Tag: exploit
-
Possible U.S.-developed exploits linked to first known ‘mass’ iOS attack
Researchers traced the kit moving from a spyware vendor’s customer to Russian hackers to Chinese cybercriminals. First seen on cyberscoop.com Jump to article: cyberscoop.com/coruna-ios-exploit-kit-leaked-us-framework/
-
A suite of government hacking tools targeting iPhones is now being used by cybercriminals
Security researchers say exploits used by governments to hack into Apple iPhones have been found used by cybercriminals. They warned of an emerging market for “second hand” exploits. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/03/a-suite-of-government-hacking-tools-targeting-iphones-is-now-being-used-by-cybercriminals/
-
Juniper PTX Routers at Risk, Critical Takeover Flaw Disclosed
Juniper Tells Customers to Tune Their Firewall. A critical vulnerability in Juniper Networks’ primary operating system could give threat actors root level privileges to execute code on Juniper’s PTX Series routers. Successful exploitation would give attackers full command and control over devices without the need for authentication. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/juniper-ptx-routers-at-risk-critical-takeover-flaw-disclosed-a-30904
-
Qualcomm Zero-Day Exploited in Targeted Android Attacks
The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/qualcomm-zero-day-exploited-targeted-android-attacks
-
Coruna: Spy-grade iOS exploit kit powering financial crime
A powerful iOS exploit kit has circulated among multiple threat actors over the past year, moving from a commercial surveillance operation to state-linked espionage campaigns … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/03/coruna-ios-exploit-kit/
-
NDSS 2025 Be Careful Of What You Embed: Demystifying OLE Vulnerabilities
Tags: conference, cve, data, detection, exploit, Internet, malicious, microsoft, network, office, remote-code-execution, risk, tool, vulnerability, windowsSession 14C: Vulnerability Detection Authors, Creators & Presenters: Yunpeng Tian (Huazhong University of Science and Technology), Feng Dong (Huazhong University of Science and Technology), Haoyi Liu (Huazhong University of Science and Technology), Meng Xu (University of Waterloo), Zhiniang Peng (Huazhong University of Science and Technology; Sangfor Technologies Inc.), Zesen Ye (Sangfor Technologies Inc.), Shenghui Li…
-
Israel: RedAlert Spyware Campaign Exploits Wartime Panic With Trojanized App
Espionage campaign exploits Israel-Iran conflict, distributing a trojanized Red Alert app via SMS First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/redalert-israel-spyware-campaign/
-
OAuth phishers make ‘check where the link points’ advice ineffective
Tags: authentication, automation, awareness, business, cloud, control, edr, email, encryption, endpoint, exploit, governance, identity, login, malicious, microsoft, monitoring, phishing, saas, threat, toolContext, not the URL, is the new red flag: Sakshi Grover, Senior Research Manager at IDC Asia/Pacific, said the longstanding advice to hover over a link and verify its domain was built for an era of lookalike domains and that it no longer holds in environments where authentication flows routinely pass through trusted identity providers.”Organizations…
-
Project Compass Targets 764 Network as 30 Arrested and Victims Rescued
Europol’s Project Compass targets The Com (aka 764 network), an online group exploiting minors. After 30 arrests, officials say the hunt for those involved is far from over. First seen on hackread.com Jump to article: hackread.com/project-compass-764-network-aarrest-victims-rescued/
-
Phishing campaign exploits OAuth redirection to bypass defenses
Microsoft researchers warn that threat actors abuse OAuth redirects to target government users and deliver malware. Microsoft has warned of phishing campaigns targeting government and public-sector organizations by abusing OAuth URL redirection. Instead of stealing credentials or exploiting software flaws, attackers leverage OAuth’s legitimate by-design behavior to bypass email and browser defenses. The tactic redirects…
-
Malvertising Actor ‘D-Shortiez’ Exploits WebKit Back-Button Hijack in Forced-Redirect Campaign
