Hackers Weaponizing PDF Invoices to Attack Windows, Linux & macOS Systems

A sophisticated email campaign has been uncovered targeting users in Spain, Italy, and Portugal, distributing the cross-platform RATty RAT. The campaign uses the legitimate Spanish email service provider serviciodecorreo.es to send phishing emails.

Stealthy .NET Malware: Hiding Malicious Payloads as Bitmap Resources

A recent malware campaign leverages steganography to embed malicious payloads within bitmap resources of 32-bit .NET applications. These payloads are delivered via malspam targeting the financial sector in Türkiye and the logistics sector in Asia.

CVSS 10.0 Vulnerability Found in Ubiquity UniFi Protect Cameras

Ubiquity has disclosed two vulnerabilities in its UniFi Protect platform, including a critical RCE flaw (CVE-2025-23123) with a CVSS score of 10.0 and a medium-severity livestream access issue (CVE-2025-23164) with a CVSS score of 4.4.

Supply chain attack hits npm package with 45,000 weekly downloads

A supply chain attack has compromised the npm package rand-user-agent, which averaged 45,000 weekly downloads. Although deprecated, the package remained popular, making it an attractive target for attackers.

Microsoft Bookings Vulnerability Allows Unauthorized Changes to Meeting Details

A critical input validation vulnerability has been discovered in Microsoft Bookings, a scheduling tool integrated with Microsoft 365. The flaw allows attackers to inject arbitrary HTML into appointment fields.

Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal

The Agenda ransomware group (also known as Qilin) has intensified its operations in early 2025, targeting critical sectors such as healthcare, finance, technology, and telecommunications across the US, Netherlands, Brazil, India, and the Philippines.

Backdooring the IDE: Malicious npm Packages Hijack Cursor Ed...

Security researchers have uncovered a supply chain attack involving three malicious npm packages—sw-cur, sw-cur1, and aiide-cur—that target macOS installations of the Cursor AI IDE.

Using Blob URLs to Bypass SEGs and Evade Analysis

Threat actors are increasingly leveraging blob URIs (Uniform Resource Identifiers) to deliver credential phishing pages that bypass Secure Email Gateways (SEGs) and evade automated analysis.

SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version

Multiple critical vulnerabilities have been discovered in the on-premise version of SysAid IT support software, enabling pre-authenticated remote code execution (RCE) with elevated privileges.

Microsoft: April updates cause Windows Server auth issues

Microsoft has confirmed that the April 2025 security update (KB5055523) is causing authentication issues on domain controllers running Windows Server 2016, 2019, 2022, and 2025.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags