News
-
APT37 Uses Facebook, Telegram in RokRAT Phishing Campaign
North Korea-linked APT37 used Facebook and Telegram to deliver RokRAT in a multi-stage campaign that relied on fake personas, a trojanized PDF viewer and compromised infrastructure, according to a technical analysis by Genians Security Center.
-
Critical Marimo flaw exploited within 10 hours of disclosure
A critical Marimo Python notebook flaw was exploited less than 10 hours after disclosure, with attackers gaining shell access and stealing credentials from a vulnerable instance in under three minutes, according to a technical analysis from Sysdig.
-
FBI, Indonesian Police Disrupt Global Phishing Network Using W3LL Toolkit
The FBI and Indonesian police dismantled infrastructure tied to a global phishing operation using the W3LL toolkit, seized domains and detained an alleged developer. Officials said the scheme targeted more than 17,000 victims in 2023 and 2024.
-
New VENOM phishing attacks target Microsoft logins of senior executives
A new phishing-as-a-service platform called VENOM has been targeting Microsoft credentials of senior executives since at least last November, using personalized lures, QR codes and methods that can capture session tokens.
-
UAT-10362 targets Taiwanese NGOs with Lua malware in spear-phishing campaign
A previously undocumented threat cluster called UAT-10362 has targeted Taiwanese NGOs and suspected universities with spear-phishing emails carrying Lua-based malware, according to Cisco Talos. The campaign uses DLL side-loading, geofencing and layered dropper tools.
-
Smart Slider update hijacked to push malicious WordPress and Joomla versions
Hackers hijacked the Smart Slider 3 Pro update system for WordPress and Joomla, pushing a malicious version that could create hidden admin accounts, install backdoors and steal credentials, according to the vendor and a technical analysis.
-
Eurail says December breach exposed data of 300,000 people
Eurail said a December 2025 breach exposed personal data from more than 300,000 people, including passport details and contact information. Users were told to reset passwords, watch for phishing and monitor bank accounts.
-
Adobe Reader zero-day exploited through malicious PDFs since December 2025
A technical analysis says attackers have abused a previously unknown Adobe Reader zero-day through malicious PDFs since at least December 2025. The files can run JavaScript, collect data and potentially deliver more payloads.
-
Atomic Stealer campaign abuses macOS Script Editor in ClickFix variation
A new macOS malware campaign is using Script Editor in a ClickFix-style attack to deliver Atomic Stealer, avoiding Terminal prompts and relying on fake Apple-themed pages that push users to run malicious code.
-
13-year-old ActiveMQ flaw lets attackers run commands remotely
Researchers found a 13-year-old remote code execution flaw in Apache ActiveMQ Classic that can let attackers run commands. The bug affects versions before 5.19.4 and some 6.x releases, and Apache has already released fixes.