A new wave of malvertising activity linked to the threat group “D”‘Shortiez” has been observed exploiting a WebKit browser flaw to hijack the back button on Safari and other iOS browsers. This technique revives a classic forced”‘redirect approach that traps users on fraudulent landing pages, showing how persistent ad”‘based threat actors continue to evolve their…
-
Shannon: Autonomous AI Tool with Nmap Integration Can Uncover and Exploit Security Flaws
Keygraph has released Shannon, a fully autonomous AI-powered penetration testing tool designed to identify and actively exploit real vulnerabilities in web applications before malicious actors can. Unlike traditional scanners that generate alerts, Shannon delivers proven, reproducible exploits, closing the dangerous security gap that exists between annual pentests and continuous code deployments. How Shannon Works Shannon emulates…
-
Shannon: Autonomous AI Tool with Nmap Integration Can Uncover and Exploit Security Flaws
Keygraph has released Shannon, a fully autonomous AI-powered penetration testing tool designed to identify and actively exploit real vulnerabilities in web applications before malicious actors can. Unlike traditional scanners that generate alerts, Shannon delivers proven, reproducible exploits, closing the dangerous security gap that exists between annual pentests and continuous code deployments. How Shannon Works Shannon emulates…
-
Shannon: Autonomous AI Tool with Nmap Integration Can Uncover and Exploit Security Flaws
Keygraph has released Shannon, a fully autonomous AI-powered penetration testing tool designed to identify and actively exploit real vulnerabilities in web applications before malicious actors can. Unlike traditional scanners that generate alerts, Shannon delivers proven, reproducible exploits, closing the dangerous security gap that exists between annual pentests and continuous code deployments. How Shannon Works Shannon emulates…
-
Zerobot Malware Exploits Tenda Command Injection Vulnerabilities to Deploy Malicious Payloads
An active Zerobot campaign abusing two critical vulnerabilities CVE-2025-7544 in Tenda AC1206 routers and CVE-2025-68613 in the n8n workflow automation platform to deploy a Mirai-based payload dubbed Zerobotv9. The campaign uses common download tools and multi-architecture binaries to rapidly enroll compromised systems into a botnet that can be leveraged for denial-of-service attack and further intrusion…
-
Android devices hit by exploited Qualcomm flaw CVE-2026-21385
Google confirms that the Qualcomm Android vulnerability CVE-2026-21385 was exploited in real-world attacks. Google has confirmed that CVE-2026-21385 (CVSS score of 7.8), a high-severity vulnerability affecting an open-source Qualcomm component used in Android devices, has been actively exploited. >>There are indications that CVE-2026-21385 may be under limited, targeted exploitation.<< reads Google's advisory. The flaw is…
-
Hackers Exploit Telegram for Initial Access to Corporate VPN, RDP, and Cloud Systems
Tags: access, cloud, corporate, credentials, cyber, data-breach, exploit, hacker, marketplace, network, ransomware, vpnHackers are increasingly abusing Telegram as an initial access marketplace, turning stealer logs and leaked credentials into direct entry points for corporate VPN, RDP, and cloud environments. The platform now acts as a high-speed bridge between compromised credentials and full network compromise, supporting ransomware operators, Initial Access Brokers (IABs), and hacktivist collectives. Telegram hosts popular…
-
Epic Fury introduces new layer of enterprise risk
Tags: access, apt, attack, business, cisa, ciso, communications, country, credentials, cyber, cybersecurity, data-breach, disinformation, exploit, group, infrastructure, intelligence, international, Internet, iran, malware, middle-east, network, ransomware, resilience, risk, rust, service, software, technology, tool, ukrainePhysical attacks on US-linked locations through direct action or partner groups. We are already seeing Iranian missile launches into a variety of nations in the region.Cyber operations that include disruptive activity, targeted intrusions, credential and access harvesting, destructive malware deployment, and the use of compromised infrastructure to support broader influence or operational objectives.Proxy networks across…
-
Android’s March 2026 security patch fixes over 100 flaws, one under targeted exploitation
