Author: PulauWin

Internet Security

Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

December 6, 2025 add comment
A hacking campaign is targeting GlobalProtect logins and scannig SonicWall APIs since December 2, 2025. A campaign began on December 2 targeting Palo Alto GlobalProtect portals with login attempts... Read more »

ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

December 6, 2025 add comment
A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time. Five of these extensions started... Read more »

Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

December 6, 2025 add comment
Cybersecurity researchers have discovered a malicious Rust package that’s capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer machines by masquerading... Read more »
Internet Security

Maximum-severity XXE vulnerability discovered in Apache Tika

December 6, 2025 add comment
A maximum severity vulnerability in Apache Tika, tracked as CVE-2025-66516 (CVSS score of 10.0), allows XML external entity attacks. CVE-2025-66516 carries a maximum CVSS rating of 10.0 because it... Read more »
Security of TechRepublic

CrowdStrike Identifies New China-Nexus Espionage Actor

December 5, 2025 add comment
CrowdStrike’s investigation shows that WARP PANDA initially infiltrated some victim networks as early as late 2023, later expanding operations. The post CrowdStrike Identifies New China-Nexus Espionage Actor appeared first... Read more »
Security of TechRepublic

Google Rolls Out Chrome 143 Update for Billions Worldwide

December 5, 2025 add comment
Google fixes 13 security vulnerabilities in a December desktop update rolling out to Windows, macOS, and Linux users. The post Google Rolls Out Chrome 143 Update for Billions Worldwide... Read more »
The Hacker News

Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud

December 5, 2025 add comment
The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to... Read more »
Internet Security

JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability

December 5, 2025 add comment
Array Networks AG gateways have been under active exploitation since August 2025 due to a command injection flaw, JPCERT/CC warns. A command injection flaw in Array Networks AG Series... Read more »
IT Security

Cyber teams on alert as React2Shell exploitation spreads

December 5, 2025 add comment
Exploitation of an RCE flaw in a widely-used open source library is spreading quickly, with China-backed threat actors in the driving seat Read more »
Internet Security

BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions

December 5, 2025 add comment
CISA details BRICKSTORM, a China-linked backdoor used by China-linked APTs to secure long-term persistence on compromised systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed technical details... Read more »
Subscribe to our Newsletter