Chrome 140 Security Patch
Google has rolled out Chrome 140, addressing several high severity vulnerabilities that could put billions of users at risk if left unpatched. As browsers remain the frontline interface between individuals, businesses, and the internet, security flaws within them are among the most attractive targets for cybercriminals. Understanding the Threat Browser vulnerabilities allow attackers to run […]
TinyLoader Malware Targets Windows Users
The global cybersecurity landscape has once again been disrupted with the discovery of TinyLoader, a sophisticated new malware designed to exploit Windows systems. Unlike typical malware strains, TinyLoader functions as a highly efficient dropper – a malicious program whose primary goal is to infiltrate systems undetected and deliver secondary payloads. How TinyLoader Works TinyLoader employs […]
11.5 Tbps DDoS Attack
The digital world has witnessed a staggering milestone – a distributed denial-of-service (DDoS) attack peaking at 11.5 Tbps, making it the largest attack of its kind to date. This unprecedented scale highlights how cybercriminals are leveraging botnets, misconfigured devices, and advanced tactics to overwhelm global infrastructure. Such attacks are no longer limited to isolated industries. […]
Qualcomm Chip Vulnerabilities Exposed
Qualcomm, the world’s leading mobile chipmaker, recently disclosed multiple high-severity vulnerabilities in its Snapdragon chipsets. These flaws impact billions of Android smartphones, IoT devices, and connected infrastructure, creating a potential entry point for attackers to steal sensitive data, compromise communications, or take control of affected devices. The vulnerabilities, tracked under critical CVEs, highlight a growing […]
ScarCruft Deploys ROKRAT Malware
A recent campaign has revealed that the advanced persistent threat (APT) group ScarCruft, believed to operate out of North Korea, is deploying the ROKRAT malware through malicious LNK files. This new wave of attacks highlights the continued evolution of state-sponsored cyber espionage targeting organizations across sectors, particularly those handling sensitive information and cross-border operations. How […]
Fraudulent Scholarship Apps
A sophisticated Android malware campaign, labeled SikkahBot, has been impacting students in Bangladesh by masquerading as legitimate scholarship applications under the Bangladesh Education Board’s name. Attackers distribute these malicious APKs via smishing-sending SMS links that redirect to sites like appsloads.top and downloadapp.website. Once installed, the malware secretly harvests personal and financial data. Victims are prompted […]
300,000 Plex Media Servers Exposed
A critical warning has surfaced for organizations and individuals alike: more than 300,000 internet-facing Plex Media Server instances remain vulnerable to CVE-2025-34158, a severe remote code execution flaw affecting versions 1.41.7.x to 1.42.0.x. Plex released a fix in version 1.42.1, but according to Censys research, hundreds of thousands of servers remain unpatched and exposed online. […]
Salt Typhoon Espionage Campaign
A powerful international alert has revealed that Salt Typhoon, a sophisticated espionage group linked to Chinese state interests, has infiltrated critical infrastructure across the globe-targeting telecommunications, government, transportation, lodging, and military sectors. The advisory, co-issued by the FBI, CISA, NSA, the UK’s NCSC, and numerous other partners, exposes how this threat actor exploits backbone routers […]
WhatsApp Emergency Patch
WhatsApp recently deployed an emergency update to address a critical security flaw affecting iOS and macOS versions of its app. The vulnerability, known as CVE-2025-55177, stems from improper authorization in linked device synchronization messages, potentially allowing malicious content from arbitrary URLs to execute silently on a user’s device. This flaw was potentially exploited in combination […]
Government Takedown of VerifTools
The U.S. Attorney’s Office for the District of New Mexico has successfully seized two domains and a blog linked to VerifTools, a notorious online marketplace distributing counterfeit driver’s licenses, passports, and other identity documents. This action comes after a court-authorized operation revealing that VerifTools sold forged identity documents for as little as nine dollars via […]