Hackers breached 700+ Ghost CMS websites to serve ClickFix malware attacks.
The attackers exploited critical flaw CVE-2026-26980 to steal admin API keys and inject malicious JavaScript into legitimate sites, including university, AI, blockchain, and fintech platforms.
Visitors were shown fake CAPTCHA pages that tricked them into running malware.
The attackers exploited critical flaw CVE-2026-26980 to steal admin API keys and inject malicious JavaScript into legitimate sites, including university, AI, blockchain, and fintech platforms.
Visitors were shown fake CAPTCHA pages that tricked them into running malware.
❤1🔥1🤓1
Lazarus deployed a new memory-only RAT against crypto and financial organizations.
The RemotePE malware executes entirely in memory with no filesystem artifacts, using DPAPI loaders, ETW patching, and Hell’s Gate techniques to evade detection and maintain stealthy access.
The RemotePE malware executes entirely in memory with no filesystem artifacts, using DPAPI loaders, ETW patching, and Hell’s Gate techniques to evade detection and maintain stealthy access.
🐳1🦄1
TrapDoor supply chain attack hits npm, PyPI, and Crates-io.
34 malicious packages across 384 versions were used to steal crypto wallets, SSH keys, cloud credentials, and developer secrets from crypto, DeFi, Solana, and AI environments.
The malware abused npm hooks, Python imports, and Rust build scripts for execution and persistence.
34 malicious packages across 384 versions were used to steal crypto wallets, SSH keys, cloud credentials, and developer secrets from crypto, DeFi, Solana, and AI environments.
The malware abused npm hooks, Python imports, and Rust build scripts for execution and persistence.
❤1🥰1👏1😁1😭1
Cybersecurity experts warn that satellites and space-based infrastructure are becoming prime targets for cyber and electronic warfare. Attacks on ground stations, signal interference, and AI-enabled operations are raising new concerns over the resilience of global communications systems.
👍1🥰1🫡1
Iranian President Masoud Pezeshkian directed the Ministry of Communications to restore international internet access, effectively aiming to terminate a near-total nationwide blackout that has lasted 87 days, according to state media reports.
🔥2👍1😁1
Millions of WhatsApp numbers leaked in a hacker forum
A hacker has claimed to have published a large collection of WhatsApp user data for free in a hacker forum.
A hacker has claimed to have published a large collection of WhatsApp user data for free in a hacker forum.
✍1🤔1👨💻1
Cybersecurity firm Profero reports hacker group “Cyber Isnaad Front” targeting Israeli infrastructure. In one case, attackers breached both IT and OT at a food plant, altered industrial cooling controllers, locked out admins, and caused physical damage to three compressors—disrupting operations for nearly a week.
🥰1👏1😁1
Israel’s National Cyber Directorate reveals two thwarted mass-malware campaigns during Operation “Roaring Lion.” Attackers seeded malicious infrastructure via compromised ads on popular Israeli sites and abused “ClickFix” components. One case used trojanized ads to deploy remote access tools.
🔥1😁1👾1
The head of the Russian Federal Security Service claimed that the assassination of some Iranian commanders and officials was carried out using intrusive malware in Tehran's surveillance systems.
CVE-2021-21735: ZTE H168N wizard whitelist exposed PPPoE and WLAN secrets pre-auth.
Zero-Click WhatsApp Account Takeover Hits iPhone Users Running iOS 16. No Linked Devices, No Warning.