🚨 Hackers found a new way to phish — through browser notifications. A new tool called Matrix Push C2 lets attackers send fake alerts that look like real ones from PayPal, Netflix, or TikTok. No downloads. No malware file. Just one click — and your data’s theirs. Learn more ↓

🚨 China’s hacker group APT31 broke into Russia’s IT companies — and stayed hidden for almost two years. They used Yandex Cloud, OneDrive, and even social media to steal data without raising alarms. Some attacks ran on holidays when no one was watching. Details ↓

🚨 Hackers Leveraging WhatsApp to Silently Install Malware to Steal Logs and Contact Details Source: cybersecuritynews.com/hackers-levera… A new malware campaign targeting Brazilian users has emerged, using WhatsApp as its primary distribution channel to spread banking trojans and harvest

🚨 WARNING: Over 80,000 files with passwords and keys from governments, banks, and tech firms were found online — all pasted into public code tools like JSONFormatter and CodeBeautify. Hackers are already scraping and using the data. And yes — it’s still live. Details here →

‼️ Secret Chinese documents have been leaked, revealing their internal cyberwarfare training program. The documents show a focus on products from Cisco, Fortinet, WatchGuard, and Juniper as primary operational targets. China has built digital cyber ranges that allow operatives

⚠️ CISA Warns of Hackers Leveraging Commercial Spyware to Target Users of Signal & WhatsApp Source: cybersecuritynews.com/cisa-warns-of-… CISA warns of multiple cyber threat actors actively deploying this sophisticated malware to compromise users’ smartphones, using methods designed to

‼️ A very important announcement from the GrapheneOS devs: GrapheneOS is being heavily targeted by the French state because we provide highly secure devices and won't include backdoors for law enforcement access. They're conflating us with companies selling closed source

🚨 PoC Exploit Released For Outlook 0-Click Remote Code Execution Vulnerability Source: cybersecuritynews.com/outlook-remote… A Proof-of-Concept (PoC) exploit code has been released for a critical remote code execution (RCE) vulnerability in Microsoft Outlook, identified as CVE-2024-21413.

Ab 30. Dezember 2025Erstes Land der Welt schafft Briefzustellung ab t-online.de/leben/aktuelle…

Mysteriöse Panne in RusslandPorsche-Autos bleiben wie "Ziegelsteine" liegen In Russland verzweifeln Hunderte Porsche-Besitzer: Ihre Autos springen plötzlich nicht mehr an. Werden sie gezielt per Satellit blockiert? t-online.de/nachrichten/pa…

💻 ⚠️ Hackers are hiding inside Google Drive. Researchers found a Windows backdoor called NANOREMOTE that uses the Google Drive API to steal files and run commands. It even pretends to be Bitdefender software so it looks safe. Experts say it’s linked to a Chinese hacking group

🚨 0-Day Alert: Full-chain exploit for Apple Safari/WebKit in the wild (just patched) CVE-2025-43529: UaF in JSC Escape Analysis (RCE) CVE-2025-14174: Buffer Overflow in ANGLE (Sandbox Escape) ⚠️The sandbox escape bug is same as reported in Chrome last week

🚨 WARNING: A “Featured” Chrome extension was silently copying everything users typed into ChatGPT and other AI tools. Prompts. Responses. Sent off-device by default after an auto-update. It even warned users about sharing sensitive info, while exporting the full chats itself.

Updaten: Warnung vor Angriffen auf Apple-Lücken und Gladinet | Security heise.de/news/Updaten-W…

WhatsApp und Signal: Privatsphäre angreifbar, Tracker-Software verfügbar Die WhatsApp- und Signal-Messenger verraten Informationen über Nutzer durch Bestätigungs-Laufzeiten. Eine Einstellung hilft. heise.de/news/WhatsApp-…

Pornhub-Premium-Nutzer: Cyberbande ShinyHunters droht mit Veröffentlichung Cyberkriminelle haben Daten von Pornhub-Premium-Nutzern gestohlen. Nun droht die Ransomware-Gang ShinyHunters mit Veröffentlichung. heise.de/news/Pornhub-P…

🛑 WARNING: CVE-2025-20393 is rated 10.0, with no patch available. Cisco confirmed active exploitation of an AsyncOS zero-day by a China-linked APT. The flaw allows root-level command execution on affected email security appliances and enables attackers to establish

🚨 Hackers Using PuTTY for Both Lateral Movement and Data Exfiltration Source: cybersecuritynews.com/putty-lateral-… Hackers are increasingly abusing the popular PuTTY SSH client for stealthy lateral movement and data exfiltration in compromised networks, leaving subtle forensic traces that

Fortinet confirms active exploitation of a FortiOS SSL VPN flaw that bypasses 2FA. CVE-2020-12812 lets attackers log in by changing the case of a username when LDAP is misconfigured. The bug can allow admin or VPN access without second-factor checks. 🔗 Read →

🛑 European hotels are facing a phishing campaign abusing Booking-com cancellation emails. Victims hit a fake site, see a fake blue screen, and are told to run a PowerShell “fix.” That installs DCRat via MSBuild.exe, sets Defender exclusions, and persists on the system. 🔗