Tag JavaScript

FIN7 Hackers Deploy Windows 11-Themed Documents to Install JavaScript Backdoors

In a concerning development for cybersecurity, a series of spear-phishing attacks have emerged, utilizing weaponized Microsoft Word documents themed around Windows 11 Alpha. Researchers from the cybersecurity firm Anomali reported the campaigns involved Visual Basic macros designed to deploy malicious payloads, including a JavaScript implant, against a point-of-sale (PoS) service…

Read MoreFIN7 Hackers Deploy Windows 11-Themed Documents to Install JavaScript Backdoors

Google: Monitoring 270 State-Sponsored Hacking Groups Across More Than 50 Nations

On Thursday, Google’s Threat Analysis Group (TAG) revealed that it is currently monitoring over 270 state-sponsored threat actors operating across more than 50 countries. Since the beginning of 2021, TAG has issued approximately 50,000 alerts concerning phishing and malware attempts tied to these government-backed actors. This represents a 33% increase…

Read MoreGoogle: Monitoring 270 State-Sponsored Hacking Groups Across More Than 50 Nations

More Than 24 Vulnerabilities Found in Advantech Industrial Wi-Fi Access Points – Urgent Patch Recommended

Recent disclosures have unveiled nearly two dozen vulnerabilities in Advantech’s industrial-grade wireless access points, a suite of devices that are integral to operational technology networks. Among these vulnerabilities, several are critical, enabling potential attackers to bypass authentication protocols and execute code at elevated privileges, thereby posing substantial risks to the…

Read MoreMore Than 24 Vulnerabilities Found in Advantech Industrial Wi-Fi Access Points – Urgent Patch Recommended

F5 Security Breach, Linux Rootkits, Pixnapping Threats, EtherHiding, and More

Recent revelations in cybersecurity highlight the increasing prevalence of long-term breaches, which often go unnoticed until substantial damage is done. A striking example is the incident involving F5, a significant player in the application delivery and security space. On August 9, 2025, F5 announced that unidentified threat actors had infiltrated…

Read MoreF5 Security Breach, Linux Rootkits, Pixnapping Threats, EtherHiding, and More

Researchers Discover Prompt Injection Vulnerabilities in DeepSeek and Claude AI

Security Flaw in DeepSeek AI Chatbot Exposed Recent revelations have highlighted a critical security vulnerability in the DeepSeek artificial intelligence chatbot. This flaw, which has since been patched, could have allowed malicious actors to seize control of user accounts through a technique known as prompt injection. This troubling discovery was…

Read MoreResearchers Discover Prompt Injection Vulnerabilities in DeepSeek and Claude AI

Kinsing Actors Capitalizing on Recent Linux Vulnerability to Compromise Cloud Environments

The cybercriminal group associated with Kinsing has commenced attempts to exploit a newly identified Linux privilege escalation vulnerability known as Looney Tunables. This initiative appears to be part of an experimental campaign targeting cloud environments. According to cloud security firm Aqua, Kinsing is also expanding its attack vectors by extracting…

Read MoreKinsing Actors Capitalizing on Recent Linux Vulnerability to Compromise Cloud Environments

Hackers Employ Innovative Evasive Tactics to Distribute AsyncRAT Malware

A sophisticated phishing attack has emerged, delivering the AsyncRAT trojan as part of a malware campaign believed to have started in September 2021. This campaign has raised significant concerns among cybersecurity experts due to its innovative approach and potential for widespread damage. According to Michael Dereviashkin, a security researcher at…

Read MoreHackers Employ Innovative Evasive Tactics to Distribute AsyncRAT Malware

Lightning AI Studio Flaw Could Have Enabled Remote Code Execution via Concealed URL Parameter

Cybersecurity experts have revealed a serious vulnerability affecting the Lightning AI Studio, a development platform that, if exploited, poses a significant risk of remote code execution. This flaw has been assigned a CVSS score of 9.4, indicating its critical nature and potential for severe repercussions. The vulnerability permits attackers to…

Read MoreLightning AI Studio Flaw Could Have Enabled Remote Code Execution via Concealed URL Parameter

That annoying SMS phishing message you received might have originated from a device like this.

Investigation Uncovers Vulnerable Routers Used in Smishing Campaigns Recent investigations reveal a coordinated smishing operation leveraging unsecured router infrastructure, highlighting a concerning vulnerability within the landscape of cybersecurity. According to researchers from Sekoia, this campaign exemplifies how easily accessible technology can facilitate impactful phishing scams, raising alarms about the potential…

Read MoreThat annoying SMS phishing message you received might have originated from a device like this.