ThreatFabric specialists have discovered a new banking Trojan, Sturnus . The malware is capable of intercepting messages from end-to-end encrypted messaging apps (Signal, WhatsApp, Telegram) and gaining full control over devices via VNC. Researchers report that Sturnus uses an advanced communication scheme with command and control servers: a combination of cleartext, RSA, and AES encryption. Once installed, the malware connects to the command and control server, logs in the victim, and creates two communication channels: encrypted HTTPS for commands and data exfiltration and an AES-encrypted WebSocket for real-time VNC operations. A Sturnus infection typically begins with the download of a malicious APK

An employee has pleaded guilty to hacking into his former employer’s network and causing nearly $1 million in damages after being fired. According to the indictment, 35-year-old Maxwell Schultz, who had lost access to company systems, posed as another contractor and reinfiltrated the company network. The Justice Department documents do not name the organization, which is typical in malicious cases. Local media, citing sources, reported that the organization could be Houston-based Waste Management , but the company itself did not respond to reporters’ requests. The attack occurred on May 14, 2021. Using stolen credentials, Schultz ran a PowerShell script and reset approximately

The ransomware landscape is changing. The most exposed actors—LockBit, Hunters International, and Trigona—have paid the price for overexposure, including international operations, infiltrations, deliberate leaks, and operational collapses. After years dominated by quasi-industrial models—affiliate panels, leak sites, public chats, and aggressive marketing—groups are emerging that reject the “LockBit-style” logic and are moving toward a more opaque, minimal, almost “SIGINT operator” approach. Low-profile , technical, almost “professional,” they adopt strategies of operational invisibility . The most recent case is MONOLOCK , a new ransomware group that appeared on DarkForums on October 19, 2025 with a manifesto that seems more like it was written by

A critical vulnerability, CVE-2025-9501, has been discovered in the popular WordPress plugin W3 Total Cache . This vulnerability allows the execution of arbitrary PHP commands on the server without authentication. To execute the attack, simply leave a comment containing the payload on the vulnerable resource. The issue affects all plugin versions prior to 2.8.13 and is related to the _parse_dynamic_mfunc() function, which handles dynamic function calls in cached content. According to WPScan analysts, an attacker can inject commands through this feature simply by posting a specially crafted comment on a website. Successful exploitation of the flaw gives the attacker complete control over

Shenzhen -based UBTECH Robotics has publicly demonstrated its new wave of humanoid robots, delivering several hundred of them in a single shipment. The announcement was accompanied by a video that quickly gained attention on social media. The footage, shot inside a large, all-white warehouse, captures long lines of robots engaged in synchronized movements: they remove and replace the batteries on their backs, sit together, and then advance in a line toward the transport trucks. According to the company , this is the first large-scale delivery of the second generation of its humanoid models, a step considered strategic for industrial production. The clip

Exactly 40 years ago, on November 20, 1985, Microsoft released Windows 1.0 , the first version of Windows, which attempted to transform the then-personal computer from a machine with a monotonous command line into a system with windows, icons, and mouse control . This is the groundbreaking of some of the greatest innovations of our time, conceived by the genius of Douglas Engelbart and the “oN-Line System” , the system designed in the sixties that introduced a window operating system connected to a mouse, presented in the historic “mother of all demos” of December 9, 1968. To today’s audiences, this may seem

Today is World Children’s Day, established by the UN on November 20 to commemorate two fundamental acts: the 1959 Declaration of the Rights of the Child and, thirty years later, the 1989 Convention on the Rights of the Child. An event that, every year, risks becoming a ritual gesture, a sterile reminder of the “right to the future.” Yet the present tells us that true fragility lies not in the future, but in the way children live today: in a digital ecosystem that wasn’t designed for them, fails to protect them, and exposes them to risks that no longer resemble anything we

On November 19, Huawei presented the latest developments in its HarmonyOS line for the office sector during a technical meeting with institutional partners and enterprises. The company confirmed that HarmonyOS-based PCs have achieved full supply chain autonomy and introduced two significant innovations: the launch of the HarmonyOS Enterprise Edition beta phase and the imminent arrival of the Huawei HM740 commercial laptop. The event, opened by a speech by Zhu Dongdong, president of Huawei’s tablet and PC division, highlighted the group’s desire to accelerate the adoption of the operating system in the professional sector. According to Zhu, the development work conducted in recent

Meta and Google have been forced to postpone several major undersea internet cable projects, including 2Africa and Blue-Raman , in the Red Sea corridor through which 20 percent of global internet traffic flows, due to increased security risks. This delay has forced companies to resort to more expensive alternatives and highlighted how geopolitical instability threatens the global digital infrastructure. The race to build next-generation internet infrastructure has hit a major hurdle on one of the world’s most important shipping lanes. Meta and Google have confirmed that their strategic fiber optic cable project across the Red Sea has been suspended, primarily due to

Millions of users are exposed to the risk of malware infections and system compromise due to hackers’ active exploitation of a critical remote code execution (RCE) vulnerability in the popular 7-Zip archiving software. Disclosed in October 2025, this vulnerability has a CVSS v3 score of 7.0, and shows a severity of local exploitation, but at a large scale without requiring elevated privileges. Specifically, CVE-2025-11001 is a security flaw involving the improper handling of symbolic links within ZIP archives. This allows attackers to execute arbitrary code on vulnerable systems by navigating through directories. On November 18, 2025, the UK’s NHS England Digital issued