The Android March 2026 security patch addresses vulnerabilities across dozens of components and includes one CVE confirmed under active exploitation. Devices running a patch … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/03/android-march-2026-security-patch-cve-2026-21385/
-
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild.The vulnerability in question is CVE-2026-21385 (CVSS score: 7.8), a buffer over-read in the Graphics component.”Memory corruption when adding user-supplied data without checking available buffer space,” Qualcomm said in an advisory, First…
-
Android gets patches for Qualcomm zero-day exploited in attacks
Google has released security updates to patch 129 Android security vulnerabilities, including an actively exploited zero-day flaw in a Qualcomm display component. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-patches-android-zero-day-actively-exploited-in-attacks/
-
Hackerbot-Claw Bot Exploits GitHub Actions CI/CD Flaw to Attack Microsoft and DataDog
Tags: ai, attack, automation, cyber, exploit, flaw, github, microsoft, open-source, remote-code-executionHackerbot-claw, an autonomous AI bot, has launched a week-long campaign abusing GitHub Actions misconfigurations to hit CI/CD pipelines at Microsoft, DataDog, and other major open-source projects, achieving remote code execution (RCE) and even full repo compromise in some cases. The attacks highlight how unsafe pull_request_target workflows and shell interpolation bugs can turn routine automation into…
-
Angular i18n Flaw Lets Hackers Execute Malicious Code via Critical XSS Vulnerability
A high-severity security flaw has been discovered in Angular, one of the most popular web application frameworks. This vulnerability, tracked as CVE-2026-27970, affects the framework’s internationalization (i18n) pipeline. If exploited, it allows attackers to execute malicious code within an application, posing a significant risk to user data and application integrity. The Core of the Vulnerability…
-
Cyberattackers Exploit OpenVSX Aqua Trivy with Malicious AI Prompts to Hijack Coding Tools
Threat actors compromised the Aqua Trivy VS Code extension on OpenVSX by publishing malicious versions 1.8.12 and 1.8.13 on February 27-28, 2026. These versions injected prompts to hijack local AI coding tools for system reconnaissance and data exfiltration. Aqua Trivy is a popular open-source vulnerability scanner with a VS Code extension, hosted on OpenVSX under…
-
Android Security Update Fixes 129 Flaws and Tackles Actively Exploited Zero-Day Flaw
Google has rolled out the highly anticipated March 2026 Android Security Bulletin, delivering critical fixes for 129 security vulnerabilities across the Android ecosystem. This massive update represents one of the highest numbers of patches issued in a single month. The rollout is structured into two distinct security patch levels, 2026-03-01 and 2026-03-05, giving device manufacturers…
-
Google addresses actively exploited Qualcomm zero-day in fresh batch of 129 Android vulnerabilities
The company’s latest security update contains the highest number of Android vulnerabilities patched in a single month since April 2018. First seen on cyberscoop.com Jump to article: cyberscoop.com/android-security-update-march-2026/
-
Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch
Russia-linked APT28 reportedly exploited MSHTML zero-day CVE-2026-21513 before Microsoft patched it, a high-severity bypass flaw. Akamai reports that Russia-linked APT28 may have exploited CVE-2026-21513 CVSS score of 8.8), a high-severity MSHTML vulnerability (CVSS 8.8), before Microsoft patched it in February 2026. The vulnerability is an Internet Explorer security control bypass that can lead to code…
-
Europol Operation Targets Online Network Exploiting Minors
A Europol-led operation across 28 countries led to 30 arrests targeting “The Com,” a decentralized network accused of exploiting minors online. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/europol-operation-targets-online-network-exploiting-minors/
-
BYOVD Turns Trusted Drivers Against Windows Security
BYOVD lets attackers exploit signed but vulnerable Windows drivers to gain kernel-level access and disable security tools. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/byovd-turns-trusted-drivers-against-windows-security/