Russian Hackers Leverage CVE-2025-26633 and MSC EvilTwin to Deploy SilentPrism and DarkWisp Malware

 


Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp

A suspected Russian hacking group known as Water Gamayun, also referred to as EncryptHub and LARVA-208, has been identified as the threat actor behind the zero-day exploitation of CVE-2025-26633 in Microsoft Windows. This vulnerability, also dubbed "MSC EvilTwin," enables attackers to deploy two new backdoors: SilentPrism and DarkWisp.

Critical Ingress NGINX Controller Vulnerability Exposes Kubernetes to Unauthenticated RCE

 



Critical Ingress NGINX Controller Vulnerabilities Expose Kubernetes Clusters to Remote Code Execution

A set of five critical security vulnerabilities have been disclosed in the Ingress NGINX Controller for Kubernetes, potentially allowing unauthenticated remote code execution (RCE). This flaw puts over 6,500 clusters at immediate risk, particularly those with the component exposed to the public internet.

WhatsApp Zero-Day Exploited: Paragon Spyware Targets Users

 


Citizen Lab Uncovers WhatsApp Zero-Day Exploited by Paragon’s Graphite Spyware

A recent investigation by The Citizen Lab at the University of Toronto has exposed the exploitation of a zero-day vulnerability in Meta’s WhatsApp by Graphite, a spyware developed by Israeli company Paragon Solutions. This discovery raises serious concerns about the use of commercial surveillance tools against individuals worldwide.

Vapor Apps on Google Play: 60 Million Android Users at Risk from Malicious Downloads

 



Over 300 Malicious Android Apps Installed 60 Million Times in 'Vapor' Campaign

A large-scale malware operation, dubbed "Vapor," has infiltrated Google Play, with over 300 malicious apps being downloaded 60 million times. These apps acted as adware, committed large-scale ad fraud, and attempted to steal user credentials and credit card information.

SuperBlack Ransomware Exploits Fortinet Vulnerabilities: A New Cyber Threat Emerges

 


SuperBlack Ransomware Exploits Fortinet Vulnerabilities: A New Cyber Threat Emerges

A Russian-linked threat actor, identified as Mora_001, has been actively exploiting vulnerabilities in Fortinet firewalls to deploy a new ransomware variant known as SuperBlack. Security researchers at Forescout have uncovered this sophisticated campaign, highlighting the threat actor’s ties to established ransomware gangs and their use of advanced post-exploitation techniques.

Elon Musk Blames ‘Massive Cyber-Attack’ for Widespread X Outages


 

Elon Musk Claims X Was Hit by a "Massive Cyber-Attack" Amid Service Outages

On Monday afternoon, Elon Musk alleged that X, the social media platform formerly known as Twitter, was the target of a "massive cyber-attack" that led to widespread service disruptions throughout the day. Users across the globe experienced difficulties accessing the platform, with posts failing to load and intermittent outages persisting for hours.

Broadcom Releases Critical Security Updates for Exploited VMware Zero-Days


 

Broadcom Fixes Three VMware Zero-Days Exploited in Attacks

Broadcom has issued security updates to address three actively exploited zero-day vulnerabilities in VMware products. These flaws, reported by the Microsoft Threat Intelligence Center, impact VMware ESX solutions, including VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform.

Russian Hackers Leverage CVE-2025-26633 and MSC EvilTwin to Deploy SilentPrism and DarkWisp Malware

  Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp A suspected Russian hacking group known as Wate...