React2Shell Ignites Global Exploitation Frenzy; Microsoft Patches Actively Exploited Zero-Day

Stealthy NANOREMOTE Backdoor Abuses Google Drive API for C2 Communications

A new and fully-featured Windows backdoor, dubbed NANOREMOTE, has been discovered by Elastic Security Labs. Written in C++, the malware distinguishes itself by using the Google Drive API for all command-and-control (C2) communications, allowing it to blend in...

OpenAI Unveils Strategy to Manage 'High' Risk AI Cybersecurity Threats

OpenAI has announced its strategy for managing the significant cybersecurity risks posed by its increasingly powerful AI models. The company will now treat all future models as potentially 'High' risk under its Preparedness Framework, capable of automating vul...

CISA Updates Cybersecurity Performance Goals for Critical Infrastructure

On December 11, CISA released an updated version of its voluntary Cybersecurity Performance Goals (CPGs), designed to help critical infrastructure operators bolster their defenses. The new version aligns with the latest NIST standards and places a stronger emp...

Makop Ransomware Evolves, Using GuLoader and New Exploits in Attacks on India

A new campaign by the Makop ransomware group is primarily targeting enterprises in India, with additional victims in Brazil and Germany. The attackers continue to use brute-force attacks against exposed RDP services for initial access. Once inside, they now us...

Google Patches Eighth Chrome Zero-Day of 2025 Under Active Attack

Update:The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added the actively exploited Google Chrome zero-day to its Known Exploited Vulnerabilities (KEV) catalog, assigning it CVE-2025-14174. This high-severity flaw, an out-of-bounds mem...