Security researchers have identified a critical zero-day flaw (CVE-2025-41244) affecting VMware Tools and VMware Aria. The bug enables local privilege escalation to root, a dangerous step in potential exploitation chains. The issue lies in service discovery mechanisms built into VMware, which allow guest and management systems to interact. Attackers are abusing this trust to escalate…
EvilAI operators are hiding malware in legitimate-looking AI tools that appear functional and signed, enabling reconnaissance, browser data exfiltration, and encrypted C2 communication across global targets.
A sophisticated cyber campaign used DLL side‑loading to deliver a hybrid PlugX variant and the Bookworm backdoor to telecom and ASEAN networks, revealing renewed tactics by China‑linked threat actors.
A targeted malvertising campaign redirected users from Bing to a fake Teams download site, where a signed MSTeamsSetup.exe installed the Oyster backdoor — blocked just in time by Microsoft Defender ASR.
TikTok’s future in the United States is undergoing a dramatic shift. Under a new deal, the app’s powerful recommendation algorithm will be retrained exclusively on U.S. user data, with a consortium of American investors taking control. While framed as a national security safeguard, experts warn the move could reshape TikTok’s content, amplify political influence, and…
Airports in Copenhagen and Oslo faced unexpected disruptions this weekend after drones were spotted near their airspace. With both airports temporarily halting flights, the incidents highlight growing concerns over drone misuse and the potential risks to aviation, national security, and public safety Drone Disruption in Copenhagen Copenhagen Airport, one of Scandinavia’s busiest hubs, suspended air…