Researchers have uncovered a new cybercriminal toolkit called MatrixPDF, designed to transform normal PDF files into weapons for phishing and malware delivery. This toolkit lowers the barrier for attackers. In fact, it provides ready made templates that let even inexperienced hackers craft PDF lures capable of bypassing security filters. As a result, phishing campaigns become…
Instagram’s latest overhaul introduces PG-13-level restrictions for teen accounts. Under the update, users under 18 will have tighter filters, limited searches, and parental approval requirements for more open settings.
HackerOne has announced $81 million in bug bounty payouts over the past year, rewarding ethical hackers worldwide for reporting vulnerabilities across enterprise systems.
EndClient RAT arrives as a signed MSI named “StressClear.msi,” which abuses code-signing trust and SmartScreen gaps. The package decoys with a VeraPort component while an obfuscated AutoIt loader executes in memory, establishes the IoKlTr task, and opens a JSON-over-TCP C2. To reduce risk, restrict MSI installs, enforce SmartScreen blocking, instrument MSI→AutoIt lineage, and remove scheduled tasks used for persistence.
APT37 used stolen Google credentials to access Find Hub, check Android device locations, and trigger remote factory resets. The tactic lives in the cloud, not on the handset, so identity controls matter most. Enforce phishing-resistant MFA, restrict console actions, and rehearse rapid re-enrollment.
The PyPI “SoopSocks” package claims to be a SOCKS5 proxy solution but conceals backdoor capabilities, enabling attackers to control compromised systems remotely.
Abandoned apps, APIs, and identities keep resurfacing. Hunt them continuously, retire them completely, and verify they stay dead—before attackers exploit them.
BreachStars emerges as the latest reincarnation of BreachForums, pledging better infrastructure and security. However, rebooting a notorious hacker forum brings old challenges and new vulnerabilities.
Security researchers discovered that Huddle01, a decentralized video-call platform, exposed sensitive user data through an open Kafka server. The leak included email addresses, wallet IDs, and IP metadata raising privacy concerns for blockchain-linked users.
Google’s Project Zero team uncovered a method to bypass ASLR on Apple devices by exploiting NSDictionary’s JSON serialization behavior, potentially weakening memory protections.