BleepingComputer
'NoVoice' Android malware on Google Play infected 2.3 million devices
The NoVoice Android malware has been discovered on Google Play, infecting over 2.3 million devices. It exploits old Android vulnerabilities to gain root access and primarily targets WhatsApp for data theft.
New RoadK1ll WebSocket implant used to pivot on breached networks
RoadK1ll is a newly identified Node.js implant that enables threat actors to pivot within breached networks. It blends into normal network activity and does not rely on an inbound listener, using a custom WebSocket protocol for communication.
Mazda discloses security breach exposing employee and partner data
Mazda Motor Corporation has disclosed a security breach involving a system related to warehouse operations for parts procured from Thailand. The breach exposed sensitive data of employees and business partners.
Europe sanctions Chinese and Iranian firms for cyberattacks
The EU sanctioned three Chinese and Iranian companies for cyberattacks targeting devices and critical infrastructure. One company provided technical and material support that led to hacking more than 65,000 devices in six EU states.
GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions.
Apple pushes first Background Security Improvements update to fix WebKit flaw
Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade.
AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code
The AppsFlyer Web SDK was hijacked to spread crypto-stealing JavaScript code. This incident highlights the risks associated with third-party SDKs in supply-chain attacks.
Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw
Microsoft has released an out-of-band (OOB) hotpatch update for Windows 11 Enterprise devices to address vulnerabilities in the Windows Routing and Remote Access Service (RRAS) that could lead to remote code execution.
Termite ransomware breaches linked to ClickFix CastleRAT attacks
Velvet Tempest, also known as DEV-0504, is a threat group involved in ransomware attacks for over five years. They have been linked to ransomware strains such as Ryuk, REvil, Conti, BlackMatter, BlackCat/ALPHV, LockBit, and RansomHub.
WordPress membership plugin bug exploited to create admin accounts
A critical vulnerability in the User Registration & Membership plugin for WordPress is being actively exploited. This flaw allows attackers to create administrator accounts without authentication, affecting over 60,000 sites.
Defend Against Threats with Cyber Fusion
Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.
Learn More
Trending Tags
