Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
BlueNoroff’s GhostCall and GhostHire: macOS-focused campaigns hitting crypto and Web3 firms
Kaspersky researchers have identified two coordinated BlueNoroff operations—GhostCall and GhostHire—active since April 2025 and aimed primarily at cryptocurrency and Web3 ...
Memento Labs Confirms Dante Spyware Used in ‘Forum Troll’ Campaign Exploiting Chrome CVE‑2025‑2783
Memento Labs CEO Paolo Lezzi has confirmed that the spyware known as Dante—recently detected by Kaspersky during live operations—is a ...
Brash vulnerability in Blink enables document.title DoS against Chromium browsers
A newly disclosed vulnerability known as Brash abuses how the Blink rendering engine handles document.title updates, enabling a browser denial‑of‑service ...
Mustang Panda Abuses Unpatched Windows LNK Vulnerability (CVE-2025-9491) to Deploy PlugX in Europe
China-linked threat actor UNC6384 (Mustang Panda) has mounted a coordinated cyber-espionage campaign against European diplomatic and government organizations by exploiting ...
TEE.Fail: DDR5 Memory-Bus Attack Undermines Attestation in Intel SGX/TDX and AMD SEV‑SNP
Researchers from the Georgia Institute of Technology and Purdue University have disclosed TEE.Fail, a practical attack on trusted execution environments ...
Ribbon Communications reports suspected state-sponsored intrusion, highlighting telecom supply‑chain risk
Ribbon Communications has disclosed unauthorized access to its IT environment, attributing the activity to a likely state-aligned threat actor. The ...
X sets 10 November deadline to re-register passkeys and security keys due to x.com migration
X (formerly Twitter) has notified users that they must re-register their passkeys and hardware security keys used for two‑factor authentication ...
DeliveryRAT Android Trojan Evolves into Mobile Botnet with DDoS, Phishing Screens, and Mass SMS
Researchers at F6 have documented a substantial evolution of the Android trojan DeliveryRAT, which disguises itself as delivery services, marketplaces, ...
Herodotus Android Banking Trojan Evades Behavioral Biometrics with Human‑Like Input
ThreatFabric has profiled a new Android banking trojan dubbed Herodotus that targets users in Italy and Brazil and is already ...
Atroposia Malware-as-a-Service: Modular RAT Adds Hidden RDP, Stealth Exfiltration, and DNS Hijacking for $200/Month
Varonis researchers report the emergence of Atroposia, a malware‑as‑a‑service (MaaS) platform marketed at $200 per month. Subscribers gain access to ...
