Gootloader is active again. Attackers poison search results for legal templates, hide content with glyph-mapped fonts, and ship malformed ZIP files that drop JavaScript. The post-compromise tempo increases, so defenders must harden browsers, restrict scripts, and tune detections now.
A new Android SMS stealer campaign is spreading across Uzbekistan, using deceptive apps to capture messages and authentication codes. The attack highlights fast-evolving mobile threats and the need for stronger device security.
A California jury ordered Apple to pay Masimo $634 million for infringing a blood-oxygen monitoring patent in Apple Watch models. The verdict raises stakes in a yearslong fight over health-sensor IP, ITC import bans, and Apple’s wearable roadmap.
Security researchers have identified a critical zero-day flaw (CVE-2025-41244) affecting VMware Tools and VMware Aria. The bug enables local privilege escalation to root, a dangerous step in potential exploitation chains. The issue lies in service discovery mechanisms built into VMware, which allow guest and management systems to interact. Attackers are abusing this trust to escalate…
Ukraine’s CERT-UA has warned that CabinetRAT backdoor malware is being actively deployed in cyber espionage campaigns targeting government and critical networks.
Intelliloan has notified customers of a March 2025 hack that exposed sensitive PII such as Social Security numbers, driver’s licenses, and financial data across its systems.
Federal authorities dismantled the ShinyHunters group’s Salesforce-branded extortion site, marking a major victory against cybercrime networks that traded in stolen corporate data and customer credentials.
Researchers have uncovered a new cybercriminal toolkit called MatrixPDF, designed to transform normal PDF files into weapons for phishing and malware delivery. This toolkit lowers the barrier for attackers. In fact, it provides ready made templates that let even inexperienced hackers craft PDF lures capable of bypassing security filters. As a result, phishing campaigns become…
Security teams should treat the recent spike in login traffic against GlobalProtect portals as a serious alarm. Between November 14 and 19, 2025, threat-intelligence sensors logged roughly 2.3 million sessions hitting the /global-protect/login.esp endpoint on PAN-OS and GlobalProtect gateways. That represents a nearly 40× increase in daily scan volume, hitting the highest level seen in…
Threat actors now pair generative AI with trusted cloud apps to breach manufacturing. They deliver malware through OneDrive/GitHub, steal API keys and tokens, and persist via OAuth consent. Without governed AI usage, Cloud DLP, and consent controls, factories face quiet IP theft and escalating downtime risks.