Research
-
Microsoft warns of surge in ACR Stealer attacks on enterprise customers
Microsoft said ACR Stealer attacks rose against enterprise customers between late April and mid-June. The malware used ClickFix, WebDAV, MSHTA and other tools to steal browser data and sensitive files.
-
Public exploits published for critical WordPress core flaws, patch urged
Public exploits are now circulating for critical WordPress core flaws that can chain into unauthenticated remote code execution. Site owners are being urged to update to WordPress 6.9.5 or 7.0.2 immediately.
-
RedWing Android malware sold on Telegram as bank-fraud service
RedWing is a Telegram-rented Android malware service that researchers say can steal banking logins, one-time codes and other data, with 82 targeted institutions identified and a strong focus on Russian financial firms.
-
Google Dialogflow CX flaw could have exposed chats across agents
Google fixed a Dialogflow CX flaw that could have let an attacker with edit access to one agent read conversations and influence other Code Block-enabled agents in the same Cloud project. Varonis reported no signs of real-world abuse.
-
Fake IT support calls on Microsoft Teams push EtherRAT malware
Threat actors are using Microsoft Teams voice calls to impersonate IT support and push EtherRAT malware, according to a Unit 42 technical analysis. The campaign combines phishing emails, remote-access tools and a Node.js loader.
-
GitHub agentic workflow flaw could expose private repositories, researchers say
Researchers say a prompt injection flaw in GitHub Agentic Workflows could let attackers use a public issue to pull data from private repositories without stealing an account or exploiting software vulnerabilities.
-
Iran-linked hackers use new Cavern C2 against Israeli targets
Iran-linked hackers used a new modular command and control framework called Cavern against Israeli organizations, according to Check Point Research. The activity relied on DLL side loading, service-provider trust chains and multiple post-exploitation modules.
-
Researchers link Microsoft device code phishing campaign to reusable DEBULL tooling
Researchers say a June and July Microsoft 365 device code phishing campaign used collaboration-themed lures, a compromised website and reusable DEBULL tooling to hijack accounts through Microsoft’s legitimate sign-in flow.
-
Linux KVM flaw lets guest VM corrupt host memory after 16 years undetected
A Linux KVM use-after-free flaw tracked as CVE-2026-53359 can let a guest VM crash the host, and a withheld exploit is said to reach host code execution on x86 systems with nested virtualization enabled.
-
Suspected China-linked hackers target Indian taxpayers with tax-themed malware campaign
A suspected China-nexus campaign targeted Indian taxpayers and finance teams with tax-themed phishing emails, using fake government lures to deliver DCRat and other malware during the country’s income tax filing season.








