A sophisticated email campaign has been uncovered targeting users in Spain, Italy, and Portugal, distributing the cross-platform RATty RAT. The campaign uses the legitimate Spanish email service provider serviciodecorreo.es to send phishing emails.

Google has released Chrome 136 for Windows, Mac, and Linux, introducing critical privacy and security enhancements. The update addresses a 23-year-old privacy flaw and patches multiple vulnerabilities, including a critical heap buffer overflow.

Security researchers at Shelltrail have discovered three critical vulnerabilities (CVE-2025-ZZZ-01, CVE-2025-ZZZ-02, CVE-2025-ZZZ-03) in the IXON VPN client. These vulnerabilities enable privilege escalation on Windows and Linux systems.

According to researchers, the attack begins when victims are persuaded to click on malicious meeting links that exploit a vulnerability in Cisco Webex App’s custom URL parser.

A newly discovered Android malware strain named Gorilla is actively targeting users by intercepting SMS messages containing one-time passwords (OTPs), particularly from banking services and platforms like Yandex.

The Banshee Stealer can rob sensitive data, including passwords from macOS Keychain, system information, and data from popular web browsers like Safari, Chrome, and Firefox. It can also access cryptocurrency wallets and plugins.

The "Dark Skippy" method allows hackers to steal Bitcoin hardware wallet keys by embedding secret data into public Bitcoin transactions, which can then be used to extract a person's seed words.

Cyber threat operation ClearFake distributes fake antivirus software to trick users into believing their systems are infected, leading to requests for payment or installation of more malware.

Threat actors have introduced Doubleface ransomware, claiming it to be fully undetectable by major antivirus software. The ransomware utilizes a unique algorithm with AES-128 and RSA-4096 encryption, making decryption difficult without the right key.

The attack begins with emails from an Amazon SES client containing empty PDF attachments and a message from Docusign. Despite some checks failing, the emails can still appear legitimate due to the compromised source.