Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other.
Here’s a quick rundown of the latest cyber stories that show how fast the game keeps changing.
-
DeFi exploit drains funds
A critical exploit targeting Yearn Finance’s yETH pool on Ethereum has been exploited by unknown threat actors, resulting in the theft of approximately $9 million from the protocol. The attack is said to have abused a flaw in how the protocol manages its internal accounting, stemming from the fact that a cache containing calculated values to save on gas fees was never cleared when the pool was completely emptied. “The attacker achieved this by minting an astronomical number of tokens – 235 septillion yETH (a 41-digit number) – while depositing only 16 wei, worth approximately $0.000000000000000045,” Check Point said. “This represents one of the most capital-efficient exploits in DeFi history.”
-
Linux malware evolves stealth
Fortinet said it discovered 151 new samples of BPFDoor and three of Symbiote exploiting extended Berkeley Packet Filters (eBPFs) to enhance stealth through IPv6 support, UDP traffic, and dynamic port hopping for covert command-and-control (C2) communication. In the case of Symbiote, the BPF instructions show the new variant only accepts IPv4 or IPv6 packets for protocols TCP, UDP, and SCTP on non-standard ports 54778, 58870, 59666, 54879, 57987, 64322, 45677, and 63227. Coming to BPFDoor, the newly identified artifacts have been found to support both IPv4 and IPv6, as well as switch to a completely different magic packet mechanism. “Malware authors are enhancing their BPF filters to increase their chances of evading detection. Symbiote uses port hopping on UDP high ports, and BPFDoor implements IPv6 support,” security researcher Axelle Apvrille said.
-
Phishing blitz blocked
Microsoft said it detected and blocked on November 26, 2025, a high-volume phishing campaign from a threat actor named Storm-0900. “The campaign used parking ticket and medical test result themes and referenced Thanksgiving to lend credibility and lower recipients’ suspicion,” it said. “The campaign consisted of tens of thousands of emails and targeted primarily users in the United States.” The URLs redirected to an attacker-controlled landing page that first required users to solve a slider CAPTCHA by clicking and dragging a slider, followed by ClickFix, which tricked users into running a malicious PowerShell script under the guise of completing a verification step. The end goal of the attacks was to deliver a modular malware known as XWorm that enables remote access, data theft, and deployment of additional payloads. “Storm-0900 is a prolific threat actor…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
