Endpoint Security

Cybersecurity
PureLogs Infostealer Uses MSBuild.exe for Fileless Deployment
FortiGuard Labs documents PureLogs infostealer delivered via fake purchase order emails, using MSBuild.exe process hollowing to execute entirely in memory.
Cybersecurity
Gamaredon Hides USB Worm in NTFS Alternate Data Streams
Sekoia documents an active Gamaredon campaign using NTFS Alternate Data Streams to conceal USB worm modules targeting Ukrainian government networks.
Cybersecurity
Gamaredon Hides USB Worm in NTFS Alternate Data Streams
Sekoia documents an active Gamaredon campaign using NTFS Alternate Data Streams to conceal USB worm modules targeting Ukrainian government networks.
Cybersecurity
PureLogs Infostealer Uses MSBuild.exe for Fileless Deployment
FortiGuard Labs documents PureLogs infostealer delivered via fake purchase order emails, using MSBuild.exe process hollowing to execute entirely in memory.
Cybersecurity
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT
Pakistan-attributed SideCopy APT used Pashto-language LNK lures against Afghanistan's Finance Ministry, deploying Xeno RAT for full system access and exfil.
Application Security
Red Hat npm Packages Backdoored with Miasma Credential Worm
Attackers backdoored 32 Red Hat npm packages with the Miasma worm, stealing CI/CD secrets, cloud keys, and SSH keys across roughly 80,000 weekly downloads.
CVE Vulnerability Alerts
Google Patches Android Zero-Day CVE-2025-48595 Under Active Exploit
Google confirmed CVE-2025-48595, a no-interaction privilege escalation flaw in Android 14–16, is under active targeted attack. Patches arrive June 5.
CVE Vulnerability Alerts
CIFSwitch Linux Kernel Flaw Gets Public PoC, Root Access Possible
CIFSwitch is a 19-year-old Linux kernel privilege escalation flaw with a public PoC that enables root access on Ubuntu, RHEL, Debian, and other distributions.
Cybersecurity
LLMShare Campaign Hosts Infostealer Downloads on ChatGPT’s Own Domain
LLMShare, discovered by Push Security, abuses ChatGPT's share links on chatgpt.com to host fake outage pages that deliver infostealer malware to Windows and macOS users.
Application Security
CIFSwitch Linux Kernel Flaw Gets Public PoC, Root Access Possible
CIFSwitch is a 19-year-old Linux kernel privilege escalation flaw with a public PoC that enables root access on Ubuntu, RHEL, Debian, and other distributions.