17 Jul, 2026

New Atroposia malware comes with a local vulnerability scanner

A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning. The malware is available for a $200 monthly subscription that unlocks advanced features such as hidden remote desktop, file system control, data exfiltration, clipboard theft, credential theft, cryptocurrency wallet theft, […]

3 mins read

New Herodotus Android malware fakes human typing to avoid detection

A new Android malware family, Herodotus, uses random delay injection in its input routines to mimic human behavior on mobile devices and evade timing-based detection by security software. Herodotus, according to Threat Fabric, is offered as a malware-as-a-service (MaaS) to financially motivated cybercriminals, believed to be the same operators behind Brokewell. Although the malware is still […]

3 mins read

Google disputes false claims of massive Gmail data breach

Google was once again forced to announce that it had not suffered a data breach after numerous news outlets published sensational stories about a fake breach that purportedly exposed 183 million accounts. This claim began over the weekend and into today, with news stories claiming that millions of Gmail accounts were breached, with some outlets saying it […]

4 mins read

X: Re-enroll 2FA security keys by November 10 or get locked out

X is warning that users must re-enroll their security keys or passkeys for two-factor authentication (2FA) before November 10 or they will be locked out of their accounts until they do so. In a series of posts on X, the company says this change only affects users who use passkeys or hardware-based security keys, such as […]

2 mins read

Ransomware profits drop as victims stop paying hackers

The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers’ demands. With some exceptions, the decline in payment resolution rates continues the trend that Coveware has observed for the past six years. In the first quarter of 2024, the payment percentage was […]

2 mins read

QNAP warns of critical ASP.NET flaw in its Windows backup software

QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company’s NetBak PC Agent, a Windows utility for backing up data to a QNAP network-attached storage (NAS) device. Tracked as CVE-2025-55315, this security bypass flaw was found in the Kestrel ASP.NET Core web server and enables attackers with low privileges to hijack […]

2 mins read

Italian spyware vendor linked to Chrome zero-day attacks

A zero-day vulnerability in Google Chrome, exploited in Operation ForumTroll earlier this year, delivered malware linked to Italian spyware vendor Memento Labs, born after IntheCyber ​​Group acquired the infamous Hacking Team. Operation ForumTroll was uncovered by Kaspersky in March. The campaign targeted Russian organizations – media outlets, universities, research centers, government organizations, and financial institutions, with well-crafted invitations […]

3 mins read

CISA orders feds to patch Windows Server WSUS flaw used in attacks

The Cybersecurity and Infrastructure Security Agency (CISA) ordered U.S. government agencies to patch a critical-severity Windows Server Update Services (WSUS) vulnerability after adding it to its catalog of security flaws exploited in attacks. Tracked as CVE-2025-59287, this actively exploited, potentially wormable remote code execution (RCE) vulnerability affects Windows servers with the WSUS Server role (a feature […]

3 mins read

New CoPhish attack steals OAuth tokens via Copilot Studio agents

A new phishing technique dubbed ‘CoPhish’ weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains. The technique was developed by researchers at Datadog Security Labs, who warned in a report earlier this week that Copilot Studio’s flexibility introduces new, undocumented phishing risks. Although CoPhish relies on social […]

5 mins read

Hackers steal Discord accounts with RedTiger-based infostealer

Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information. The malware can also steal credentials stored in the browser, cryptocurrency wallet data, and game accounts. RedTiger is a Python-based penetration testing suite for Windows and Linux that bundles options for scanning networks and cracking […]

2 mins read