ThreatsDay Bulletin covers this week’s cyber threats, from phishing and ransomware to exposed AI systems, sandbox flaws, and ...
Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
CISA added CVE-2026-45659 SharePoint Server RCE to KEV following confirmed exploitation, requiring U.S. agencies to patch by ...
Kaspersky reports ToddyCat’s Umbrij abuses headless Chromium and OAuth flows to extract Gmail authorization codes, enabling ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Arctic Wolf says Anubis affiliates abused RMM tools, VPN logins, RDP, PsExec, and cloud-transfer tools before ransomware ...
GTIG says 316 threat clusters used suspected NetNut exit nodes in one June week to hide locations and run password-guessing ...
Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
Jamf says the Rust-based PamStealer targets Apple Silicon Macs, steals browser, wallet, Keychain, and clipboard data, and persists.
Citizen Lab says Pegasus hit Kouloglou’s iPhone in 2022 and 2023 via Apple’s HomeKit zero-click exploit, patched in iOS 16.3.1.
Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...
Google links Turla to STOCKSTAY, a new .NET backdoor used in phishing attacks against Ukraine government and military targets ...