Follow on Google News
Threat Actors Use AI Tools for 30-Minute Domain Compromise in 2025
CrowdStrike 2026 Global Threat Report documents 89% increase in AI-enabled attacks. Average eCrime breakout time fell to 29 minutes with fastest at 27 seconds. Attackers weaponized Claude,…
65% Financial Firms Hit by Ransomware in 2024 Despite Heavy Security Spending
Financial organizations faced ransomware attacks at 65% rate in 2024, highest across all industries. Average recovery costs excluding ransom hit $2.73 million per incident. Phishing drove 90%…
Malicious NuGet Packages Target ASP.NET Developers Stealing Credentials Through JIT Hooks
Four malicious NuGet packages attack ASP.NET developers deploying credential-stealing backdoors. NCryptYo, DOMOAuth2_, IRAOAuth2.0, SimpleWriter_ racked up 4,500+ downloads since August 2024. JIT compiler hijacking and localhost proxies…
Reddit Hit With Record £14.47M ICO Fine for Child Privacy Violations
UK’s ICO fined Reddit £14.47 million on February 24, 2026 for processing under-13 personal data without age verification. Platform lacked controls despite terms prohibiting child use…
Ruby Workers Face Critical RCE from Unsafe Oj Deserialization
NullSecurityX disclosed deterministic RCE in Ruby background workers using Oj.load deserialization. Unauthenticated attackers craft JSON payloads triggering arbitrary shell commands via Node class. No gadget chains required;…
Malicious OpenClaw Skills Deploy Atomic macOS Stealer Through Fake Driver Prompts
Threat actors embedded AMOS stealer in 39 malicious OpenClaw skills across ClawHub, SkillsMP, GitHub. SKILL.md files trick AI agents into prompting manual OpenClawCLI driver installs. Fake password…
Steganography NPM Attack Hides Pulsar RAT in Innocent PNG Images
Malicious NPM package buildrunner-dev embeds Pulsar RAT inside PNG images using steganography. Typosquatted buildrunner package evades scanners by encoding malware in pixel RGB values. Veracode uncovered seven-layer…
Fake Huorong Antivirus Sites Deploy ValleyRAT Backdoor in Chinese APT Campaign
Silver Fox APT group created huoronga[.]com mimicking popular Chinese antivirus Huorong Security. Visitors download BR火绒445[.]zip containing ValleyRAT built on Winos4.0 framework. Malware disables Windows Defender exclusions and…
Diesel Vortex Russian Phishing Ring Steals 1,649 Logistics Credentials Across US and Europe
Diesel Vortex Russian cybercrime group ran phishing operation against freight platforms from September 2025 to February 2026. 1,649 unique credentials stolen from DAT Truckstop, Penske Logistics,…
ClickFix Infostealer Evolves with Fake CAPTCHA Clipboard Hijacking in 2026 Campaigns
ClickFix infostealer campaigns trick users into running PowerShell commands via fake CAPTCHA pages. Compromised sites push victims to copy-paste malicious code evading file scanners. Targets browsers, crypto…
November 21, 2025
1 comment 
