The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a warning about malicious actors that are actively using remote access trojans (RATs) and commercial spyware to target users of mobile messaging apps. “These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app, facilitating […]
Based on evidence of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a significant security vulnerability affecting WatchGuard Fireware to its Known Exploited Vulnerabilities (KEV) list. The vulnerability in question is CVE-2025-9242 (CVSS score: 9.3), an out-of-bounds write vulnerability that affects Fireware OS versions 11.10.2 through 11.12.4_Update1, 12.0 through 12.11.3, and 2025.1. […]
Ten malicious npm packages that are intended to transmit an information stealer targeting Windows, Linux, and macOS systems have been found by cybersecurity researchers. “The malware uses four layers of obfuscation to hide its payload, displays a fake CAPTCHA to appear legitimate, fingerprints victims by IP address, and downloads a 24MB PyInstaller-packaged information stealer that […]
