Security Boulevard

Fake Huorong security site infects users with ValleyRAT

A convincing lookalike of the popular Huorong Security antivirus has been used to deliver ValleyRAT, a sophisticated Remote Access Trojan (RAT) built on the Winos4.0 framework, to users who believed ...
Security Boulevard

Top Security Incidents of 2025: Chrome Browser 0-Day Vulnerability Exploitation

Background In March 2025, cybersecurity researchers disclosed a highly sophisticated targeted attack campaign named “Operation ForumTroll.” Orchestrated by an unidentified state-sponsored APT group, ...
The Hacker News

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Despite more than a month after ...
decrypt

CrossCurve Threatens Legal Action After $3M Cross-Chain Bridge Exploit

Add Decrypt as your preferred source to see more of our stories on Google. CrossCurve said Sunday an attacker exploited a flaw in its bridge contracts and identified 10 Ethereum addresses that ...
HotHardware

Millions At Risk As Attackers Exploit This Alarming WinRAR Security Flaw

Remember the WinRAR path handling exploit we reported on back in August? According to Google, that same flaw, officially dubbed CVE-2025-8088, is still being actively exploited, even though versions ...
Kotaku

Steam Game Devs Call Exploit Allegations ‘Clickbait Exaggeration’ And ‘Malicious ...

The developers behind a popular “open source MMO RTS sandbox game for programming enthusiasts” on Steam, named Screeps: World, have been forced to update their game “in order to protect both players” ...
SecurityWeek

Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure

Fresh attacks targeted three VMware ESXi vulnerabilities that were disclosed in March 2025 as zero-days. A Chinese threat actor built an exploit for three VMware ESXi vulnerabilities that were patched ...
Bleeping Computer

Cisco warns of Identity Service Engine flaw with exploit code

Cisco has patched a vulnerability in its Identity Services Engine (ISE) network access control solution, with public proof-of-concept exploit code, that can be abused by attackers with admin ...
https//beincrypto.com

ZachXBT Flags Ongoing Wallet Exploit With Losses Exceeding $107,000

A wallet exploit is draining small amounts from hundreds of crypto wallets. ZachXBT has flagged a suspicious address as losses exceed $107,000 and keep rising. Phishing emails and browser extension ...
DataBreachToday

Exploit Attempts Surge for React2Shell

Hacker interest is high in a days-old vulnerability in widely used web application framework React, with dozens of organizations already falling victim to it, cybersecurity experts warn. See Also: ...
thecyberexpress

Sanctioned Spyware Vendor Used iOS Zero-Day Exploit Chain Against Egyptian Targets

Google Threat Intelligence Group discovered a full iOS zero-day exploit chain deployed in the wild against targets in Egypt, revealing how sanctioned commercial surveillance vendor Intellexa continues ...