6+ hour, 51+ min ago  (446+ words) Nozomi Networks Labs published critical research detailing three new vulnerabilities in the CODESYS Control runtime. When chained together, these security flaws allow an authenticated attacker with low-level privileges to replace a legitimate industrial control application with a backdoored version. Ultimately,…...

4+ hour, 19+ min ago  (465+ words) A newly uncovered npm malware campaign is targeting packages linked to Namastex Labs, abusing developer trust to steal sensitive secrets and silently spread across both npm and Py PI ecosystems. The malicious activity centers on Namastex. ai, a company that…...

4+ hour, 50+ min ago  (300+ words) Tenable has disclosed a high-severity security vulnerability in its Nessus Agent software for Windows that could allow attackers to execute malicious code with full SYSTEM-level privileges. The flaw, tracked as'CVE-2026-33694, has been patched in the newly released'Nessus Agent version 11. 1. 3. On…...

5+ hour, 44+ min ago  (692+ words) Vidar has evolved from a basic Arkei-based credential stealer into a'multi-stage, stealth-focused infostealer that now hides second'stage payloads within JPEG and TXT files to evade modern defenses. First observed in 2018, Vidar now operates as a mature Malware'as'a'Service (Maa S) with flexible…...

3+ hour, 56+ min ago  (309+ words) A previously unknown cyber sabotage framework called fast16, whose core components date back to 2005. This makes it the earliest known sabotage malware of its kind, predating the infamous Stuxnet worm by at least five years. The fast16 framework consists of two primary…...

5+ hour, 9+ min ago  (391+ words) The infection begins with a familiar Click Fix tactic: a phishing page disguised as a CAPTCHA verification prompt. Victims are instructed to press Win + R, paste a command, and execute it. This seemingly harmless action triggers a multi-stage attack chain…...

6+ hour, 38+ min ago  (369+ words) A recently discovered application called Vibing. exe has raised major privacy and security alarms after researchers caught it stealthily recording user screens and audio. Originally available on the Microsoft Store as an AI productivity interface, the app was pulled in…...

3+ day, 2+ hour ago  (207+ words) A critical security vulnerability has been identified in Hangzhou Xiongmai Technology's XM530 IP Cameras, putting countless commercial facilities at risk. This severe flaw allows remote attackers to bypass authentication protocols and access sensitive device information easily. The Cybersecurity and Infrastructure Security…...

3+ day, 1+ hour ago  (688+ words) Hackers are experimenting with a new Telegram'focused session stealer that hides in a Pastebin'hosted Power Shell script posing as a Windows telemetry update, giving defenders a rare view into how such tools are built and tested. The script does not…...

3+ day, 1+ hour ago  (144+ words) This group was previously linked to'Arcane Door, a state-sponsored espionage campaign uncovered in early 2024 that targeted network perimeter devices globally. Once inside a compromised device, UAT-4356 deployed a custom-built implant called'FIRESTARTER, according to a threat advisory published by Cisco Talos…...