Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on Windows systems. "SilentSync is capable of remote command execution, file exfiltration, and screen capturing," Zscaler ThreatLabz's Manisha Ramcharan Prajapati and Satyam Singh said. "SilentSync also extracts

The Hacker News
Open in Source
#web#mac#windows#google#linux#git#chrome#firefox#The Hacker News
Update your Chrome today: Google patches 4 vulnerabilities including one zero-day

Google has issued a Chrome update to fix four high priority flaws including one zero-day, zero-click vulnerability.

CVE-2025-59216: Windows Graphics Component Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

CVE-2025-59220: Windows Bluetooth Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions

Google on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been exploited in the wild. The zero-day vulnerability in question is CVE-2025-10585, which has been described as a type confusion issue in the V8 JavaScript and WebAssembly engine. Type confusion vulnerabilities can have severe consequences as they can be

TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks

The threat actor known as TA558 has been attributed to a fresh set of attacks delivering various remote access trojans (RATs) like Venom RAT to breach hotels in Brazil and Spanish-speaking markets. Russian cybersecurity vendor Kaspersky is tracking the activity, observed in summer 2025, to a cluster it tracks as RevengeHotels. "The threat actors continue to employ phishing emails with invoice

Chinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy Experts

A China-aligned threat actor known as TA415 has been attributed to spear-phishing campaigns targeting the U.S. government, think tanks, and academic organizations utilizing U.S.-China economic-themed lures. "In this activity, the group masqueraded as the current Chair of the Select Committee on Strategic Competition between the United States and the Chinese Communist Party (CCP), as well as the

RaccoonO365 Phishing Network Dismantled as Microsoft, Cloudflare Take Down 338 Domains

Microsoft's Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that was behind a phishing-as-a-service (Phaas) toolkit used to steal more than 5,000 Microsoft 365 credentials from 94 countries since July 2024. "Using a court order granted by the Southern District of New York, the DCU seized 338