Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild
î ‚Dec 02, 2025î „Ravie LakshmananMobile Security / Vulnerability Google on Monday released monthly security updates for the Android operating system, including…
ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware
A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3…
India Orders Phone Makers to Pre-Install Sanchar Saathi App to Tackle Telecom Fraud
î ‚Dec 01, 2025î „Ravie LakshmananSurveillance / National Security India’s telecommunications ministry has reportedly asked major mobile device manufacturers to preload a…
Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
î ‚Dec 01, 2025î „Ravie LakshmananHacking News / Cybersecurity Hackers aren’t kicking down the door anymore. They just use the same tools…
Why the New AI Browsers War is a Nightmare for Security Teams
The AI browser wars are coming to a desktop near you, and you need to start worrying about their security…
New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control
A new Android malware named Albiriox has been advertised under a malware-as-a-service (MaaS) model to offer a “full spectrum” of…
Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets
î ‚Dec 01, 2025î „Ravie LakshmananMalware / Threat Intelligence The threat actor known as Tomiris has been attributed to attacks targeting foreign…
CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV
î ‚Nov 30, 2025î „Ravie LakshmananHacktivism / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities…
North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware
î ‚Nov 28, 2025î „Ravie LakshmananSupply Chain Attack / Malware The North Korean threat actors behind the Contagious Interview campaign have continued…
Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
î ‚Nov 28, 2025î „Ravie LakshmananMalware / Vulnerability Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave…