Federal authorities have charged a 22-year-old Oregon man with operating one of the most powerful distributed denial-of-service (DDoS) botnets ever discovered, marking a significant victory in the ongoing battle against cybercriminal infrastructure. Ethan Foltz of Eugene, Oregon, faces federal charges…
Category: EN
Microsoft VS Code Remote-SSH Extension Hacked to Execute Malicious Code on Developer’s Machine
A critical security vulnerability has been discovered in Microsoft’s VS Code Remote-SSH extension that allows attackers to execute malicious code on developers’ local machines through compromised remote servers. Security researchers have demonstrated how this attack, dubbed “Vibe Hacking,” exploits the…
Operator of ‘Rapper Bot’ DDoS Botnet Faces Charges
Federal authorities have charged a 22-year-old Oregon man with operating one of the most powerful distributed denial-of-service (DDoS) botnets ever discovered, marking a significant victory in the ongoing battle against cybercriminal infrastructure. Ethan Foltz of Eugene, Oregon, faces federal charges…
US CERT/CC warns of flaws in Workhorse Software accounting software used by hundreds of municipalities in Wisconsin
CERT/CC disclosed serious data exposure vulnerabilities in Workhorse Software used by hundreds of U.S. cities and towns. CERT Coordination Center (CERT/CC) at Carnegie Mellon University disclosed two serious data exposure flaws in an accounting application developed by Workhorse Software’s, and…
CISA Issues Four ICS Advisories on Vulnerabilities and Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) released four critical Industrial Control Systems (ICS) advisories on August 19, 2025, alerting organizations to current security vulnerabilities and potential exploits affecting critical infrastructure systems. These advisories provide essential information for administrators and…
New Loader Malware Dubbed ‘QuirkyLoader’ Delivering Infostealers and RATs
A sophisticated new malware loader called QuirkyLoader has emerged as a significant cybersecurity threat, actively distributing well-known infostealers and remote access trojans (RATs) since November 2024. The malware has demonstrated remarkable versatility in delivering multiple payload families, including Agent Tesla,…
Google Announces New Capabilities for Enabling Defenders and Securing AI Innovation
Google Cloud has unveiled a comprehensive suite of security enhancements at its Security Summit 2025, marking a significant evolution in enterprise AI security frameworks. The technology giant’s latest announcements, delivered by VP and GM Jon Ramsey, focus on two critical…
New PromptFix Attack Tricks AI Browsers to Run Malicious Hidden Prompts
A new attack vector called PromptFix exploits AI-powered browsers by embedding malicious instructions within seemingly innocent web content. The attack represents an evolution of traditional ClickFix scams, specifically designed to manipulate agentic AI systems rather than human users. The research,…
Russian Hackers Exploiting 7-Year-Old Cisco Vulnerability to Collect Configs from Industrial Systems
A Russian state-sponsored cyber espionage group designated as Static Tundra has been actively exploiting a seven-year-old vulnerability in Cisco networking devices to steal configuration data and establish persistent access across critical infrastructure networks. The sophisticated threat actor, linked to Russia’s…
Critical Apache Tika PDF Parser Vulnerability Allow Attackers to Access Sensitive Data
A critical security vulnerability has been discovered in Apache Tika’s PDF parser module that could enable attackers to access sensitive data and trigger malicious requests to internal systems. The flaw, designated as CVE-2025-54988, affects multiple versions of the widely used…