Researchers at Zimperium report a sharp rise in Android malware aimed at contactless payments across Eastern Europe. More than 760 NFC-focused samples have been identified in recent months, with threat actors abusing legitimate Android mechanisms to skim payment data and execute unauthorized transactions. The attack tempo is not slowing; it is accelerating, making mobile tap-to-pay … Read more
Security researchers at Koi Security report a protracted npm supply chain operation dubbed PhantomRaven that has uploaded 126 malicious packages since August 2024, accumulating more than 86,000 downloads. At the time of their publication, roughly 80 packages were still active. The campaign’s defining feature is its use of Remote Dynamic Dependencies (RDD)—a technique that fetches … Read more
Security researchers at LayerX have identified a vulnerability in OpenAI’s new ChatGPT Atlas browser that combines Cross-Site Request Forgery (CSRF) with the product’s persistent memory. The issue allows an attacker to plant hidden, durable instructions into the AI assistant’s memory, enabling unintended actions that persist across sessions and devices. According to LayerX, the impact ranges … Read more
According to Coveware’s latest Q3 2025 ransomware report, the share of organizations that pay after an incident has fallen to a historic low. Only 23% of victims paid a ransom, down from 28% in early 2024. The average payment dropped to $377,000, and the median fell to $140,000, extending a six-year decline in both payment … Read more
Users of the LastPass password manager are being hit by a large‑scale phishing wave that began in mid‑October 2025. The lure impersonates LastPass’s Emergency Access feature to create urgency around a supposed inheritance scenario, pushing victims to “cancel” a fabricated request and, in the process, surrender credentials on a spoofed site. How the phishing works: … Read more
Wordfence has observed a large-scale, automated campaign abusing critical vulnerabilities in the WordPress plugins GutenKit and Hunk Companion. Over a two-day window, the company’s web application firewall blocked approximately 8.7 million malicious requests, indicating broad, scripted exploitation against unpatched sites. Critical CVEs: Unauthenticated REST API to Remote Code Execution The threat actors are chaining three … Read more
A high‑impact vulnerability, CVE-2025-11705, has been identified in the popular WordPress plugin Anti‑Malware Security and Brute‑Force Firewall, enabling authenticated users with minimal privileges to read arbitrary files on the server. The plugin is installed on more than 100,000 sites. At the time of writing, only about half of those sites are reported to have applied … Read more
Mozilla is introducing mandatory data collection disclosures for Firefox extensions, aiming to strengthen transparency and user control. The new requirements activate on November 3, 2025, with full enforcement across the add-on ecosystem in the first half of 2026. This change affects how developers declare the types of data their extensions access and how users grant … Read more
Microsoft has released out-of-band security updates to address a critical flaw in Windows Server Update Services (WSUS), tracked as CVE-2025-59287. The vulnerability enables unauthenticated remote code execution (RCE) with SYSTEM-level privileges. A public proof-of-concept (PoC) already exists, and security firms report early signs of exploitation in the wild, elevating patch urgency for organizations relying on … Read more
Kaspersky researchers have identified two coordinated BlueNoroff operations—GhostCall and GhostHire—active since April 2025 and aimed primarily at cryptocurrency and Web3 companies in India, Turkey, Australia, and multiple countries across Europe and Asia. The threat actor blends persuasive social engineering with multi‑stage delivery chains to compromise macOS endpoints and exfiltrate digital assets and credentials. BlueNoroff’s evolution: … Read more
