Researchers at Trellix have discovered an unusual attack pattern on Linux, in which the key element is not an attachment with malicious content, but the name of the file within the archive itself. The campaign begins with a mass email campaign designed as an invitation to participate in a cosmetics survey, promising a cash bonus. The peculiarity of this attack is that the malicious code is embedded directly in the file name, not in its content. When attempting to process such a name with unsafe scripts, commands are injected. The trick works thanks to a vulnerability in using shell constructs like eval

A former employee has been convicted of intentionally committing digital sabotage against his employer. Davis Lu, 55, a Chinese citizen living in Houston, was sentenced to four years in prison and three years of supervised release after being convicted of intentionally damaging protected computers, causing months of downtime and hundreds of thousands of dollars in losses, the Justice Department said. According to the case file, Lu worked as a programmer at an Ohio company from 2007 to 2019. After an internal reorganization, his responsibilities and access to systems were reduced, which represented a turning point. In August 2019, he introduced malicious fragments

Koi Security experts warn that the behavior of the popular Chrome extension FreeVPN.One has recently changed. It has begun secretly capturing screenshots of users’ activity and transmitting them to a remote server. “The FreeVPN.One case illustrates how a privacy-protecting product can turn into a trap,” the researchers wrote. “The extension’s developers are verified, and the extension has even been recommended by the Chrome Web Store. And while Chrome claims to check the security of new extension versions through automatic scanning, manual reviews, and monitoring for malicious code and behavioral changes, in reality, none of these measures have helped. This case demonstrates that,

The U.S. Department of Justice has indicted the alleged developer and administrator of the RapperBot DDoS botnet, which was leased to cybercriminals. The botnet itself was seized by law enforcement in early August as part of Operation PowerOff. RapperBot (also known as Eleven Eleven and CowBot) was first discovered by Fortinet analysts in August 2021. At the time, it was reported that the Mirai-based botnet had been active since May 2021 and had infected tens of thousands of digital video recorders (DVRs) and routers. The power of DDoS attacks carried out with the Its support ranged from 2 to 6 Tbit/s. Additionally,

For Google employees, “staying ahead of the curve” means not just developing AI, but also being able to use it every day. In recent months, the company has seen growing pressure for employees to use AI tools in their daily tasks to improve productivity. As Google and other tech giants like Microsoft push the boundaries of what’s possible and research new AI-based products, they want their employees to be at the forefront, too. In June, for example, Vice President of Engineering Megan Kacholia sent a letter to developers encouraging them to use AI tools to improve their code. He also said that

Advanced Security Solutions, based in the United Arab Emirates, was founded this month and is offering up to $20 million for zero-day vulnerabilities and exploits that would allow anyone to hack a smartphone via SMS. This is one of the highest figures for any 0day broker, at least among those that disclose it publicly. Advanced Security Solutions. A new player in the zero-day broker scene In addition to $20 million for exploits of any mobile operating system, the company is also offering large rewards for zero-day vulnerabilities in other software: It is unclear who is behind the company and who its customers

Security experts are increasingly talking about “Q-Day,” the moment when quantum computers will be able to handle modern encryption algorithms. Predictions from major players, from IBM and Google to Gartner analysts, boil down to an alarming date: the finish line could arrive as early as 2029. The paradox is that there will be no dramatic warning signals. Servers will continue to respond to requests, browsers will open familiar pages, and enterprise systems will remain operational. Only the invisible part of the picture will change: Attackers who have been “collecting” encrypted data for years will wait for the moment when it can be

A critical flaw found in OpenAI’s latest model, ChatGPT-5, allows attackers to bypass advanced security features through the use of simple expressions. This bug, dubbed “PROMISQROUTE” by researchers at Adversa AI, exploits the cost-saving architecture that major AI vendors use to manage the enormous computational overhead of their services. A subtle aspect of the industry is at the root of the vulnerability, largely unknown to users. In reality, when a user submits a request to a service like ChatGPT, it isn’t necessarily handled by the most sophisticated model available. Rather, a secretly operating “routing” system examines the request and assigns it to

Researchers from the Great Firewall Report team noticed that on the night of August 20, China’s Great Firewall experienced a technical issue or was undergoing some type of testing. All traffic on TCP port 443 was blocked for 74 minutes, isolating China from nearly the entire global Internet. “From approximately 00:34 to 01:48 (Beijing Time, UTC+8) on August 20, 2025, the Great Firewall of China exhibited anomalous behavior, unconditionally injecting fake TCP RST+ACK packets to terminate all connections on TCP port 443 (both to and from China),” the researchers wrote. This prevented Chinese users from accessing most websites hosted overseas. The incident

A recent post on an underground forum has attracted the attention of cybersecurity experts. A user claimed to have sold administrative access to Roche, a pharmaceutical giant with over 100,000 employees and revenues of approximately $69.7 billion. The message, accompanied by the company logo and links to public information sites, was presented as a sort of “trophy” shared within the criminal community. It’s likely the intent was to gain credibility with other users and attract potential buyers interested in high-value access. Disclaimer: This report includes screenshots and/or text from publicly available sources. The information provided is for threat intelligence and cybersecurity risk