Security Boulevard

Recent Cyber Attacks and Threat Actor Activity: A Deep Dive into the Evolving Threat Landscape

Executive Overview Over the past week, global threat activity has highlighted a critical reality: modern cyber attacks are faster, more coordinated, and increasingly industrialized. From mass ...
The Hacker News

GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads

GhostPoster malware hid inside 17 Firefox add-ons, abusing logo files to hijack links, inject tracking code, and run ad fraud ...
Cybernews

Code that works can also be malware: this WhatsApp API is stealing messages

A malicious npm WhatsApp library with 56,000 downloads secretly stole messages, credentials, and contacts in a sophisticated ...

Shai Hulud malware turns developers into unwitting distributors in NPM supply chain attacks

Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...

'GhostPoster' malware is designed to hijack your Firefox browser — how to stay safe

A newly discovered malware infected multiple Firefox browser add-ons with more than 50,000 downloads combined.
Cybernews

Vincent AI phishing vulnerability found, 200K+ law firms at risk of credential and data theft

VLex's Vincent AI assistant, used by thousands of law firms worldwide, is vulnerable to AI phishing attacks that can steal ...
The Hacker News

Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads

PyStoreRAT spreads via fake GitHub tools using small Python or JavaScript loaders to fetch HTA files and install a modular ...

Apple Confirms Attacks—All iPhone Users Must Update Now

“Users should urgently update all their impacted Apple devices,” James Maude from BeyondTrust warns. “Even though this only ...
hodlfm

Hackers Exploit React Flaw to Quietly Drain Crypto Wallets

The issue, tracked as CVE-2025-55182, was disclosed on December 3 by the React team after being identified by white-hat ...

North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks

A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence mechanisms and leverages Ethereum smart contracts for communication with the ...