AI
TRENDING TOPICS SEPT 30, 2025 Fake AI Browser Extensions Stealing Data Through Chrome Cybercriminals are capitalizing on the growing interest in AI tools by creating malicious Chrome extensions that impersonate popular services, including ChatGPT, Claude, Perplexity, and Meta’s Llama. These extensions trick users by offering AI prompt capabilities directly
Microsoft Teams
TRENDING TOPICS SEPT 29, 2025 Hackers Exploit Weaponized Microsoft Teams Installer to Deploy Oyster Malware Researchers have found that a malvertising campaign is distributing a weaponized Microsoft Teams installer to deliver the Oyster backdoor, also known as Broomstick or CleanUpLoader. The campaign begins with SEO poisoning of Bing search results,
Cloud-based Runtime Generation MalTerminal Malware makes API calls to a remote LLM (e.g., GPT-4) to generate ransomware or remote access payloads in real time. This offloads malicious logic to the cloud, reducing what defenders can see on disk. Attack Mechanism Remote API calls to cloud-based LLMs for real-time payload
XCSSET
CVE-2025-21043 Critical Samsung libimagecodec.quram.so OUT-OF-BOUNDS WRITE REMOTE ATTACK Out-of-bounds write vulnerability in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 enables remote attackers to execute arbitrary code on affected Samsung devices without user interaction or authentication requirements. Mitigation: Apply Samsung's September 2025 security update immediately
PyPI
TRENDING TOPICS SEPT 25, 2025 Renewed Phishing Campaign Puts Python Package Maintainers at Risk A new wave of phishing attacks is circulating across the Python developer community, targeting PyPI maintainers once again. The scheme relies on domain confusion, with attackers registering look-alike websites to lure users into entering their credentials.
1 High Severity 3 Medium Severity 4 Total CVEs CVE-2025-40300 High Severity x86/vmscape Hypervisor VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit
YiBackdoor
TRENDING TOPICS SEPT 24, 2025 YiBackdoor Malware Linked to IcedID and Latrodectus as ZLoader Evolves with Advanced Evasion Researchers at Zscaler have discovered a new malware family, known as YiBackdoor, that exhibits significant code overlaps with the loaders IcedID and Latrodectus. YiBackdoor can execute arbitrary commands, collect system information, capture
EDR Freeze
TRENDING TOPICS SEPT 23, 2025 EDR-Freeze: User-Mode Technique That Freezes EDR Processes Researchers have discovered a method called EDR-Freeze that enables attackers to silently disable antivirus and endpoint detection tools without requiring the installation of a malicious driver or exploiting a major system flaw. Instead, it leverages a standard Windows
BlackLock
TRENDING TOPICS SEPT 22, 2025 BlackLock Ransomware Expands Global Operations with Cross-Platform Attacks Researchers at AhnLab Security Intelligence Center (ASEC) have profiled BlackLock, a rebranded ransomware group that emerged from the earlier El Dorado operation and has quickly become a significant global threat. Active since at least early 2024, the
ChatGPT
CVE-2025-48539 High Android Operating System USE-AFTER-FREE A use-after-free flaw in acl_arbiter.cc (SendPacketToPeer) can trigger an out-of-bounds read, enabling remote or adjacent attackers to achieve code execution without requiring user interaction or elevated privileges on Android devices. Mitigation: Update to the latest Android patch level immediately and enable runtime
PyPI
TRENDING TOPICS SEPT 18, 2025 PyPI Tokens Revoked After GhostAction Supply Chain Attack The Python Software Foundation has confirmed that all PyPI publishing tokens stolen in early September's GhostAction supply chain attack have been invalidated, with no evidence that they were used to publish malicious packages. The incident
EventFilter Defines the trigger condition using WQL queries. Monitors for system events like startup, logon, or specific process launches to ensure predictable activation. → EventConsumer Executes malicious payload when triggered. Includes CommandLineEventConsumer for process execution and ActiveScriptEventConsumer for fileless VBScript/JScript. → FilterToConsumerBinding Links filters to consumers, activating the subscription. Without this