SecurityWeek

Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience

Aeternum C2, a native C++ botnet loader, operates on smart contracts on the Polygon blockchain, increasing its resilience.
Infosecurity Magazine

Aeternum Botnet Shifts Command Control to Polygon Blockchain

A newly identified botnet loader is shifting command-and-control (C2) operations onto the Polygon blockchain, eliminating the ...

The OpenClaw Hype: Analysis of Chatter from Open-Source Deep and Dark Web

OpenClaw has sparked heavy Telegram and dark web chatter, but Flare's data shows more research hype than mass exploitation. Flare explains how its telemetry found real supply-chain risk in the skills ...
The Hacker News

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Researchers uncover wormable XMRig campaign using BYOVD exploit and LLM-built React2Shell attacks hitting 90+ hosts.
Dark Reading

Attackers Use New Tool to Scan for React2Shell Exposure

Researchers say threat actors used the sophisticated — and unfortunately named — toolkit to target high-value networks for ...
XDA Developers on MSN

Your router is about to stop getting security updates, and most people won't notice

If this sounds like you it's time to think about an upgrade ...

A worrying Dell zero-day flaw has reportedly gone unpatched for nearly two years - and Chinese hackers are taking advantage

To make matters worse, security researchers from Google and Mandiant have warned Dell of “limited active exploitation” of the ...

The Rise of Credential Stuffing Attacks

Credential stuffing attacks use stolen passwords to log in at scale. Learn how they work, why they’re rising, and how to ...

Password managers’ promise that they can’t see your vaults isn’t always true

All eight of the top password managers have adopted the term “zero knowledge” to describe the complex encryption system they use to protect the data vaults that users store on their servers. The ...
The Hacker News

Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware

Outlook add-in phishing, Chrome and Apple zero-days, BeyondTrust RCE, cloud botnets, AI-driven threats, ransomware activity, and critical CVEs.
CSO Online

Exploit available for new Chrome zero-day vulnerability, says Google

Threat actors now have the ability to exploit a new zero-day vulnerability in the Chrome browser, Google has advised IT ...

Who remembers IRC? Clearly some hackers, as a new Linux botnet uses some incredibly old-school methods to cut costs

Hackers resurrect 90s IRC tricks with SSHStalker, using old exploits to quietly compromise thousands of Linux servers globally ...