New Mirai campaign exploits RCE flaw in EoL D-Link routers

A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability ...

Hackers Are Now Using Microsoft Teams to Breach Company Networks Without Using Any Exploits

A newly identified threat group, UNC6692, has been caught running a sophisticated cyberattack campaign that uses Microsoft ...

New AgingFly malware used in attacks on Ukraine govt, hospitals

A new malware family named 'AgingFly' has been identified in attacks against local governments and hospitals that steal ...
TidBITS

Shutting Down SlackBITS After Impersonation-Based Malware Attack

A convincing impersonation of TidBITS contributor Glenn Fleishman on our public Slack group fooled an experienced IT ...
Cybernews

750,000 DNN websites in danger: a simple SVG upload can lead to complete compromise

A severe cross-site-scripting (XSS) vulnerability in DNN, a popular open-source content management platform, allows attackers ...
Flamingo on MSN

I forced Roblox noobs to play Among Us with admin commands

Today I jumped into Roblox Life in Paradise with full admin powers… and turned it into Among Us. One random player got a ...

Attack of the killer script kiddies

For decades, this type of no-skill hacker, known as a script kiddie, has wreaked havoc, running scripts they ripped from the ...
The Hacker News

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

PhantomCore exploited three TrueConf flaws since September 2025, enabling remote access and lateral movement across Russian ...
CoinDesk

Audit admin keys, not just code, expert says after $200 million Drift exploit

Programmable blockchain Solana's SOL token has hit five-week lows after an exploit at one of its largest perpetual decentralized exchange, Drift, underscored that security risks go beyond just smart ...
The Hacker News

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Monday cybersecurity recap on evolving threats, trusted tool abuse, stealthy in-memory attacks, and shifting access patterns.