New Fileless Malware Attack Uses AsyncRAT for Credential Theft
LevelBlue Labs reports AsyncRAT delivered through a fileless attack chain using ScreenConnect, enabling credential theft and persistence.
Cyber Attack
Hello Gym Data Leak Exposes 1.6 Million Audio Files of Gym Members
An unsecured database managed by Hello Gym has exposed over 1.6 million audio recordings of gym members. Learn…
Hello Gym Data Leak Exposes 1.6 Million Audio Files of Gym Members
An unsecured database managed by Hello Gym has exposed over 1.6 million audio recordings of gym members. Learn…
New Salty2FA Phishing Kit Bypasses MFA and Clones Login Pages
A new, sophisticated phishing kit, Salty2FA, is using advanced tactics to bypass MFA and mimic trusted brands. Read…
New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs
Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development.
Jaguar Land Rover Halts Operations Longer Due to Cyberattack Impact
Jaguar Land Rover’s UK factories will remain closed until at least Wednesday as the company continues to recover from a cyberattack that struck its systems on 31 August. The carmaker shut down its IT networks in response to the breach, halting producti…
npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack
Aikido Security flagged the largest npm attack ever recorded, with 18 packages like chalk, debug, and ansi-styles hacked…
Zero-Day in Sitecore Exploited to Deploy WEEPSTEEL Malware
Hackers exploit a Sitecore zero-day (CVE-2025-53690) to deploy WEEPSTEEL Malware via ViewState attacks, enabling Remote Code Execution (RCE).
Lazarus Group Deploys Malware With ClickFix Scam in Fake Job Interviews
North Korea’s Lazarus Group uses the ClickFix scam in fake crypto job interviews to deploy malware, steal data,…
Salesloft Drift Breach Traced to GitHub Compromise and Stolen OAuth Tokens
Salesloft Drift breach traced to GitHub compromise and stolen OAuth tokens, Mandiant confirms breach contained and Salesforce data targeted.