In late 2025 and early 2026, cybersecurity researchers observed a significant shift in how sophisticated threat actors establish initial access and maintain resilient command infrastructure. At the center of this evolution is a malware strain, known as Tsundere Bot, which has rapidly emerged as a mo
In recent months, cybersecurity researchers have documented a marked escalation in the sophistication and ambition of cyberattacks linked to North Korean state–aligned threat actors. This includes those attributed to the Konni cluster and its close ties with APT37. These campaigns highlight a widen
In early 2026, security researchers discovered a set of dangerous, wide-reaching vulnerabilities in a widely used open-source AI development framework called Chainlit. These vulnerabilities, collectively dubbed ChainLeak, threatened to expose sensitive data and even allow attackers to breach cloud e
In early January 2026, cybersecurity researchers revealed a serious vulnerability in Microsoft Copilot Personal. This consumer-focused AI assistant is integrated into Windows, the Edge browser, and other applications. The vulnerability, called Reprompt, let attackers bypass built-in safety protectio
In 2025, the Russian state-sponsored cyber threat actor commonly known as Fancy Bear resurfaced with a refined credential-stealing campaign that demonstrated how simplicity, when paired with precision, can outperform technical complexity. Security researchers at Recorded Future, tracking the a
In late 2025, cybersecurity researchers began sounding alarm bells over a new threat in the cybercrime landscape named the Kimwolf botnet, an Android-based malware network that has swiftly ballooned into one of the largest active botnets observed over the last few months. Often described as an Andr
In late 2025 and early 2026, Trust Wallet confirmed that its Chrome browser extension played a central role in a devastating series of supply chain attacks. Trust Wallet is one of the world's most widely used noncustodial cryptocurrency wallets. These attacks were tied to Shai-Hulud, a sophisticated
In December 2025, cybersecurity researchers observed a significant increase in the RansomHouse ransomware-as-a-service (RaaS) toolset. This signals a concerning trend in adversary capabilities. RansomHouse operators enhanced their encryption engine with a new variant called "Mario." It replaced an
A new account takeover method called GhostPairing is now targeting WhatsApp. This exploitation doesn't use stolen passwords, SIM swapping, or zero-day vulnerabilities; instead, it manipulates WhatsApp's device linking feature through advanced social engineering, covertly granting attackers persisten
In early December 2025, the cybersecurity community was rocked by the public disclosure of a critical, easily exploitable vulnerability in React Server Components (RSC). RSC is the backbone of many modern web applications. Assigned CVE-2025-55182, and quickly nicknamed React2Shell, this vulnerabilit