Chinese APT Infects Routers to Hijack Software Updates – Dark Reading
A unique take on the software update gambit has allowed “PlushDaemon” to evade attention as it mostly targets Chinese organizations. – Read More
Cyber
Same Old Security Problems: Cyber Training Still Fails Miserably – Dark Reading
Editors from Dark Reading, Cybersecurity Dive, and TechTarget Search Security break down the depressing state of cybersecurity awareness campaigns and how organizations can overcome basic struggles with password hygiene and…
Fortinet criticized for ‘silent’ patching after disclosing second zero-day vulnerability in same equipment – CSO Online
Only days after Fortinet was criticized by researchers for ‘silently’ patching a zero-day vulnerability without informing its customers, it has emerged that it did the same for a second zero-day…
Mozilla Says It’s Finally Done With Two-Faced Onerep – Krebs on Security
In March 2024, Mozilla said it was winding down its collaboration with Onerep — an identity protection service offered with the Firefox web browser that promises to remove users from…
ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet – The Hacker News
Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework to turn infected clusters with NVIDIA GPUs into a self-replicating…
‘Matrix Push’ C2 Tool Hijacks Browser Notifications for Phishing – Dark Reading
Have you ever given two seconds of thought to a browser notification? No? That’s what hackers are counting on. – Read More
Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows – The Hacker News
Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that’s targeting Windows users. Active since mid-2025, the threat is designed to execute arbitrary JavaScript code retrieved from a…
WhatsApp ‘Eternidade’ Trojan Self-Propagates Through Brazil – Dark Reading
The infostealer specifically targets Brazilian Portuguese speakers and combines malware designed to phish banking credentials and steal data, a worm, and some uniquely Brazilian quirks. – Read More
API-Exploit für AI-Browser Comet entdeckt – CSO Online
Sicherheitsforscher haben einen API-Exploit für den KI-Browser Comet offengelegt. Fajri Mulia Hidayat – shutterstock.com Der Security-Anbieter SquareX hat eine bisher nicht dokumentierte API innerhalb des KI-Browsers Comet offengelegt. Damit können…
3 ways CISOs can win over their boards this budget season – CSO Online
As the year comes to a close, CISOs are already deep into building next year’s cybersecurity budget. That’s a difficult task in itself — yet the most challenging part of…
ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves – The Hacker News
This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we’ve seen arrests, spies at work, and big power moves…
China‑linked PlushDaemon hijacks DNS via ‘EdgeStepper’ to weaponize software updates – CSO Online
PlushDaemon, a China-linked APT group, has been deploying a previously undocumented network implant dubbed EdgeStepper to hijack DNS traffic on compromised network devices. According to findings disclosed by ESET researchers,…
CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat – The Hacker News
CTM360 has identified a rapidly expanding WhatsApp account-hacking campaign targeting users worldwide via a network of deceptive authentication portals and impersonation pages. The campaign, internally dubbed HackOnChat, abuses WhatsApp’s familiar…
New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices – The Hacker News
Cybersecurity researchers have disclosed details of a new Android banking trojan called Sturnus that enables credential theft and full device takeover to conduct financial fraud. “A key differentiator is its…
Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt – The Hacker News
Threat actors with ties to Iran engaged in cyber warfare as part of efforts to facilitate and enhance physical, real-world attacks, a trend that Amazon has called cyber-enabled kinetic targeting.…