Hackers Abuse Steam Workshop Wallpapers to Hijack Steam Sessions and Spread Malware
Hackers have been using malicious Wallpaper Engine wallpapers on Steam Workshop to steal active Steam sessions and infect Windows PCs with malware. According to a…
News
Here you can find the latest news and developments in the VPN world. Read about new breakthroughs, bypassing online censorship, and much more!
Deno-Based RAT Uses Microsoft Teams Impersonation and Mailbombing to Target Employees
A new Deno-based remote access trojan is being used in attacks that combine email flooding with fake Microsoft Teams IT support calls. The attack starts…
Rokarolla Android Malware Targets Banking and Crypto Apps With Device Takeover Features
Rokarolla is a newly identified Android banking trojan that can steal financial credentials, intercept SMS messages, capture lock screen data, and abuse Accessibility Services to…
Google Fixes 33 Chrome Security Flaws, Including Seven Critical Vulnerabilities
Google has released a new Chrome security update that fixes 33 vulnerabilities, including seven critical flaws in browser components such as WebShare, WebView, Digital Credentials,…
Critical LiteLLM Flaw Can Allow Authentication Bypass Through Host Header Injection
A critical vulnerability in LiteLLM can allow unauthenticated access to protected management routes in some proxy server deployments. The flaw is tracked as CVE-2026-49468 and…
AIRecon Brings Offline AI Penetration Testing to a Kali Linux Sandbox
AIRecon is an open-source, AI-powered penetration testing agent that runs with a self-hosted Ollama model, a Kali Linux Docker sandbox, and a terminal-based interface. Its…
Hackers Compromised 140+ Mastra npm Packages to Deploy Infostealer Malware
Hackers compromised more than 140 Mastra npm packages in a supply chain attack that used a malicious dependency to run malware during installation. The attack…
U.S. Export Control Directive Forces Anthropic to Disable Claude Fable 5 and Mythos 5
Anthropic has disabled access to Claude Fable 5 and Claude Mythos 5 after receiving a U.S. government export control directive that bars foreign nationals from…
Kodak Confirms Data Breach After ShinyHunters Claims Customer Records Were Stolen
Eastman Kodak has confirmed a cybersecurity incident after the ShinyHunters extortion group claimed it stole more than 2.2 million customer and corporate records from the…
Fortra Access Manager Vulnerability Enables Remote Command Injection Attacks
Fortra has disclosed a critical command injection vulnerability in Core Privileged Access Manager, also known as BoKS, that can let a remote attacker run operating…
CISA Warns Oracle PeopleSoft Zero-Day Is Being Exploited in Attacks
CISA has added CVE-2026-35273, a critical Oracle PeopleSoft PeopleTools vulnerability, to its Known Exploited Vulnerabilities catalog after confirmed exploitation in the wild. The flaw affects…
Malicious JetBrains IDE Plugins Caught Stealing AI API Keys From Developers
At least 15 malicious JetBrains IDE plugins were found stealing AI provider API keys from developers after appearing on the JetBrains Marketplace as coding assistants,…
ErrTraffic MaaS Uses Fake reCAPTCHA and Cloudflare Turnstile Pages to Run PowerShell Commands
ErrTraffic is a growing malware distribution framework that tricks users into running PowerShell commands through fake verification pages that imitate trusted services such as Google…
FishMonger Expands SprySOCKS Backdoor From Linux to Windows
FishMonger, a China-aligned cyberespionage group, has expanded the SprySOCKS backdoor from Linux to Windows, giving the group a broader toolset for spying on government and…
FortiBleed Exposes Fortinet Firewall Credentials in Global Credential Attack
A large credential-harvesting campaign known as FortiBleed has exposed login data for tens of thousands of Fortinet FortiGate firewalls and VPN gateways worldwide. The incident…