The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a remote access trojan called Gh0st RAT. The campaign, which is primarily aimed at Chinese-speaking users, employs trojanized NSIS installers masquerading as legitimate like Google ChromeRead More »Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT

Google has disclosed that the company’s continued adoption of the Rust programming language in Android has resulted in the number of memory safety vulnerabilities falling below 20% of total vulnerabilities for the first time. “We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerabilityRead More »Rust Adoption Drives Android Memory Safety Bugs Below 20% for First Time

Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some Windows 10 users from taking advantage of an extra year ofRead More »Microsoft Patch Tuesday, November 2025 Edition

The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code execution. The vulnerability in question is CVE-2025-24893 (CVSS score: 9.8), an eval injection bug that could allow any guest user to perform arbitrary remoteRead More »RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet

The U.S. Department of Justice (DoJ) on Friday announced that five individuals have pleaded guilty to assisting North Korea’s illicit revenue generation schemes by enabling information technology (IT) worker fraud in violation of international sanctions. The five individuals are listed below – Audricus Phagnasay, 24 Jason Salazar, 30 Alexander PaulRead More »Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies

The North Korean threat actors behind the Contagious Interview campaign have once again tweaked their tactics by using JSON storage services to stage malicious payloads. “The threat actors have recently resorted to utilizing JSON storage services like JSON Keeper, JSONsilo, and npoint.io to host and deliver malware from trojanized codeRead More »North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels