Npav Lab

CVE-2025-43400 enables out-of-bounds writes via malicious fonts, risking app crashes and memory corruption on macOS, iOS, and more—no active exploits yet, but RCE potential. Update to Sequoia 15.7.1 immediately for protection against untrusted files.

Trend Micro uncovers SORVEPOTEL, a worm-like malware exploiting WhatsApp for fast propagation on Windows systems in Brazil—phishing ZIPs lead to account bans and enterprise hits in government, tech sectors. Detect and block early to avoid spam floods.

A breach at Discord's third-party support vendor leaked personal info like names, emails, IP addresses, limited billing details, and scanned photo IDs for some users—no passwords or full cards affected. Discord is investigating and notifying victims; stay alert for phishing.

CVE-2025-56383 exposes Notepad++ v8.8.3 and earlier to DLL hijacking attacks, allowing local code execution via malicious plugins like NppExport.dll. PoC shows persistence risks—update now and monitor for infections until patched.

The 2026 FIFA World Cup's 48 teams, 104 matches across Canada, Mexico, and USA heighten cyber risks from ransomware and hacktivists, targeting tech-reliant infrastructure. Experts urge collaboration, stable CISA funding, and daily best practices to secure the event.

Check Point uncovers Iranian-aligned Nimbus Manticore's (UNC1549) spear-phishing campaign hitting defense, telecom, and aviation in Denmark, Sweden, Portugal. Fake job portals deliver MiniJunk backdoor and MiniBrowse stealer via advanced DLL side-loading—boost phishing defenses now.

Cybercriminals leverage Dynamic DNS services to evade detection and build persistent command-and-control networks, abusing 70,000+ domains with minimal oversight. APT groups like Fancy Bear and Chinese hackers use obfuscation and rotations—defenders face growing challenges in mitigation.

The DPDP Act makes employee data protection crucial for India Inc. Learn about compliance, required safeguards (encryption, MFA), and the high cost of data leaks.

A malicious update to the postmark-mcp server injects a hidden BCC to exfiltrate sensitive emails from thousands of organizations. Koi’s risk engine uncovered the attack, highlighting risks in AI-driven MCP tools. Remove version 1.0.16+ and audit MCP servers now.

Microsoft uncovers advanced XCSSET variant infecting Xcode projects for macOS devs—adds Firefox data exfiltration, crypto wallet clipboard swaps via AES-encrypted AppleScripts, and LaunchDaemon persistence. Mitigate with updates, Defender for Endpoint, and domain blocks.