Hosted on MSN

Palo Alto firewall zero-day exploited as patch awaited

Critical flaw exposed: CVE-2026-0300 enables unauthenticated remote code execution with root privileges on certain Palo Alto firewalls via the User-ID Authentication Portal. Active exploitation ...
Security Boulevard

APT37 Adds New Capabilities for Air-Gapped Networks

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...
The Hacker News

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass ...
CSOonline

This stealthy Windows RAT holds live conversations with its operators

Security researchers at Point Wild have disclosed a new Windows malware campaign that uses a multi-stage infection chain to establish persistent, memory-resident access on compromised systems and ...
winbuzzer.com

Fake Windows Update Notifications: ClickFix Malware Campaign Uses PNG Steganography to Evade Detection

Cybercriminals have rapidly pivoted to a new evasion technique following Microsoft’s recent crackdown on malicious email attachments. Just weeks after Outlook began blocking inline Scalable Vector ...
CSOonline

XWorm campaign shows a shift toward fileless malware and in-memory evasion tactics

In a newly disclosed multi-stage threat campaign, attackers were seen skipping disk and leaning on in-memory tricks to deliver the XWorm remote access trojan (RAT). According to Forcepoint Labs’ ...
Forbes

Microsoft Windows Is Being Hacked If You See These JPEG Images

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This story has been updated on August 5 with a statement from ...
IEEE

Process Injection Using Return-Oriented Programming

Abstract: Return-oriented programming (ROP) is a code-reuse attack that uses borrowed chunks of executable code for arbitrary computation. On Windows, ROP is often used solely to bypass Data Execution ...
Bleeping Computer

Hackers exploited Windows WebDav zero-day to drop malware

An APT hacking group known as 'Stealth Falcon' exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, ...
Bitdefender

Fake Download of Mission: Impossible – The Final Reckoning Movie Deploys Lumma Stealer

Mission: Impossible – The Final Reckoning is now in theaters, and many of the publicly available peer-to-peer sharing websites are already offering the movie as a download. Public interest in such a ...
WeLiveSecurity

TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks

In this blogpost, ESET researchers provide an analysis of Spellbinder, a lateral movement tool for performing adversary-in-the-middle attacks, used by the China-aligned threat actor that we have named ...
Redmond Magazine

Microsoft Warns of ViewState Code Injection Attacks Using Publicly Disclosed Machine Keys

Microsoft Threat Intelligence has identified a limited attack campaign leveraging publicly available ASP.NET machine keys to conduct ViewState code injection attacks. The attacks, first observed late ...