VMware Tools & Aria Zero-Day Exploited for Root Access
Security researchers have identified a critical zero-day flaw (CVE-2025-41244) affecting VMware Tools and VMware Aria….
VMware Tools & Aria Zero-Day Exploited for Root Access
Security researchers have identified a critical zero-day flaw (CVE-2025-41244) affecting VMware Tools and VMware Aria. The bug enables local privilege escalation to root, a dangerous step in potential exploitation chains. The issue lies in service discovery mechanisms built into VMware, which allow guest and management systems to interact. Attackers are abusing this trust to escalate…
Malicious MCP Server Steals Secrets From Applications & Dev Environments
A malicious MCP server can exfiltrate API keys and sensitive data from applications, exposing how trust in developer frameworks can be abused.
EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations
EvilAI operators are hiding malware in legitimate-looking AI tools that appear functional and signed, enabling reconnaissance, browser data exfiltration, and encrypted C2 communication across global targets.
Ransomware Gang Tried to Recruit BBC Reporter for Media Hack
Hackers posing as Medusa agents tried to lure BBC’s Joe Tidy into facilitating a cyberattack, offering him 15–25% of ransom payouts in exchange for his laptop’s access to the network.
BreachForums Gets Rebooted as “BreachStars” New Admins, Old Warnings
BreachStars emerges as the latest reincarnation of BreachForums, pledging better infrastructure and security. However, rebooting a notorious hacker forum brings old challenges and new vulnerabilities.
How Attackers Poison AI Tools and Defenses
Threat actors are increasingly poisoning AI tools and assistants embedding dangerous prompts or corrupting the data they rely on to turn defenses against organizations.
Qualcomm’s Guardian Could Rival Intel vPro But Always-On Connectivity Raises Risks
Qualcomm’s Guardian aims to rival Intel vPro with always-on device control via built-in cellular connectivity, but the tradeoff may threaten privacy and trust.
Cybersecurity Newsletter Weekly, Chrome 0-Day, 22.2 Tbps DDoS Attack & More
A rapid cascade of cyber events Chrome zero-day, a record DDoS, Cisco IOS exploit, and Kali Linux upgrade highlight how threat activity keeps accelerating.
Trump Demands Microsoft Fire Global Affairs Chief Lisa Monaco Over Security Concerns
Trump urged Microsoft to fire Lisa Monaco, its head of global affairs, raising concerns over her revoked security clearance and history in DOJ investigations.
Apple Devices Vulnerable to ASLR Bypass Through JSON Serialization Trick
Google’s Project Zero team uncovered a method to bypass ASLR on Apple devices by exploiting NSDictionary’s JSON serialization behavior, potentially weakening memory protections.
