The cybersecurity landscape continues to witness sophisticated threat actors developing increasingly complex attack methodologies to infiltrate organizational networks and steal sensitive information. A recent investigation by security researchers has uncovered a persistent campaign orchestrated by the Scaly Wolf Advanced Persistent…
Category: Cyber Security News
Legitimate Chrome VPN With 100,000+ Installs Silently Captures Screenshots and Exfiltrate Sensitive Data
A Chrome VPN extension with over 100,000 installations and verified badge status has been discovered operating as sophisticated spyware, continuously capturing user screenshots and exfiltrating sensitive data without consent. The extension, known as FreeVPN.One, masqueraded as a legitimate privacy tool…
CodeRabbit’s Production Servers RCE Vulnerability Enables Write Access on 1M Repositories
A critical remote code execution (RCE) vulnerability in CodeRabbit’s production infrastructure that provided unauthorized access to over one million code repositories, including private ones. The vulnerability, discovered in December 2024 and responsibly disclosed in January 2025, exploited the platform’s static…
Paper Werewolf Exploiting WinRAR Zero‑Day Vulnerability to Deliver Malware
Cybersecurity researchers have uncovered a sophisticated campaign by the Paper Werewolf threat actor group, also known as GOFFEE, targeting Russian organizations through the exploitation of critical vulnerabilities in WinRAR archiving software. The campaign, active since July 2025, demonstrates the group’s…
Hackers Exploiting Apache ActiveMQ Vulnerability to Gain Access to Cloud Linux Systems
A sophisticated campaign uncovered where adversaries are exploiting CVE-2023-46604, a critical remote code execution vulnerability in Apache ActiveMQ, to compromise cloud-based Linux systems. In this case, attackers are patching the very vulnerability they exploited to maintain exclusive access and evade…
Serial Hacker Jailed for Hacking and Defacing Organizations’ Websites
A sophisticated cybercriminal operation targeting government institutions and private organizations across multiple continents has culminated in the sentencing of Al-Tahery Al-Mashriky, a 26-year-old hacker from Rotherham, South Yorkshire. The prolific attacker, who operated under multiple aliases within the extremist hacking…
0-Day Clickjacking Vulnerabilities Found in Major Password Managers like 1Password, LastPass and Others
A cybersecurity researcher has disclosed zero-day clickjacking vulnerabilities affecting eleven major password managers, potentially exposing tens of millions of users to credential theft through a single malicious click. The research, conducted by security expert Marek Tóth, reveals that attackers can…
New GodRAT Weaponizing Screen Saver and Program Files to Attack Organizations
A sophisticated new Remote Access Trojan named GodRAT has emerged as a significant threat to financial institutions, leveraging deceptive screen saver files and steganographic techniques to infiltrate organizational networks. First detected in September 2024, this malware campaign has demonstrated remarkable…
New Salty 2FA PhaaS platform Attacking Microsoft 365 Users to Steal Login Credentials
A sophisticated new Phishing-as-a-Service (PhaaS) framework dubbed “Salty 2FA” has emerged as a significant threat to Microsoft 365 users across US and European industries. This previously undocumented platform employs advanced obfuscation techniques and multi-stage execution chains specifically designed to bypass…
Chrome High-Severity Vulnerability Let Attackers Execute Arbitrary Code
Google has released an emergency security update for Chrome to address a critical vulnerability that could allow attackers to crash the browser or execute arbitrary code on affected systems. The high-severity flaw, designated as CVE-2025-9132, affects Chrome’s V8 JavaScript engine…