News

WhatsApp compromise leads to Astaroth deployment

Bys s November 20, 2025

Another campaign targeting WhatsApp users in Brazil spreads like a worm and employs multiple payloads for credential theft, session hijacking, and persistence

News

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
Bys s May 11, 2026

Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. “If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously,” the cybersecurity company said in a statement over the…

Read More TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
News

WhatsApp Malware ‘Maverick’ Hijacks Browser Sessions to Target Brazil’s Biggest Banks
Bys s November 11, 2025

Threat hunters have uncovered similarities between a banking malware called Coyote and a newly disclosed malicious program dubbed Maverick that has been propagated via WhatsApp. According to a report from CyberProof, both malware strains are written in .NET, target Brazilian users and banks, and feature identical functionality to decrypt, targeting banking URLs and monitor banking…

Read More WhatsApp Malware ‘Maverick’ Hijacks Browser Sessions to Target Brazil’s Biggest Banks
News

Hacker Conversations: David Kennedy – an Atypical Typical Hacker
Bys s February 6, 2025

David Kennedy is a hacker. There is no doubt about that. He has qualities common among hackers, but also many differences. The post Hacker Conversations: David Kennedy – an Atypical Typical Hacker appeared first on SecurityWeek.

Read More Hacker Conversations: David Kennedy – an Atypical Typical Hacker
News

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
Bys s May 30, 2026

Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authentication bypass that could be exploited by bad actors to set up VPN connections. “Authentication bypass vulnerabilities…

Read More PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
News

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket
Bys s February 28, 2026

OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control. “Our vulnerability lives in the core system itself – no plugins, no marketplace, no user-installed extensions – just the bare OpenClaw gateway, running exactly…

Read More ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket
News

How often do threat actors default on promises to delete data?
Bys s April 5, 2026

We have probably all read recommendations that cyberattack victims should not pay ransom demands because it encourages more crime, and because criminals can’t be trusted to delete data they promise to delete. But what evidence have we seen supporting a claim that criminals default on data deletion? Law enforcement made a point of reporting that……

Read More How often do threat actors default on promises to delete data?

Similar Posts