A new Android malware family, Herodotus, uses random delay injection in its input routines to mimic human behavior on mobile devices and evade timing-based detection by security software. […]
Chrome Zero-Day Exploited to Deliver Italian Memento Labs’ LeetAgent Spyware
The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky.
The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as having come under
The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as having come under
SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats
A European embassy located in the Indian capital of New Delhi, as well as multiple organizations in Sri Lanka, Pakistan, and Bangladesh, have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder in September 2025.
The activity “reveals a notable evolution in SideWinder’s TTPs, particularly the adoption of a novel PDF and ClickOnce-based infection chain, in
The activity “reveals a notable evolution in SideWinder’s TTPs, particularly the adoption of a novel PDF and ClickOnce-based infection chain, in
Google disputes false claims of massive Gmail data breach
Google was once again forced to announce that it had not suffered a data breach after numerous news outlets published sensational stories about a fake breach that purportedly exposed 183 million accounts. […]
X: Re-enroll 2FA security keys by November 10 or get locked out
X is warning that users must re-enroll their security keys or passkeys for two-factor authentication (2FA) before November 10 or they will be locked out of their accounts until they do so. […]
Ransomware profits drop as victims stop paying hackers
The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers’ demands. […]
Windows will soon prompt for memory scans after BSOD crashes
Microsoft has started testing a new feature that prompts Windows 11 users to run a memory scan when logging in after a blue screen of death (BSOD). […]
QNAP warns of critical ASP.NET flaw in its Windows backup software
QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company’s NetBak PC Agent, a Windows utility for backing& up data to a QNAP network-attached storage (NAS) device. […]
Italian spyware vendor linked to Chrome zero-day attacks
A zero-day vulnerability in Google Chrome exploited in Operation ForumTroll earlier this year delivered malware linked to Italian spyware vendor Memento Labs, born after IntheCyber Group acquired the infamous Hacking Team. […]
X Warns Users With Security Keys to Re-Enroll Before November 10 to Avoid Lockouts
Social media platform X is urging users who have enrolled for two-factor authentication (2FA) using passkeys and hardware security keys like Yubikeys to re-enroll their key to ensure continued access to the service.
To that end, users are being asked to complete the re-enrollment, either using their existing security key or enrolling a new one, by November 10, 2025.
“After November 10, if you
To that end, users are being asked to complete the re-enrollment, either using their existing security key or enrolling a new one, by November 10, 2025.
“After November 10, if you