North Korea’s ScarCruft Targets Academics With RokRAT Malware
A new report reveals North Korea-linked ScarCruft is using RokRAT malware to target academics in a phishing campaign.…
Feds Seize VerifTools.Net, Operators Relaunch with VerifTools.com
Authorities in the United States and the Netherlands have seized VerifTools, a marketplace selling fake IDs for cybercrime.…
WhatsApp 0-Day Exploited in Attacks on Targeted iOS and macOS Users
WhatsApp has patched a critical 0-day (CVE-2025-55177) that allowed zero-click spyware attacks on iOS and Mac users. The…
Hackers Exploit CrushFTP Zero-Day to Take Over Servers
WatchTowr Labs uncovers a zero-day exploit (CVE-2025-54309) in CrushFTP. The vulnerability lets hackers gain admin access via the…
8 Malicious NPM Packages Stole Chrome User Data on Windows
JFrog researchers found eight malicious NPM packages using 70 layers of obfuscation to steal data from Chrome browser…
Fake Facebook Ads Push Brokewell Spyware to Android Users
A Facebook malvertising campaign is spreading the Brokewell spyware to Android users via fake TradingView ads. The malware…
TransUnion Data Breach: 4.4 Million US Consumers’ Data Stolen
A TransUnion data breach exposed 4.4 million US consumers’ Social Security numbers via a Salesforce hack. The attack…
CISA Adds Citrix and Git Flaws to KEV Catalogue Amid Active Exploitation
CISA has added three actively exploited vulnerabilities in Citrix and Git to its KEV Catalogue. Federal agencies must…
Thousands of Developer Credentials Stolen in macOS “s1ngularity” Attack
A supply chain attack called “s1ngularity” on Nx versions 20.9.0-21.8.0 stole thousands of developer credentials. The attack targeted…
UK and US Blame Three Chinese Tech Firms for Global Cyberattacks
A coalition of international cybersecurity agencies led by the UK’s National Cyber Security Centre (NCSC) has publicly linked…