A sophisticated cyber campaign used DLL side‑loading to deliver a hybrid PlugX variant and the Bookworm backdoor to telecom and ASEAN networks, revealing renewed tactics by China‑linked threat actors.
Instagram’s latest overhaul introduces PG-13-level restrictions for teen accounts. Under the update, users under 18 will have tighter filters, limited searches, and parental approval requirements for more open settings.
A new XCSSET malware variant for macOS introduces a clipboard hijacker to steal cryptocurrency and expands to Firefox browser data theft. Security researchers warn developers to inspect Xcode projects and apply strong defenses against this evolving threat.
Huawei confirmed a data breach stemming from a compromised vendor system, exposing partner and employee records. Security experts warn of new supply-chain risks.
Researchers discovered a zero-day in Zimbra webmail where malicious JavaScript injected into .ICS calendar files executes within session context — allowing attackers to steal emails, credentials, and forward mail.
Ukraine’s CERT-UA has warned that CabinetRAT backdoor malware is being actively deployed in cyber espionage campaigns targeting government and critical networks.
Qualcomm’s Guardian aims to rival Intel vPro with always-on device control via built-in cellular connectivity, but the tradeoff may threaten privacy and trust.
A former general manager at a top-tier cyber-weapons developer faces criminal charges after allegedly stealing eight trade secrets between 2022 and 2025 and selling them to a Russian buyer. The case underscores serious risks to national security, supply-chain oversight, and insider threat policies across the defense-cyber industry.
A critical zero-day vulnerability in Gladinet’s CentreStack file-sharing software is being actively exploited by attackers, allowing full remote system access and potential data exfiltration. Enterprises are urged to apply temporary mitigations until an official patch becomes available.
A targeted malvertising campaign redirected users from Bing to a fake Teams download site, where a signed MSTeamsSetup.exe installed the Oyster backdoor — blocked just in time by Microsoft Defender ASR.