Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

by admin | Nov 19, 2025 | Uncategorized

A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday. The vulnerability in question is CVE-2025-11001 (CVSS score: 7.0), which allows remote...

Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices

by admin | Nov 19, 2025 | Uncategorized

Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named Eternidade Stealer as part of attacks targeting users in Brazil. “It...

WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide

by admin | Nov 19, 2025 | Uncategorized

A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into a massive network. The router hijacking activity has been codenamed Operation WrtHug...

Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software

by admin | Nov 19, 2025 | Uncategorized

The challenge facing security leaders is monumental: Securing environments where failure is not an option. Reliance on traditional security postures, such as Endpoint Detection and Response (EDR) to chase threats after they have already entered the network, is...

EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates

by admin | Nov 19, 2025 | Uncategorized

The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle (AitM) attacks. EdgeStepper “redirects all DNS queries to an external, malicious...