Aggregator

A newly disclosed Russian-linked remote access toolkit called “CTRL” is being used to hijack Remote Desktop Protocol sessions and steal credentials from Windows systems. According to Censys ARC, the malware is a custom .NET framework that combines phishing, keylogging, reverse tunneling, and persistence into one attack chain. Censys ARC said the toolkit was discovered during […]

The post Russian Hackers Using Remote Access Toolkit “CTRL” for  RDP Hijacking appeared first on Cyber Security News.

Google has released an emergency security update for its Chrome browser, patching a zero-day vulnerability that is already being actively exploited in the wild. The Stable channel has been updated to version 146.0.7680.177/178 for Windows and Mac, and 146.0.7680.177 for Linux, with the rollout expected to reach all users over the coming days and weeks. […]

The post New Chrome Zero-Day Vulnerability Actively Exploited in Attacks — Patch Now appeared first on Cyber Security News.

Submit #778613 / VDB-354651

There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No." No to ChatGPT. No to DeepSeek. No to the file-sharing tool the product team swears by. For years, this looked like security. But in 2026, "Doctor No" is no longer just a management headache &

Submit #780538 / VDB-354650

New research from Seqrite explains the ‘dual-use dilemma,’ where ransomware attackers repurpose legitimate IT tools like IOBit Unlocker…

长城杯半决赛三道 Web 赛题审计笔记——从 redis SSRF、ZipSlip 到 glibc iconv 溢出

Submit #780561 / VDB-354649

Submit #780560 / VDB-354648

Submit #780559 / VDB-354647

Submit #780558 / VDB-354646

Submit #780462 / VDB-354645

A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot. The activity has been attributed to a Brazilian cybercrime threat actor tracked as Augmented Marauder and Water Saci. The e-crime group was first documented by Trend Micro in

Beginning April 6, 2026, HSBC India will require its internet banking customers to enter their passwords in uppercase letters only. The mandate, communicated via official customer emails, has sparked widespread concern among technical experts regarding the bank’s credential storage practices and overall security posture. The Uppercase Migration According to the bank’s recent communications, customers must […]

The post HSBC India Asks Customers to use All-Uppercase Passwords appeared first on Cyber Security News.

Рассказываем, как рекламные компании торгуют данными о наших перемещениях.

A sophisticated backdoor called EtherRAT is actively targeting organizations across multiple sectors by hiding its command infrastructure inside the Ethereum blockchain — a move that makes it uniquely hard to track and shut down. The malware runs on Node.js and gives attackers full remote control over compromised machines, enabling them to execute commands, steal cryptocurrency […]

The post Hackers Use EtherRAT and EtherHiding to Hide Malware Infrastructure on Ethereum appeared first on Cyber Security News.

Romanian government institutions are facing thousands of cyberattack attempts every day targeting a wide range of public institutions, Defense Minister Radu Miruta said.

Submit #780443 / VDB-354641

Submit #780442 / VDB-354641

Submit #780441 / VDB-354640