Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild

A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild. The vulnerability, CVE-2025-47812, is a case of improper handling of null ('\0') bytes in the server's web interface.

Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord

Cryptocurrency users are the target of an ongoing social engineering campaign that employs fake startup companies to trick users into downloading malware that can drain digital assets from both Windows and macOS systems.

Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques

The SLOW#TEMPEST campaign employs sophisticated obfuscation techniques such as dynamic jumps and obfuscated function calls to evade detection. CFG obfuscation disrupts the predictable execution flow, complicating both static and dynamic analysis.

macOS.ZuRu Resurfaces | Modified Khepri C2 Hides Inside Doctored Termius App

A new variant of the macOS.ZuRu malware has resurfaced, targeting macOS users through a trojanized version of the Termius SSH client. This version incorporates a modified Khepri C2 beacon and introduces new techniques for persistence.

Critical Bluetooth Protocol Vulnerabilities Expose Devices to RCE Attacks

Security researchers have uncovered a critical set of Bluetooth vulnerabilities, dubbed PerfektBlue, in OpenSynergy’s BlueSDK framework. These flaws affect millions of devices, including in-vehicle infotainment systems.

Asus and Adobe vulnerabilities

Researchers have discovered four critical vulnerabilities—two in Asus Armoury Crate and two in Adobe Acrobat Reader. These vulnerabilities have been patched by their respective vendors.

AMD warns of new Meltdown, Spectre-like bugs affecting CPUs

AMD has disclosed four new side-channel vulnerabilities, collectively termed Transient Scheduler Attacks (TSA), affecting a broad range of its CPUs. Successful exploitation of the TSA vulnerabilities could lead to information disclosure.

Browser extensions turn nearly 1 million browsers into website-scraping bots

A recent investigation uncovered that 245 browser extensions—installed on nearly 1 million devices—are covertly turning users' browsers into web scraping bots. These extensions, available on Chrome, Firefox, and Edge, embed the MellowTel-jsx library.

DoNot APT is expanding scope targeting European foreign ministries

DoNot APT, also known as APT-C-35 and Origami Elephant, is a cyberespionage group likely linked to India. In a recent campaign, the group deployed a new malware variant, LoptikMod, to infiltrate European foreign ministries.

How to trick ChatGPT into revealing Windows keys? I give up

A researcher successfully bypassed ChatGPT 4.0's safety mechanisms to extract Windows product keys, including a private key owned by Wells Fargo, by framing the interaction as a guessing game.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags