Microsoft Teams is getting an Efficiency Mode for slower PCs and Macs
Microsoft is preparing to roll out a new Efficiency Mode in Teams to help the app run better on hardware-constrained devices. Microsoft’s message center says…
News
Here you can find the latest news and developments in the VPN world. Read about new breakthroughs, bypassing online censorship, and much more!
Linux GoGra backdoor hides commands in Outlook mailboxes using Microsoft Graph
A newly reported Linux version of the GoGra backdoor uses Microsoft Outlook mailboxes as its command channel, helping attackers blend malicious traffic into normal cloud…
Fake TradingView AI tool spreads Needle Stealer through a bogus TradingClaw site
A new malware campaign is targeting traders by abusing the TradingView name and pushing a fake AI assistant called TradingClaw. Researchers at Malwarebytes say the…
notnullOSX targets Mac crypto users through fake apps and a hijacked YouTube channel
A new macOS malware strain called notnullOSX has been caught in the wild, and it appears built for one job: stealing cryptocurrency from Mac users…
Bitwarden CLI supply chain attack exposed secrets through a poisoned npm release
A malicious npm release briefly compromised Bitwarden’s command-line client this week, but the incident was narrower than some early reports suggested. Bitwarden says the affected…
AI-assisted Lazarus campaign lures developers with fake coding tests that trigger malware on open
A North Korea-linked hacking operation is targeting software developers with fake job interviews and booby-trapped coding assignments, and the campaign shows how generative AI can…
Malicious npm package abused Hugging Face for both payload delivery and stolen-data storage
A malicious npm package called js-logger-pack turned Hugging Face into both a malware distribution point and a backend for stolen data, according to new research…
North Korean fake IT worker scheme keeps growing, with VPNs and laptop farms helping operatives look local
North Korea’s fake IT worker operation remains one of the most effective fraud and sanctions evasion schemes in the cyber world, and fresh research shows…
Unauthorized users reportedly accessed Anthropic’s restricted Mythos cyber model through vendor environment
A small group of unauthorized users reportedly gained access to Anthropic’s restricted Claude Mythos Preview through a third-party vendor environment, according to Bloomberg, with Anthropic…
Microsoft ships emergency .NET 10.0.7 update for ASP.NET Core privilege escalation flaw
Microsoft has released .NET 10.0.7 as an out-of-band security update to fix CVE-2026-40372, a newly disclosed elevation of privilege vulnerability in the Microsoft.AspNetCore.DataProtection package. The…
Microsoft-signed file used to deliver LOTUSLITE in espionage campaign targeting Indian banks
A newly documented espionage campaign has targeted India’s banking sector with an updated LOTUSLITE backdoor, and the attackers used a legitimate Microsoft-signed executable to help…
Atlassian patches critical Bamboo command injection flaw and high-severity Netty issue
Atlassian has disclosed two major security issues in Bamboo Data Center and Server, including a critical OS command injection vulnerability and a high-severity denial-of-service flaw…
ProxySmart linked to 87 exposed SIM farm panels across 17 countries, researchers say
A shared software platform called ProxySmart appears to sit behind a large global SIM farm ecosystem that spans at least 87 exposed control panels in…
Compromised Namastex npm packages spread CanisterWorm in TeamPCP-style supply chain attack
A new npm supply chain attack hit packages tied to Namastex.ai, turning trusted package names into delivery vehicles for CanisterWorm, a self-propagating backdoor that steals…
DinDoor and ChainShell tie MuddyWater to Russian malware-as-a-service infrastructure
MuddyWater appears to be using commercial malware-as-a-service infrastructure rather than relying only on its own tooling. New research from JUMPSEC says the Iranian espionage group…