2+ hour, 1+ min ago  (308+ words) According to threat intelligence reports from Seqrite, the campaign culminates in the deployment of a customized Xeno RAT 1. 8. 7 implant that beacons to bulletproof European infrastructure. The attack sequence opens with a ZIP archive containing a malicious LNK file. Threat actors…...

3+ hour, 6+ min ago  (456+ words) Google has officially made Device Bound Session Credentials (DBSC) generally available for the Chrome browser on Windows. This architectural upgrade delivers a robust defense mechanism against one of the most pervasive threats in the modern cybersecurity landscape: session cookie theft…...

2+ day, 2+ hour ago  (337+ words) Microsoft has issued a strong warning to the cybersecurity community following a recent surge in publicly disclosed zero-day vulnerabilities without prior coordination. According to the Microsoft Security Response Center (MSRC), several vulnerabilities were disclosed without prior notification to Microsoft, leaving…...

1+ day, 2+ hour ago  (598+ words) Zapocalypse" is a newly disclosed attack chain that shows how attackers could have abused Zapier's Code by Zapier" feature to move from a single sandboxed Python step to a potential full-scale Zapier account takeover. The result was a realistic path…...

1+ day, 4+ hour ago  (342+ words) Carnival Corporation has disclosed a significant data breach impacting approximately 5. 99 million individuals, raising serious concerns about data security within the global travel and hospitality sector. The incident, officially reported to the Maine Attorney General's office, involved unauthorized access to sensitive…...

1+ day, 5+ min ago  (323+ words) Git Lab has released patch versions 19. 0. 1, 18. 11. 4, and 18. 10. 7 to fix seven security issues affecting Git Lab CE and EE, including Duo AI workflow runner access control, a Wiki denial-of-service flaw, and several authorization bugs across Graph QL, Duo Workflows, Operations, Pipelines,…...

20+ hour, 20+ min ago  (500+ words) A newly analyzed ransomware strain, "The Gentlemen," is raising concern among security researchers due to its ability to combine strong encryption with aggressive lateral movement. What makes this threat particularly dangerous is its use of SYSTEM-level scheduled tasks to encrypt…...

22+ hour, 32+ min ago  (562+ words) A newly discovered malicious Nu Get package disguised as a legitimate Sicoob software development kit (SDK) has been caught exfiltrating sensitive banking credentials, highlighting a dangerous evolution in software supply chain attacks. Security researchers from Socket revealed that the package,…...

1+ day, 4+ hour ago  (862+ words) A malicious fake RVTools installer is abusing a legitimately issued Sectigo code'signing certificate to slip past Microsoft Defender Smart Screen and many endpoint controls, ultimately deploying a multi'stage Python'based RAT with deep AD reconnaissance and persistent C2 access. For VMware'heavy environments,…...

1+ day, 3+ hour ago  (444+ words) A newly uncovered supply chain attack is leveraging a legitimate-looking developer tool, codexui-android, to silently steal Open AI Codex authentication tokens, highlighting a growing trend where threat actors build credible software to mask malicious intent. Unlike typical typosquatting or disposable…...