Ukraine’s army targeted in new charity-themed malware campaign

Officials of Ukraine’s Defense Forces were targeted in a charity-themed campaign between October and December 2025 that delivered backdoor malware called PluggyApe. Ukraine’s CERT says in a report that the attacks were likely launched by the Russian threat group known as ‘Void Blizzard’ and ‘Laundry Bear’, although there is medium confidence in attribution. Laundry Bear is […]

New VoidLink malware framework targets Linux cloud servers

A newly discovered advanced cloud-native Linux malware framework named VoidLink focuses on cloud environments, providing attackers with custom loaders, implants, rootkits, and plugins designed for modern infrastructures. VoidLink is written in Zig, Go, and C, and its code shows signs of a project under active development, with extensive documentation, and likely intended for commercial purposes. Malware analysts […]

Central Maine Healthcare breach exposed data of over 145,000 people

A data breach last year at Central Maine Healthcare (CMH) exposed sensitive information of more than 145,000 individuals. The hackers persisted on the organization’s systems for more than two months last year, between March 19 and June 1, when CMH discovered the intrusion. The CMH integrated healthcare delivery system serves at least 400,000 people and manages hospitals like Central Maine Medical Center […]

New Windows updates replace expiring Secure Boot certificates

Microsoft has started automatically replacing expiring Secure Boot certificates on eligible Windows 11 24H2 and 25H2 systems. Secure Boot is a security feature that blocks malicious software (like rootkit malware) from executing during the system startup sequence by ensuring that only trusted bootloaders can load on computers with UEFI firmware. This is done by checking the software’s digital […]

Hacker gets seven years for breaching Rotterdam and Antwerp ports

The Amsterdam Court of Appeal sentenced a 44-year-old Dutch national to seven years in prison for multiple crimes, including computer hacking and attempted extortion. The man was arrested in 2021 and convicted in 2022 by the Amsterdam District Court, but he appealed the sentence because authorities had unlawfully intercepted his communications, deriving incriminating evidence. These communications […]

Facebook login thieves now using browser-in-browser trick

Hackers over the past six months have relied increasingly more on the browser-in-the-browser (BitB) method to trick users into providing Facebook account credentials. The BitB phishing technique was developed by security researcher mr.d0x in 2022. Cybercriminals later adopted it in attacks targeting various online services, including Facebook and Steam. Trellix researchers monitoring malicious activity say that threat actors steal […]