RondoDox botnet exploits React2Shell flaw to breach Next.js servers

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...
techtimes

New Malware Exploits Google Accounts via Third-Party Cookie Hack, Granting Unauthorized Access

Security researchers have discovered a sophisticated malware exploit that poses a significant threat to the security of Google accounts, Independent.co.uk reports. This exploit, which allows ...

WebRAT malware spread via fake vulnerability exploits on GitHub

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for ...

Fake ‘Leonardo DiCaprio’ Torrent Spreads Agent Tesla Malware

Cybercriminals are exploiting demand for pirated movies by disguising malware as a fake torrent of “One Battle After Another,” a new Leonardo DiCaprio film, tricking Windows users into infecting their ...
CSO Online

Webrat turns GitHub PoCs into a malware trap

The known RAT aimed at gamers is now targeting security professionals searching GitHub for PoCs and exploit codes.
CSOonline

Cybercriminals add new exploit for patched Java vulnerability to their arsenal

Cybercriminals were quick to integrate a newly released exploit for a Java vulnerability patched in June into a tool used to launch mass attacks against users, an independent malware researcher warned ...
techtimes

Call of Duty: Modern Warfare 2 Servers Hit with Malware as Hackers Exploit Old Bug

Activision is addressing a self-spreading worm infection in Call of Duty: Modern Warfare 2 by taking its servers down. For almost a month, several players got infected with the malware launched by ...
Infosecurity-magazine.com

New Malware Campaign Exploits 9hits in Docker Assault

Security researchers have uncovered a novel cyber-attack campaign targeting vulnerable Docker services. The attacks mark the first documented case of malware utilizing the 9hits application as a ...
Android

Malware exploits Google OAuth endpoint revealing Google account passwords

In a concerning revelation, multiple information-stealing malware families are exploiting an undocumented Google OAuth endpoint named “MultiLogin” to revive expired authentication cookies, providing ...
Computerworld

Java zero-day exploit goes mainstream, 100+ sites serve malware

Attackers using two recently-uncovered Java unpatched vulnerabilities, or “zero-days,” have quickly expanded their reach by going mainstream, security experts said today. And on Tuesday, Mozilla, ...
InfoWorld

New malware variants exploit Windows attack

Two new attacks exploit a vulnerability in Windows shortcuts -- and security experts expect many more as virus writers pick up on the Stuxnet worm The Windows attack used by a recently discovered worm ...
InfoWorld

New Flash exploit used to distribute credential-stealing malware

A new exploit that prompted Adobe to release an emergency patch for Flash Player was used in targeted attacks that distributed malware designed to steal log-in credentials for email and other online ...