Hackers Are After the Gaps in Your Vulnerability Program: Here’s Their Playbook

A forum thread titled “Hacking for Profit. Working method” offers a rare glance into how underground communities pass information about vulnerability exploitation and hacking techniques in a form of tutorial. The post, written by an actor using the name “Hercules”, is not especially long or technical.”Its value lies in breaking down a complex process into […]

Chinese hackers use new Atlas RAT malware in European cyberattacks

A Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. Tracked as TA4922, the threat actor is associated with financially motivated attacks aimed at breaching target networks for fraud, data theft, and the sale of access. TA4922 has previously targeted organizations in East Asia, but […]

U.S. sanctions Nobitex crypto exchange used by Iranian ransomware actors

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran’s largest cryptocurrency exchange, for facilitating payments related to terrorist activities. Nobitex is believed to have helped evade economic sanctions and also facilitated transactions linked to the Islamic Revolutionary Guard Corps (IRGC). Among the transactions, the U.S. authorities found wallets associated […]

CISA warns of active attacks exploiting Android, Linux bugs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. The most recent flaw the agency added to its Known Exploited Vulnerabilities (KEV) catalog, CVE-2025-48595, is a high-severity integer overflow vulnerability in the Android Framework, which can be leveraged for increased privileges. […]

VS Code zero-day lets hackers steal GitHub tokens in one click

A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a link. Microsoft classifies a software flaw as a zero-day if it is publicly disclosed and/or actively exploited with no official patch currently available. As researcher Ammar Askar explained […]

Over 116,000 Minecraft systems infected in WeedHack malware campaign

A large-scale malware campaign dubbed WeedHack is targeting Minecraft players and has infected more than 116,000 systems since January. The malware is distributed through Minecraft-related malicious mods, clients, cheats, and utilities that are promoted over YouTube and SEO (search engine optimization) poisoning. WeedHack works as a malware-as-a-service (MaaS) infostealer operation that offers a dashboard for […]

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. Thousands of websites have been compromised in DriveSurge campaigns to redirect visitors to malware-delivery infrastructure, according to researchers at cybersecurity company SilentPush. ClickFix is a popular social engineering tactic that deceives victims into copying […]