Securonix Threat Research details the complex JS#SMUGGLER campaign, a three-step web attack using obfuscated JavaScript and hidden HTA files to install the NetSupport RAT on user Windows desktops, granting hackers full remote control and persistent access.
Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a remote access trojan named NetSupport RAT.
The attack chain, analyzed by Securonix, involves three main moving parts: An obfuscated JavaScript loader injected into a website, an HTML Application (HTA) that runs encrypted
ReliaQuest warns that the cybercriminal collective βScattered Lapsus$ Huntersβ appears to be using social engineering attacks to target organizationsβ Zendesk instances.
Space Bears ransowmare claims it obtained Comcast files through a breach at Quasar Inc, with threats to publish the data and separate leaks promised from Quasar itself.
In the second installment of the βAdvent of Configuration Extractionβ series, security researchers have unwrapped QuasarRAT, a widely-deployed .NET remote access trojan (RAT), revealing sophisticated techniques for extracting its encrypted configuration from both clean and obfuscated binary samples. The analysis demonstrates a reproducible methodology using Jupyter Notebook, pythonnet, and dnSpy, providing cybersecurity professionals with practical [β¦]
NVIDIA and Lakera AI have introduced a groundbreaking unified security and safety framework designed to address the emerging challenges posed by autonomous AI agents in enterprise environments. This collaborative effort represents a significant step forward in making agentic systems AI systems capable of independent planning, tool use, and multi-step task execution safer and more secure [β¦]
Indiaβs government is considering a controversial proposal that could require smartphone manufacturers to enable satellite location tracking on all devices permanently. The plan has sparked significant backlash from major tech companies, including Apple, Google, and Samsung, who argue the measure poses serious privacy and security risks. The proposal originates in Indiaβs telecom industry, specifically the [β¦]
Adex, the anti-fraud and traffic-quality platform operating under AdTech Holding, has successfully identified and neutralized a sophisticated, multi-year malware operation linked to the infamous Triada Trojan. This campaign, which has persistently targeted the mobile advertising ecosystem, underscores the evolving dangers of supply-chain attacks in the digital ad space. According to industry data released alongside the [β¦]
Global cybercrime is accelerating toward a projected cost of 15.63 trillion dollars by 2029, up from an estimated 10.5 trillion dollars today, as criminals exploit new technologies faster than businesses can defend against them. Yet 59% of organisations say they suffered at least one successful cyber attack in the past 12 months, and one in [β¦]
A critical security vulnerability has been discovered affecting billions of WhatsApp and Signal users worldwide. Researchers found that hackers can exploit delivery receipts to secretly monitor user activity, track daily routines, and drain battery life, all without leaving any visible trace.β The attack, calledΒ βCareless Whisper,βΒ uses the delivery receipt feature that confirms when messages reach their [β¦]
A new platform known as the βkittenβ project has emerged as a coordination hub for hacktivist campaigns targeting Israel, operating at the intersection of cyber activism and state-aligned influence. While the operators publicly deny direct ties to Iran, technical evidence and infrastructure traces indicate a close relationship with an Iranian cybersecurity ecosystem and pro-Iranian hacktivist [β¦]
Itβs been a week of chaos in code and calm in headlines. A bug that broke the internetβs favorite framework, hackers chasing AI tools, fake apps stealing cash, and record-breaking cyberattacks β all within days. If you blink, youβll miss how fast the threat map is changing.
New flaws are being found, published, and exploited in hours instead of weeks. AI-powered tools meant to help developers
The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show that bot-driven fraud, credential stuffing and account takeover attempts intensify around peak shopping events, especially the weeks around Black Friday and Christmas.Β
Why holiday peaks
Hello, aspiring Cyber Forensic Investigators. In our previous blogpost, you learnt in detail about Computer Forensics. In this article, you will learn about dd forensic tool, and evidence acquisition tool which made a guest entry in the above-mentioned blogpost. Despite the rapid evolution of digital forensics tools, one command-line utility has remained a trusted backbone [β¦]
A new security analysis has unveiled βLOLPROX,β a comprehensive catalog of βLiving Off The Landβ (LOL) techniques specifically targeting Proxmox Virtual Environment (VE). The research, detailed by security researcher Andy Gill (ZephrSec), highlights how threat actors can weaponize the popular open-source hypervisorβs native tools to execute stealthy, deep-persistence attacks that bypass traditional network monitoring and [β¦]
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a high-severity vulnerability affecting Metaβs React Server Components to its Known Exploited Vulnerabilities (KEV) catalog. Assigned the identifierΒ CVE-2025-55182, the security flaw dubbed βReact2Shellβ by the security community is currently being exploited in the wild, prompting urgent calls for remediation. React2Shell is a Remote Code Execution [β¦]
Login
GBHackers
