News2025-11-20T18:59:28-05:00

The Latest News In Cyber Security

WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging

January 8th, 2026|News|

Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil. The campaign has been codenamed Boto Cor-de-Rosa by Acronis Threat Research Unit. "The malware retrieves the victim's WhatsApp contact list and automatically sends malicious messages to each contact to further

Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators

January 7th, 2026|News|

Security teams are still catching malware. The problem is what they're not catching. More attacks today don't arrive as files. They don't drop binaries. They don't trigger classic alerts. Instead, they run quietly through tools that already exist inside the environment — scripts, remote access, browsers, and developer workflows. That shift is creating a blind spot. Join us for a[...]

Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users

January 6th, 2026|News|

Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations alongside browsing data to servers under the attackers' control. The names of the extensions, which collectively have over 900,000 users, are below - Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI (ID:

Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government

January 5th, 2026|News|

The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver malicious ZIP archives. "This organization has continued to conduct high-intensity intelligence gathering activities against Ukrainian military and government departments in 2025," the 360 Threat Intelligence Center said in

Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia

January 2nd, 2026|News|

The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts. "The campaign employs deceptive delivery techniques, including a weaponized Windows shortcut (LNK) file masquerading as a legitimate PDF document

The ROI Problem in Attack Surface Management

January 2nd, 2026|News|

Attack Surface Management (ASM) tools promise reduced risk. What they usually deliver is more information.  Security teams deploy ASM, asset inventories grow, alerts start flowing, and dashboards fill up. There is visible activity and measurable output. But when leadership asks a simple question, “Is this reducing incidents?” the answer is often unclear.  This gap between effort and

Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign

January 2nd, 2026|News|

Cybersecurity researchers have disclosed details of a phishing campaign that involves the attackers impersonating legitimate Google-generated messages by abusing Google Cloud's Application Integration service to distribute emails. The activity, Check Point said, takes advantage of the trust associated with Google Cloud infrastructure to send the messages from a legitimate email address ("

ThreatsDay Bulletin: GhostAd Drain, macOS Attacks, Proxy Botnets, Cloud Exploits, and 12+ Stories

January 1st, 2026|News|

The first ThreatsDay Bulletin of 2026 lands on a day that already feels symbolic — new year, new breaches, new tricks. If the past twelve months taught defenders anything, it’s that threat actors don’t pause for holidays or resolutions. They just evolve faster. This week’s round-up shows how subtle shifts in behavior, from code tweaks to job scams, are rewriting[...]

Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack

December 31st, 2025|News|

Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets. "Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension[...]

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution

December 30th, 2025|News|

Vulnerability / Email Security The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691, carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code execution[...]

Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware

December 30th, 2025|News|

The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT (aka Winos 4.0). "This sophisticated attack leverages a complex kill chain involving DLL hijacking and the modular Valley RAT to ensure persistence," CloudSEK researchers Prajwal Awasthi and Koushik Pal said in[...]

⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More

December 29th, 2025|News|

Hacking News / Cybersecurity Last week's cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws resurfaced. New ones were used almost immediately. A common theme ran through it all in 2025. Attackers moved faster than fixes. Access[...]

Simplified Summary

This is our news page where we write about things. New articles appear daily.