Memento Labs CEO Paolo Lezzi has confirmed that the spyware known as Dante—recently detected by Kaspersky during live operations—is a product of his company. According to Lezzi, the sample observed in the incident was an outdated Windows agent slated for end‑of‑support by late 2025, with customers advised to discontinue that version as of December 2024. … Read more

A newly disclosed vulnerability known as Brash abuses how the Blink rendering engine handles document.title updates, enabling a browser denial‑of‑service (DoS) that can freeze or crash most Chromium‑based browsers in 15–60 seconds. The issue, reported by security researcher Jose Pino, stems from the absence of rate limiting on tab title changes, which triggers an extreme … Read more

China-linked threat actor UNC6384 (Mustang Panda) has mounted a coordinated cyber-espionage campaign against European diplomatic and government organizations by exploiting an unpatched Windows shortcut flaw, CVE-2025-9491. Research from Arctic Wolf and StrikeReady indicates the group is using the LNK parsing weakness to stealthily deliver the PlugX remote access trojan and gain persistent control of targeted … Read more

Researchers from the Georgia Institute of Technology and Purdue University have disclosed TEE.Fail, a practical attack on trusted execution environments (TEEs) that targets servers using DDR5 memory. The team demonstrates cryptographic key extraction and attestation forgery against Intel SGX/TDX and AMD SEV‑SNP, raising concerns about isolation guarantees in modern data centers and cloud platforms. What … Read more

Ribbon Communications has disclosed unauthorized access to its IT environment, attributing the activity to a likely state-aligned threat actor. The company reports the intrusion began in December 2024 and was detected in September 2025, indicating a prolonged, low-noise dwell period consistent with cyber‑espionage tradecraft. Incident facts and initial response According to a filing with the … Read more

X (formerly Twitter) has notified users that they must re-register their passkeys and hardware security keys used for two‑factor authentication (2FA) by 10 November. Accounts that do not update will face a temporary lock until users rebind their keys, switch to another 2FA method, or disable 2FA (the latter is not recommended). Who is affected … Read more

Researchers at F6 have documented a substantial evolution of the Android trojan DeliveryRAT, which disguises itself as delivery services, marketplaces, banking apps, parcel trackers, and even government services. The variant observed in the second half of 2025 extends far beyond data theft: it can execute DDoS attacks, deploy server-driven phishing screens on the victim device, … Read more

ThreatFabric has profiled a new Android banking trojan dubbed Herodotus that targets users in Italy and Brazil and is already expanding to additional regions. The malware’s standout capability is its deliberate simulation of human‑like input to evade behavioral biometrics used by banks and fintechs to detect automated fraud. Malware-as-a-Service model and Android 9–16 coverage According … Read more

Varonis researchers report the emergence of Atroposia, a malware‑as‑a‑service (MaaS) platform marketed at $200 per month. Subscribers gain access to a modular remote access trojan (RAT) offering encrypted command‑and‑control (C2), User Account Control (UAC) bypass on Windows, and stealthy persistence. By packaging post‑exploitation capabilities into a subscription, Atroposia lowers the technical barrier for cybercriminals and … Read more

Developers of LastPass have alerted users to a large-scale phishing operation that began in mid‑October 2025. The campaign impersonates “emergency access” and inheritance notifications, falsely claiming the account owner has died and that a trusted contact uploaded a death certificate. The lure is designed to drive victims to phishing pages where they are pressured to … Read more