Interlock Hackers Turn to FileFix and a PHP-Based RAT in Their Latest Campaign
Booby-Trapped Websites Funnel Unsuspecting Visitors Into FileFix’s Trap Researchers from The DFIR Report and Proofpoint say the crew behind the Interlock ransomware operation has shifted tactics once again, swapping its Node.js remote-access trojan for a new PHP rewrite and delivering it through a…
0 Comments6 Minutes
Fortinet Rushes Out Emergency Patch for Severe FortiWeb Flaw
A simple mistake with big consequences Fortinet has pushed an urgent update for its FortiWeb web-application firewall after researchers uncovered a critical weakness that lets anyone on the internet run their own database commands on unprotected systems. The defect, catalogued as CVE-2025-25257 and…
0 Comments6 Minutes
Leaked Shellter Elite Copy Fuels New Wave of Infostealer Attacks
From Test-Lab Helper to Criminal Workhorse A security tool that was meant to help ethical hackers has slipped into the wrong hands. Shellter Elite, a commercial framework designed to let red-teamers hide test payloads from antivirus and endpoint protection, is now turning up inside real-world…
0 Comments5 Minutes
Google Ordered to Pay $314 Million for Quietly Using Android Users’ Mobile Data
Jury Says Background Data Use Broke California Law A jury in San Jose, California, has told Google to hand over roughly $314 million after deciding the company tapped into Android users’ mobile-data plans without permission. The verdict, delivered at the close of a month-long trial that began on…
0 Comments6 Minutes
Two Bugs in Sudo Let Regular Users Gain Root Access
A Routine Tool Under the Microscope Sudo is one of those command-line helpers that most Linux and Unix administrators install and forget. It lets anyone with the right entry in the /etc/sudoers file perform system tasks that normally need super-user rights, all while keeping a clear audit trail.…
0 Comments6 Minutes
“NightEagle” Hackers Exploit Fresh Microsoft Exchange Weakness
Researchers spot fast-moving group at CYDES 2025 Security investigators from the RedDrip Team at Chinese cybersecurity giant QiAnXin have unmasked a previously unreported advanced-persistent-threat (APT) crew they have dubbed “NightEagle,” also tracked as APT-Q-95. The team laid out its findings…
2 Comments5 Minutes
North Korean Hackers Write Nim-Based Malware to Breach Web3 Companies
A Fresh Mac Threat: NimDoor Security researchers at SentinelOne have uncovered a new malware toolkit, nicknamed NimDoor, that highlights how North Korean hacking crews keep reinventing themselves. Unlike many Mac threats, the malicious code is written in the Nim programming language and relies on…
0 Comments6 Minutes
nOAuth: A Two-Year-Old Entra ID Loophole Still Lets Attackers Take Over
New survey shows nearly one in ten Microsoft-linked SaaS apps can be hijacked A fresh investigation by identity-security firm Semperis has reignited concern about a weakness first publicised in mid-2023 and nicknamed nOAuth. The company examined 104 cloud software products that let customers sign…
0 Comments5 Minutes
Cisco Rushes to Fix Two “Perfect-Score” Flaws in Identity Services Engine
What Makes ISE So Important Cisco Identity Services Engine, better known as ISE, sits at the heart of many company networks. It decides who or what can log in, which devices may join the Wi-Fi, and whether a user can reach a sensitive server. If ISE goes down or is taken over, an attacker…
0 Comments5 Minutes
Critical flaw in Open VSX Registry patched after researchers warn of supply-chain danger
Attack vector could have handed over the whole extension market An Israeli security outfit has revealed that an error buried deep in the automation scripts of the Open VSX Registry might have let criminals hijack every Visual Studio Code extension distributed through the popular open-source…
0 Comments6 Minutes