North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campaign have updated... Read more »

RondoDox botnet exploits unpatched XWiki flaw CVE-2025-24893 to gain RCE and infect more servers, despite fixes released in February 2025. RondoDox is targeting unpatched XWiki servers via critical RCE... Read more »

Five pleaded guilty to aiding North Korea ’s illicit revenue via IT worker fraud, violating international sanctions. The U.S. Department of Justice announced that five people have pleaded guilty... Read more »

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter 9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads... Read more »

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new... Read more »

China-linked actors used Anthropic’s AI to automate and run cyberattacks in a sophisticated 2025 espionage campaign using advanced agentic tools. China-linked threat actors used Anthropic’s AI to automate and... Read more »

Researchers found a critical vulnerability in GoSign Desktop: TLS Certificate Validation Disabled and Unsigned Update Mechanism. GoSign is an advanced and qualified electronic signature solution developed by Tinexta InfoCert... Read more »

ASUS fixed a critical auth-bypass flaw (CVE-2025-59367) in DSL routers that let remote, unauthenticated attackers access devices with ease. ASUS patched a critical auth-bypass flaw, tracked as CVE-2025-59367 (CVSS... Read more »

A vulnerability affecting Imunify360 lets attackers run code via malicious file uploads, risking millions of websites. A vulnerability in ImunifyAV/Imunify360 allows attackers to upload malicious files to shared servers... Read more »