News
-
Researchers: Russian-linked group used Hyper-V to hide Alpine VM and bypass endpoint security
Bitdefender and Georgia CERT say Curly COMrades abused Hyper-V to run a hidden Alpine VM hosting custom implants CurlyShell and CurlCat, bypassing endpoint security and using host networking to mask malicious traffic; researchers published IoCs on GitHub.
-
Swedish privacy authority opens probe after Miljödata cyberattack that exposed up to 1.5 million people
Sweden’s privacy authority is investigating a cyberattack on Miljödata that exposed data tied to up to 1.5 million people. The breach disrupted municipal services, was posted on the dark web by the Datacarry group, and appears in Have I Been Pwned with roughly 870,000 affected records; IMY has prioritised probes of Miljödata and several municipalities.
-
Nikkei says Slack breach exposed personal information of more than 17,000 users
Nikkei said a Slack compromise exposed names, email addresses and chat histories for 17,368 people after attackers used credentials stolen from a malware-infected employee computer; the publisher voluntarily notified Japan’s data protection regulator and said no source-related material was affected.
-
Critical authentication bypass in JobMonster WordPress theme exploited, users urged to patch
A critical authentication bypass (CVE-2025-5397) in the JobMonster WordPress theme is being actively targeted; Wordfence blocked multiple attempts. The flaw affects versions up to 4.8.1, requires social login to be enabled, and was fixed in version 4.8.2. Administrators should update or disable social login and enable two-factor authentication.
-
Google AI agent Big Sleep credited with finding five WebKit bugs in Safari; Apple issues patches
Apple credited Google’s AI agent Big Sleep with finding five WebKit vulnerabilities affecting Safari that could cause crashes or memory corruption; Apple issued patches in iOS 26.1, macOS Tahoe 26.1, tvOS 26.1, watchOS 26.1, visionOS 26.1 and Safari 26.1 and urged users to update.
-
Malicious Open VSX extension delivers SleepyDuck RAT and uses Ethereum contract for fallback control
Researchers warned that a malicious Open VSX extension, juan-bianco.solidity-vlang, installs a SleepyDuck remote access trojan that uses an Ethereum smart contract and a fallback RPC mechanism to update its command-and-control details.
-
North Korea‑linked Kimsuky uses HttpTroy backdoor in spear‑phishing attack on South Korea
Security vendor Gen Digital said DPRK‑linked Kimsuky used a ZIP‑based spear‑phishing lure to deliver a three‑stage malware chain culminating in a new HttpTroy backdoor that provides extensive remote control and uses layered obfuscation.
-
Europol urges coordinated EU response as caller ID spoofing drives phone and text fraud
Europol says caller ID spoofing is driving much of Europe’s phone and text fraud, estimating EUR 850 million in annual losses and calling for EU-wide technical standards, an international traceback system and aligned legal frameworks to improve cross-border investigations.
-
Australia warns of ongoing BADCANDY attacks on unpatched Cisco IOS XE devices
The Australian Signals Directorate warned of ongoing attacks using a Lua-based web shell called BADCANDY that exploits CVE-2023-20198 in unpatched Cisco IOS XE devices, estimated to have affected about 400 devices in Australia since July 2025 and urging patching and hardening measures.
-
China-linked Tick group exploits Lanscope flaw to deploy Gokcpdoor backdoor
A critical Lanscope Endpoint Manager flaw (CVE-2025-61932, CVSS 9.3) has been exploited by the Tick espionage group to deploy a Gokcpdoor backdoor and other tooling, with JPCERT/CC confirming active abuse and researchers advising prompt patching and review of internet-exposed servers.
