This dangerous APT has expanded its skills with some new tools - here's what we know

Mustang Panda gave CoolClient new bells and whistles, including clipboard monitoring.

Hackers hijack exposed LLM endpoints in Bizarre Bazaar operation

A malicious campaign is actively targeting exposed LLM (Large Language Model) service endpoints to commercialize unauthorized ...

Initial access hackers switch to Tsundere Bot for ransomware attacks

A prolific initial access broker tracked as TA584 has been observed using the Tsundere Bot alongside XWorm remote access ...
The Hacker News

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088

Google confirms nation-state and cybercrime groups exploit a patched WinRAR flaw to gain persistence and deploy malware via ...

Secret US cyber operations shielded 2024 election from foreign trolls, but now the Trump admin has gutted protections

Weeks before the 2024 election, American military hackers carried out a secret operation to disrupt the work of Russian trolls spewing false information at US voters.
SecurityWeek

APTs, Cybercriminals Widely Exploiting WinRAR Vulnerability

CVE-2025-8088, a WinRAR vulnerability patched in July 2025, has been widely exploited by state-sponsored threat actors and cybercriminals.
MIT Technology Review

Rules fail at the prompt, succeed at the boundary

Put rules at the capability boundary: Use policy engines, identity systems, and tool permissions to determine what the agent ...

Site catering to online criminals has been seized by the FBI

RAMP—the predominantly Russian-language online bazaar that billed itself as the “only place ransomware allowed”—had its dark ...
PCMag

Hackers Still Exploiting WinRAR Flaw Even Though Fix Was Released 6 Months Ago

WinRAR doesn't have an auto-update function, meaning PCs are vulnerable until you manually update. The bug is still being widely exploited, Google security researchers warn.