A malicious campaign involving 30 Chrome extensions, known as AiFrame, has been identified, affecting over 300,000 users. These extensions masquerade as AI assistants to steal credentials, email content, and browsing information.

World Leaks, a notorious cyber-criminal group, has enhanced its attack arsenal with a new malware named 'RustyRocket'. This sophisticated toolset is a critical component of World Leaks' operations.

CISA has added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2024-43468, CVE-2025-15556, CVE-2025-40536, and CVE-2026-20700. These vulnerabilities are actively exploited and pose significant risks to organizations.

CISA has released two new ICS advisories on December 30, 2025. These advisories address vulnerabilities in WHILL C2 Wheelchairs and AzeoTech DAQFactory, providing critical information on current security issues and exploits.

Apple has addressed a zero-day vulnerability, CVE-2026-20700, in its Dynamic Link Editor (dyld), which was exploited in highly sophisticated attacks targeting specific individuals. This marks the first zero-day fix in 2026.

ZeroDayRAT is a sophisticated mobile spyware platform targeting Android and iOS devices, offering cybercriminals full remote control. It poses significant risks to both individuals and enterprises

The Phorpiex malware is being used in a high-volume phishing campaign to deliver Global Group ransomware. Attackers use Windows shortcut files with double extensions (e.g., Document.doc.lnk) and visual cues to disguise malicious files.

Attackers are exploiting a decade-old EnCase driver to disable 59 endpoint security products. The driver's certificate, issued on December 15, 2006, allows it to load on modern Windows systems due to Microsoft's backward compatibility policies.

The Ilevia EVE X1 Server has been found to contain multiple critical vulnerabilities that could allow attackers to execute arbitrary commands, disclose sensitive information, and escalate privileges.

Marco Stealer is a sophisticated information stealer targeting browser data, cryptocurrency wallets, and sensitive files. It employs advanced anti-analysis techniques and uses AES-256 encryption for secure C2 communication.