patterns that won’t die Beyond … Read more

Cybersecurity researchers have identified a critical cryptographic weakness in the new Midnight ransomware, a strain derived from the leaked Babuk source code. The implementation error in the ransomware’s RSA key management opened the door for Norton to release a free decryptor that can restore files on impacted Windows systems. Midnight ransomware: Babuk heritage and focus … Read more

A new self-replicating campaign is saturating the npm ecosystem with spam packages. The worm, tracked as IndonesianFoods, is publishing new packages every 7–10 seconds and has already pushed 100,000+ releases with pseudo‑random names—often themed after Indonesian cuisine. While no malicious payload has been confirmed inside the packages to date, the automation and scale create material … Read more