Leaked Shellter Elite Copy Fuels New Wave of Infostealer Attacks
From Test-Lab Helper to Criminal Workhorse A security tool that was meant to help ethical hackers has slipped into the wrong hands. Shellter Elite, a commercial framework designed to let red-teamers hide test payloads from antivirus and endpoint protection, is now turning up inside real-world…
0 Comments5 Minutes
Google Ordered to Pay $314 Million for Quietly Using Android Users’ Mobile Data
Jury Says Background Data Use Broke California Law A jury in San Jose, California, has told Google to hand over roughly $314 million after deciding the company tapped into Android users’ mobile-data plans without permission. The verdict, delivered at the close of a month-long trial that began on…
0 Comments6 Minutes
Two Bugs in Sudo Let Regular Users Gain Root Access
A Routine Tool Under the Microscope Sudo is one of those command-line helpers that most Linux and Unix administrators install and forget. It lets anyone with the right entry in the /etc/sudoers file perform system tasks that normally need super-user rights, all while keeping a clear audit trail.…
0 Comments6 Minutes
“NightEagle” Hackers Exploit Fresh Microsoft Exchange Weakness
Researchers spot fast-moving group at CYDES 2025 Security investigators from the RedDrip Team at Chinese cybersecurity giant QiAnXin have unmasked a previously unreported advanced-persistent-threat (APT) crew they have dubbed “NightEagle,” also tracked as APT-Q-95. The team laid out its findings…
0 Comments5 Minutes
North Korean Hackers Write Nim-Based Malware to Breach Web3 Companies
A Fresh Mac Threat: NimDoor Security researchers at SentinelOne have uncovered a new malware toolkit, nicknamed NimDoor, that highlights how North Korean hacking crews keep reinventing themselves. Unlike many Mac threats, the malicious code is written in the Nim programming language and relies on…
0 Comments6 Minutes
nOAuth: A Two-Year-Old Entra ID Loophole Still Lets Attackers Take Over
New survey shows nearly one in ten Microsoft-linked SaaS apps can be hijacked A fresh investigation by identity-security firm Semperis has reignited concern about a weakness first publicised in mid-2023 and nicknamed nOAuth. The company examined 104 cloud software products that let customers sign…
0 Comments5 Minutes
Cisco Rushes to Fix Two “Perfect-Score” Flaws in Identity Services Engine
What Makes ISE So Important Cisco Identity Services Engine, better known as ISE, sits at the heart of many company networks. It decides who or what can log in, which devices may join the Wi-Fi, and whether a user can reach a sensitive server. If ISE goes down or is taken over, an attacker…
0 Comments5 Minutes
Critical flaw in Open VSX Registry patched after researchers warn of supply-chain danger
Attack vector could have handed over the whole extension market An Israeli security outfit has revealed that an error buried deep in the automation scripts of the Open VSX Registry might have let criminals hijack every Visual Studio Code extension distributed through the popular open-source…
0 Comments6 Minutes
New Linux Privilege-Escalation Chain Gives Attackers Instant Root Access
Two Bugs, One Exploit Chain Security specialists at Qualys have revealed a pair of vulnerabilities that—when combined—let any logged-in user jump from a normal account to full administrator rights on many mainstream Linux distributions. The first flaw, CVE-2025-6018, sits inside the Pluggable…
0 Comments5 Minutes
Fake GitHub Projects Hides Malicious Code, Researchers Warn
Banana Squad Returns With a Fresh Batch of Booby-Trapped Repositories Security analysts at ReversingLabs say they have uncovered a new surge of activity by a group they call Banana Squad. The actors have opened and maintained more than 67 GitHub projects that pretend to contain handy Python hacking…
0 Comments6 Minutes