Despite enabling safety filters, child accounts on TikTok have received explicit content suggestions via search. This investigation reveals algorithmic failures and urges stronger oversight for youth protection.
Detour Dog has transitioned into DNS-powered malware operations. Its latest campaign distributes Strela Stealer through TXT-encoded commands and modular backdoors. This evolution marks a new wave of protocol abuse challenging traditional network defense.
A major rat campaign disguised as the Minecraft mod “Nursultan Client” is compromising gamers via a Python-based Trojan using Telegram bot infrastructure. This tool steals browser tokens, captures webcams, and uses a gamified lure to breach systems and security teams need to view gaming endpoints as serious risk zones.
Hackers are conducting mass exploitation campaigns against outdated WordPress plugins, allowing remote code execution and full site compromise. This attack wave highlights the urgent need for timely updates and plugin security hygiene.
The Lazarus Group launched a sophisticated social-engineering campaign targeting European unmanned aerial vehicle (UAV) manufacturers via fake job offers to steal intellectual property and design data. Understanding the “Operation DreamJob” method, infection chain and mitigation is critical for defense supply-chain security.
Gootloader is active again. Attackers poison search results for legal templates, hide content with glyph-mapped fonts, and ship malformed ZIP files that drop JavaScript. The post-compromise tempo increases, so defenders must harden browsers, restrict scripts, and tune detections now.
A new ClickFix-style attack abuses Grok and ChatGPT to deliver malware by convincing users to run malicious commands disguised as troubleshooting advice. This article explains how the attack works and how defenders can detect and prevent it.
The newly discovered ClayRat Android spyware represents one of 2025’s most sophisticated state-sponsored mobile espionage tools. Designed to collect device data, intercept communications, and monitor app activity, ClayRat’s discovery highlights how Android remains a prime target in global intelligence operations.
Apple has expanded its bug bounty program to reward researchers up to $2 million for zero-click exploit chains. Bonuses for Lockdown Mode bypasses and beta findings may push payouts even higher.
Sprout is a Rust-based UEFI bootloader that pursues sub-second startup and data-driven policy. It reduces drift, speeds rollbacks, and clarifies failure modes. Secure-boot enablement is underway; teams should pilot now, prepare key management, and align firmware updates for a smooth transition to verified and measured boot.