Hackers Use Gh0st RAT to Hijack Internet Café Systems for Crypto Mining

A sophisticated malware campaign has been targeting South Korean Internet cafés since mid-2024, exploiting management software to deploy Gh0st RAT and T-Rex CoinMiner for unauthorized cryptocurrency mining.

Critical Hardcoded Credential Vulnerabilities in Consilium Salwico CS5000 Fire Panels

Critical vulnerabilities in Consilium Salwico CS5000 fire panels expose maritime vessels to severe operational risks. Hardcoded SSH and VNC credentials allow remote access, potentially disabling fire detection systems.

New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers

A newly discovered Remote Access Trojan (RAT) targeting Windows systems employs corrupted DOS and PE headers to evade detection and hinder analysis. The malware was found running undetected for several weeks on a compromised host.

Apache InLong JDBC Vulnerability Enables Deserialization of Untrusted Data

A moderate-severity vulnerability, CVE-2025-27522, has been identified in Apache InLong versions 1.13.0 through 2.1.0. It allows deserialization of untrusted data during JDBC verification, enabling attackers to bypass security mechanisms.

Cybercriminals camouflaging threats as AI tool installers

Cybercriminals are distributing malware disguised as AI tool installers, targeting users seeking AI solutions. Cisco Talos has identified three major threats: CyberLock ransomware, Lucky_Gh0$t ransomware, and a destructive malware named Numero.

Critical XSS Vulnerability in Argo CD (CVE-2025-47933) Enables Full Kubernetes Resource Manipulation

A critical cross-site scripting (XSS) vulnerability, tracked as CVE-2025-47933 and GHSA-2hj5-g64g-fp6p, has been discovered in Argo CD, a popular open-source GitOps tool for Kubernetes.

Ransomware Groups Exploit Cloudflared Tunnels for Stealthy Persistence

Ransomware groups such as BlackSuit, Royal, Akira, Scattered Spider, Medusa, and Hunters International are exploiting Cloudflared, a legitimate tunneling tool by Cloudflare, to conduct stealthy cyberattacks.

Microsoft Entra Design Lets Guest Users Gain Azure Control, Researchers Say

Guest users can gain full control over Azure subscriptions within a host tenant, enabling them to disable security monitoring, create persistent backdoors, and manipulate device trust settings.

Interlock ransomware gang deploys new NodeSnake RAT on universities

A new RAT named NodeSnake has been deployed by the Interlock ransomware group in targeted attacks against UK educational institutions. NodeSnake is under active development and is designed for persistent access to compromised networks.

Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor

A novel botnet campaign dubbed AyySSHush has compromised over 9,000 ASUS routers, including models RT-AC3100, RT-AC3200, and RT-AX55. The campaign leverages brute-force attacks, authentication bypass, and exploitation of known vulnerabilities.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags