Fake VPNs: because regular phishing apparently wasn’t enough Microsoft detailed a campaign by Storm-2561 that used SEO poisoning and fake software sites to push trojanised VPN clients. Victims searching for legitimate enterprise VPN tools were redirected to malicious ZIP files and MSI installers, in some cases hosted via GitHub, that masqueraded as trusted products. The […]
GlassWorm Supply-Chain Attack Abuses Open VSX Extensions A new phase of the GlassWorm campaign abused 72 malicious Open VSX extensions and affected 151 GitHub repositories, targeting developers through software supply-chain channels. Researchers said the attackers escalated their tactics by abusing extensionPack and extensionDependencies, allowing seemingly harmless extensions to later pull in malicious ones after trust […]
ClickFix Campaigns Spread MacSync on macOS Researchers found three ClickFix campaigns pushing a macOS infostealer called MacSync via fake AI and developer tool installers. Rather than exploiting a software flaw, the attacks rely on users copying and running malicious Terminal commands from convincing setup pages hosted on legitimate platforms such as Cloudflare Pages, Squarespace, and […]
Apple Fixes Exploited Zero-Day Affecting iOS, macOS and More Apple has released security updates to address an actively exploited zero-day vulnerability, tracked as CVE-2026-20700, affecting iOS, iPadOS, macOS, tvOS, watchOS and visionOS. The flaw exists within Apple’s Dynamic Link Editor (dyld), a core system component responsible for loading libraries. Successful exploitation could allow arbitrary code […]
BeyondTrust Vulnerability Exploited — Remote Access Tools in the Crosshairs Security researchers have identified active exploitation of a critical vulnerability affecting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) solutions. The flaw, rated CVSS 9.9, allows unauthenticated remote code execution via specially crafted requests. Attackers have been observed extracting session values and establishing WebSocket […]
Microsoft Warns of DNS-Based ClickFix Attack Using Nslookup Microsoft has disclosed a new variant of the ClickFix social engineering attack that abuses DNS and the Windows nslookup utility to deliver malware. Instead of relying on traditional web downloads, attackers trick victims into running DNS queries that retrieve encoded malicious payloads. The technique allows threat actors […]
New Chrome Zero-Day (CVE-2026-2441) Under Active Exploitation Google has released an emergency security update to address CVE-2026-2441, a high-severity zero-day vulnerability in Chrome that is being actively exploited in the wild. The flaw stems from a use-after-free bug in the browser’s CSS engine, which can allow attackers to execute arbitrary code by tricking users into […]
New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft Security researchers have uncovered a new mobile spyware platform called ZeroDayRAT, actively marketed on Telegram to cybercriminals. The malware targets both Android and iOS devices and offers real-time surveillance capabilities, including location tracking, keystroke logging, SMS interception, microphone and camera access, and credential harvesting. It […]
Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers A new academic study looked at popular cloud-based password managers — including Bitwarden, Dashlane, and LastPass — to see if their “zero-knowledge” encryption held water when sent on rough seas. Researchers found 25 distinct attack vectors tied to password recovery and vault logic. Under […]
