New Eternidade Stealer Uses WhatsApp to Steal Banking Data
Trustwave SpiderLabs warns of Eternidade Stealer, a new banking trojan spreading via personalised WhatsApp messages. Find out how this malicious software bypasses security checks and deploys fake login screens for major banks and wallets.
Comet Browser Flaw Lets Hidden API Run Commands on Users’ Devices
SquareX warns Perplexity's Comet AI browser contains a hidden MCP API that bypasses security, allowing attackers to install malware and seize full device control.
Fortinet Issues Fixes as FortiWeb Takeover Flaw Sees Active Attacks
Two FortiWeb vulnerabilities, including a critical unauthenticated bypass (CVE-2025-64446), are under attack. Check logs for rogue admin accounts and upgrade immediately.
Cline Bot AI Agent Vulnerable to Data Theft and Code Execution
Mindgard reveals 4 critical security flaws in the popular Cline Bot AI coding agent. Learn how prompt injection can hijack the tool for API key theft and remote code execution.
Microsoft Azure Blocks 15.72 Tbps Aisuru Botnet DDoS Attack
Microsoft Azure halted a record 15.72 Tbps DDoS attack from the Aisuru botnet exposing risks created by exposed home devices exploited in large-scale cyber attacks.
EchoGram Flaw Bypasses Guardrails in Major LLMs
HiddenLayer reveals the EchoGram vulnerability, which bypasses safety guardrails on GPT-5.1 and other major LLMs, giving security teams just a 3-month head start.
DoorDash hit by data breach after an employee falls for social engineering scam
Food delivery giant DoorDash confirms a data breach on Oct 25, 2025, where an employee fell for a social engineering scam. User names, emails, and home addresses were stolen.
CISA Warns of Active Attacks on Cisco ASA and Firepower Flaws
CISA issues an urgent directive for all organizations to patch Cisco ASA and Firepower devices against CVE-2025-20362 and CVE-2025-20333, exploited in the ArcaneDoor campaign. Verify the correct version now!
Chinese State Hackers Jailbroke Claude AI Code for Automated Breaches
Anthropic, the developer behind Claude AI, says a Chinese state sponsored group used its model to automate most of a cyber espionage operation against about 30 companies with Claude handling up to 90% of the technical work.
Chinese Tech Firm Leak Reportedly Exposes State Linked Hacking
A massive data leak reportedly at Chinese firm Knownsec (Chuangyu) exposed 12,000 files detailing state-backed 'cyber weapons' and spying on over 20 countries. See the details, including 95GB of stolen Indian immigration data.