Kaspersky researchers have reported the first confirmed in-the-wild deployment of the commercial surveillance platform Dante, attributed to Memento Labs (formerly Hacking Team). The tooling surfaced during the investigation of an advanced persistent threat (APT) operation dubbed Forum Troll, which targeted personnel at Russian media, government, education, and financial institutions. From Hacking Team to Memento Labs: … Read more

Internet Systems Consortium (ISC) has released security updates for BIND 9 that remediate three significant vulnerabilities in the recursive resolver. Two bugs open paths for DNS cache poisoning and one enables denial of service. Patched builds are available in 9.18.41, 9.20.15, and 9.21.14; the BIND Supported Preview Edition (SPE) is updated to 9.18.41‑S1 and 9.20.15‑S1. … Read more

Reports claiming “183 million Gmail accounts were hacked” triggered widespread concern, but Google has confirmed no compromise of Gmail’s infrastructure occurred. The dataset fueling the headlines is an aggregation of credentials sourced from infostealer malware logs and historical breaches, surfaced via the Synthient threat analysis platform and later indexed by Have I Been Pwned (HIBP). … Read more

A leaked set of slides from a closed Cellebrite briefing, shared on the GrapheneOS forums by an anonymous user known as rogueFed, outlines which Google Pixel models and device states are susceptible to data extraction. The documents indicate a clear trend: Pixel phones running GrapheneOS exhibit substantially stronger resistance to forensic acquisition than those on … Read more

Researchers at SquareX have detailed a new attack surface for agentic AI browsers—AI Sidebar Spoofing—that lets malicious browser extensions overlay a fake assistant sidebar on top of the genuine interface. The spoofed panel captures user input and steers decisions invisibly, putting products such as OpenAI’s ChatGPT Atlas and Perplexity’s Comet at risk. How UI spoofing … Read more

Google has taken down more than 3,000 videos linked to the so‑called YouTube Ghost Network, a sprawling malware distribution operation documented by Check Point. Researchers say the activity has been ongoing since 2021 and surged sharply in 2025, effectively tripling in volume. The core objective: to push the Rhadamanthys and Lumma infostealers by disguising them … Read more

Security researchers at NeuralTrust have disclosed an intent‑spoofing weakness in the ChatGPT Atlas agent browser. The issue stems from the browser’s omnibox—a single input for URLs, search queries, and natural‑language commands. By crafting a “link‑like” string that fails strict URL parsing but contains embedded instructions, an attacker can cause Atlas to interpret the input as … Read more

Security researchers from Dr.Web report a new Android backdoor, dubbed Baohuo (Android.Backdoor.Baohuo.1.origin), that piggybacks on tampered builds of Telegram X. The trojan preserves full messenger functionality while gaining elevated privileges to exfiltrate credentials and chats, conceal active sessions, and silently act on the user’s behalf. Telemetry indicates more than 58,000 infected devices and roughly 20,000 … Read more

Palo Alto Networks has documented a newly tracked criminal cluster dubbed Jingle Thief that systematically compromises cloud identities at retailers and consumer services companies to mass‑issue unauthorized gift cards and offload them on gray marketplaces. The operation prioritizes abusing Microsoft 365 and Entra ID controls rather than deploying endpoint malware, reducing the chance of detection … Read more

Two vulnerabilities in Broadcom NetXtreme‑E high‑speed NIC firmware, widely deployed across servers and data‑center infrastructure, have been fixed following disclosure by Positive Labs. The defects affected firmware version 231.1.162.1 and, if exploited, could undermine virtual machine isolation and trigger network outages on the host. Organizations should prioritize updating to the latest Broadcom firmware and align … Read more