RondoDox XWiki exploit Drives New Wave of Botnet Attacks
A RondoDox XWiki exploit fuels a new surge in botnet activity as threat actors target unpatched servers exposed to the internet. Security researchers observed fresh exploitation waves throughout November, and the campaign highlights how delayed patching creates real opportunities for attackers. The flaw at the center of the incident affects the SolrSearch endpoint in older XWiki versions and enables remote
Malware Takedown Dismantles Major Malware Operations
Malware takedown efforts intensified this week as international law-enforcement agencies dismantled the infrastructure behind Rhadamanthys, VenomRAT, and Elysium. Authorities targeted large networks that controlled infected systems, harvested credentials, and enabled widespread cybercrime activity. Investigators coordinated across several countries and removed key servers, domains, and operational assets. This action delivers a significant blow to three prolific malware ecosystems. Scale of the
Are AI Browsers a Welcome Innovation or a Security Threat?
The next generation of web browsers doesn’t just open pages, it thinks, reads, and acts. AI browsers are emerging as intelligent companions designed to simplify online tasks, summarise information, and automate repetitive work. For many users, they represent the future of web navigation: effortless, conversational, and deeply personalised. But beneath this polished innovation lies an uncomfortable question. When the browser
GhostBat Android RAT Masquerades as RTO App to Steal Data
The Android malware landscape continues to evolve, and GhostBat stands out as one of the most dangerous new threats. This Android RAT pretends to be a legitimate RTO (Regional Transport Office) app to lure unsuspecting users. Once installed, it exploits permissions and accessibility tools to steal financial data, intercept messages, and gain remote control over devices. Attack Vector and Distribution
SideWinder Hackers Target Victims with Fake Outlook Portals
The SideWinder hacker group has launched a sophisticated phishing campaign that uses fake Outlook and Zimbra portals. Security researchers report that the group is targeting government and military personnel in several South Asian countries. By imitating legitimate platforms, SideWinder aims to harvest login credentials for espionage and intelligence gathering. Tactics and Techniques SideWinder operates by hosting counterfeit portals on free
Interpol Operation Serengeti Targets Cybercrime Across Africa
Interpol Operation Serengeti has reshaped the fight against cybercrime in Africa. The international crackdown, carried out between June and August 2025, united law enforcement agencies from 18 African nations with support from the United Kingdom. The campaign led to the arrest of more than a thousand suspects, the recovery of tens of millions in stolen funds, and the dismantling of
Qilin Ransomware: Europol Confirms Fake $50K Reward
Qilin Ransomware has been linked to devastating attacks worldwide, but its latest headline came from a false claim. A Telegram channel announced a $50,000 Europol reward for details on Qilin leaders. The message quickly spread across security circles before Europol confirmed it was a scam. The agency clarified it never offered such a bounty and does not use Telegram for
PBS Data Breach Exposes Employee Data on Discord Servers
The PBS data breach raises alarms. The personal information of nearly 4,000 employees was leaked on Discord servers frequented by fans of PBS Kids. The incident appears to stem from a breach of the organization's internal platform, MyPBS.org, and is now under investigation. What Was Leaked? The exposed file, shared publicly on Discord, contained sensitive information of 3,997 employees and
Koske Linux Malware Hides in Panda Images to Evade Detection
A new Linux malware named Koske is using panda-themed image files to hide its malicious payloads. The threat actors behind it are leveraging polyglot files, legitimate JPEGs with hidden executable code. This stealthy malware targets poorly secured JupyterLab servers to gain access and then installs rootkits and cryptocurrency miners. Security researchers at Aqua Security discovered the campaign and say Koske
BulletVPN Shutdown: An Abrupt End to a Trusted VPN
The BulletVPN shutdown has caught users by surprise. Without prior notice, the Estonian-based VPN provider terminated all operations, citing shifts in market demand and evolving technology as core reasons. After more than eight years in the VPN space, BulletVPN has now gone dark, leaving thousands of users scrambling for alternatives. But the most frustrating detail? Even lifetime subscribers were cut
