The campaign’s infection chain was first detected in early 2025, targeting users booking trips to Palawan, Philippines. Within a week, the attack vector shifted to a hotel in Munich, Germany, indicating a broader global focus on travel-related sites.

The vulnerability stems from improper session management, potentially exposing sensitive user information and enabling attackers to hijack accounts. Zoho has confirmed that the issue has been resolved in ADSelfService Plus version 6511.

Experts from multiple blockchain security companies said Monday that the hackers were able to move all of the stolen ETH coins to new addresses — the first step taken before the funds can be laundered further.

Nvidia has issued a security update addressing two vulnerabilities (CVE-2024-0114 and CVE-2024-0141) in its Hopper HGX 8-GPU HMC, including a high-severity flaw that could allow unauthorized code execution, privilege escalation, and data tampering.

In the latest Poco RAT campaign, the hackers used phishing emails to impersonate financial institutions and business service providers. Victims received emails warning them of overdue invoices, with attachments disguised as official documents.

The vulnerability stems from improper path validation in the processAtatchmentDataStream method. This flaw allows attackers to bypass directory restrictions and upload malicious files outside the intended directory.

The attack campaign, attributed by Proofpoint to a cluster known as UNK_CraftyCamel, employed a sophisticated infection chain to deploy a newly discovered backdoor named Sosano.

The Vim project has released patch v9.1.1164, which addresses CVE-2025-27423. Users are strongly advised to update their Vim installations to this version or later immediately.

Researchers tracked a global network of IT workers posing as Vietnamese, Japanese, and Singaporean nationals attempting to obtain employment in remote engineering and full-stack blockchain developer positions in Japan and the US.

The three zero-day vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) impact VMware ESX products, including VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform.