Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks
A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence mechanisms and leverages Ethereum smart contracts for communication with the attacker. Researchers at cloud security company Sysdig believe that the malware aligns with North Korea’s tools used in Contagious Interview campaigns. They recovered EtherRAT from a compromised Next.js application […]
Ransomware IAB abuses EDR for stealthy malware execution
An initial access broker tracked as Storm-0249 is abusing endpoint detection and response solutions and trusted Microsoft Windows utilities to load malware, establish communication, and persistence in preparation for ransomware attacks. The threat actor has moved beyond mass phishing and adopted stealthier, more advanced methods that prove effective and difficult for defenders to counter, even if well documented. In […]
Ransomware gangs turn to Shanya EXE packer to hide EDR killers
Multiple ransomware gangs are using a packer-as-a-service platform named Shanya to help them deploy payloads that disable endpoint detection and response solutions on victim systems. Packer services provide cybercriminals with specialized tools to package their payloads in a way that obfuscates malicious code to evade detection by most known security tools and antivirus engines. The Shanya packer […]
Malicious VSCode extensions on Microsoft’s registry drop infostealers
Two malicious extensions on Microsoft’s Visual Studio Code Marketplace infect developers’ machines with information-stealing malware that can take screenshots, steal credentials, crypto wallets, and hijack browser sessions. The marketplace hosts extensions for the popular VSCode integrated development environment (IDE) to extend functionality or add customization options. The two malicious extensions, called Bitcoin Black and Codo […]
FinCEN says ransomware gangs extorted over $2.1B from 2022 to 2024
A new report by the Financial Crimes Enforcement Network (FinCEN) shows that ransomware activity peaked in 2023 before falling in 2024, following a series of law enforcement actions targeting the ALPHV/BlackCat and LockBit ransomware gangs. From thousands of Bank Secrecy Act filings, the report documents 4,194 ransomware incidents between January 2022 and December 2024. These reports […]
Poland arrests Ukrainians utilizing ‘advanced’ hacking equipment
The police in Poland arrested three Ukrainian nationals for allegedly attempting to damage IT systems in the country using hacking equipment and for obtaining “computer data of particular importance to national defense.” The three men, aged between 39 and 43, could not explain why they were carrying the electronic devices. They now face charges of fraud, computer […]
Google Chrome adds new security layer for Gemini AI agentic browsing
Google is introducing in the Chrome browser a new defense layer called ‘User Alignment Critic’ to protect upcoming agentic AI browsing features powered by Gemini. Agentic browsing is an emerging mode in which an AI agent is configured to autonomously perform for the user multi-step tasks on the web, including navigating sites, reading their content, […]
Portugal updates cybercrime law to exempt security researchers
Portugal has modified its cybercrime law to establish a legal safe harbor for good-faith security research and to make hacking non-punishable under certain strict conditions. First spotted by Daniel Cuthbert, a new provision in Article 8.o-A, titled “Acts not punishable due to public interest in cybersecurity,” provides a legal exemption for actions that previously were classified as illegal system […]
React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable
Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised over 30 organizations across multiple sectors. React2Shell is an unauthenticated remote code execution vulnerability that can be exploited via a single HTTP request and affects all frameworks that implement React […]
New wave of VPN login attempts targets Palo Alto GlobalProtect portals
A campaign has been observed targeting Palo Alto GlobalProtect portals with login attempts and launching scanning activity against SonicWall SonicOS API endpoints. The activity started on December 2nd and originated from more than 7,000 IP addresses from infrastructure operated by the German IT company 3xK GmbH, which runs its own BGP network (AS200373) and operates as […]