GrayBravo’s modular loader, CastleLoader, now powers four distinct threat clusters targeting logistics, travel, and enterprise users a clear sign of rapid MaaS expansion and rising risk for global organizations.
GlassWorm is the first known self-propagating worm targeting developer environments by infecting VS Code extensions with hidden Unicode payloads. Once installed, it steals credentials from NPM, GitHub and Git, and upgrades machines into proxy nodes and part of a distributed criminal infrastructure. It uses a blockchain-based command and control mechanism and auto-updates to spread across the developer ecosystem. In this article, we dissect how GlassWorm works, what makes it a paradigm shift in supply-chain attacks, and what organisations must do to detect and contain it before their dev workstations become weaponised.
Grafana Enterprise patched a critical CVSS 10.0 SCIM vulnerability, CVE-2025-41115, that allowed attackers to impersonate privileged users through numeric external IDs. Learn how the flaw worked, which versions were affected, and what steps security teams must take to secure Grafana deployments.
Parrot OS 7.0 delivers a stability-focused update for security professionals, refining penetration testing tools, system performance, and privacy features while maintaining a practical, research-driven Linux environment.
A California jury ordered Apple to pay Masimo $634 million for infringing a blood-oxygen monitoring patent in Apple Watch models. The verdict raises stakes in a yearslong fight over health-sensor IP, ITC import bans, and Apple’s wearable roadmap.
Cybersecurity researchers have uncovered a new form of supply chain attack hidden within the npm ecosystem. A malicious npm package was discovered embedding malware inside steganographic QR codes, a technique designed to slip past traditional security defenses. The attack highlights growing risks in opensource software dependencies and developer tools How the Malware Works The compromised…
A Redis vulnerability (CVE-2025-23345) active for 13 years exposes servers to remote code execution. Rated CVSS 10.0, it affects millions of instances.
A new ClickFix-style attack abuses Grok and ChatGPT to deliver malware by convincing users to run malicious commands disguised as troubleshooting advice. This article explains how the attack works and how defenders can detect and prevent it.
Threat actors now pair generative AI with trusted cloud apps to breach manufacturing. They deliver malware through OneDrive/GitHub, steal API keys and tokens, and persist via OAuth consent. Without governed AI usage, Cloud DLP, and consent controls, factories face quiet IP theft and escalating downtime risks.
Security researchers have identified a critical zero-day flaw (CVE-2025-41244) affecting VMware Tools and VMware Aria. The bug enables local privilege escalation to root, a dangerous step in potential exploitation chains. The issue lies in service discovery mechanisms built into VMware, which allow guest and management systems to interact. Attackers are abusing this trust to escalate…