Zerobot now targets Tenda routers and n8n servers to spread Mirai-style malware
Zerobot is back, and this time it is going after both consumer networking gear and business automation servers. Akamai said on February 27 that its…
News
Here you can find the latest news and developments in the VPN world. Read about new breakthroughs, bypassing online censorship, and much more!
StegaBin uses malicious npm packages to steal developer credentials through a hidden multi-stage payload
A fresh software supply chain campaign is targeting developers through npm packages that appear harmless at first glance. Security reporting published around March 2 and…
Hackers are using Telegram to sell access to corporate VPN, RDP, and cloud accounts
Telegram has become a serious concern for enterprise defenders. Recent threat research shows that cybercriminals now use Telegram channels and bots to advertise stolen credentials,…
Iran cyber conflict widens after Epic Fury and Roaring Lion, but many attack claims still lack proof
The cyber side of the Iran conflict is clearly growing, but the picture is messy. After the United States and Israel launched their joint campaign…
Malvertising campaign tricks Mac users into installing AMOS infostealer through fake “how-to” pages
Attackers now use Google Search ads to lure macOS users onto fake help pages that tell them to paste a Terminal command. When the victim…
How to cut MTTR by improving threat visibility in your SOC
If you want to cut MTTR in a SOC, start with better threat visibility. Faster response usually does not begin with a new dashboard. It…
Langflow’s AI CSV Agent Vulnerability Allows Remote Code Execution Attacks
A critical security flaw in Langflow, a popular platform used to build and deploy AI-powered agents and workflows, can allow attackers to execute arbitrary code…
Google Chrome Moves to Merkle Tree Certificates for Quantum‑Safe HTTPS
Google Chrome is shifting to Merkle Tree Certificates (MTCs) as its main way to protect HTTPS against future quantum‑computing threats. Instead of stuffing every TLS…
Hackers Use CyberStrikeAI Tool to Hit Fortinet FortiGate Devices
Threat actors are using an AI‑driven offensive security tool called CyberStrikeAI to breach Fortinet FortiGate firewalls and other edge network devices. This open‑source platform, written…
Aqua Trivy Extension Hit by AI-Powered Supply Chain Attack
Threat actors compromised two versions of the Aqua Trivy VS Code extension on OpenVSX on February 27 and 28, 2026. They injected malicious code that…
Claude Memory Import Revolutionizes AI Switching
Anthropic launched a groundbreaking memory import tool for Claude on March 3, 2026. This feature lets users transfer stored preferences, habits, and context from ChatGPT,…
Hackerbot-Claw Bot Attacks: Exploits GitHub Actions CI/CD in Microsoft, DataDog Repositories
Hackerbot-claw, an autonomous AI-powered bot, ran a week-long attack from February 21-28, 2026. It hit CI/CD pipelines in open-source repos from Microsoft, DataDog, Cloud Native…
Android Security Update March 2026: Patches 129 Vulnerabilities Including Actively Exploited Zero-Day CVE-2026-21385
Google rolled out the March 2026 Android Security Bulletin with fixes for 129 vulnerabilities. This update tackles one of the biggest patch lists in recent…
AuraStealer Infostealer Emerges: 48 C2 Domains Fuel Active Campaigns Since Mid-2025
Threat actors unleashed AuraStealer, a potent new infostealer, starting in July 2025. Russian-speaking developers promote it on forums like XSS, Exploit, and others as a…
Chrome Gemini Vulnerability CVE-2026-0628: Remote Camera, Microphone Access Without User Interaction
A high-severity flaw in Google Chrome’s Gemini AI assistant allows attackers to access cameras, microphones, and local files remotely. Tracked as CVE-2026-0628, it needs no…