Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake updates & web injections.
Get the latest international news and world events from around the world.
WinRAR path traversal flaw still exploited by numerous hackers
Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025–8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious payloads.
The security issue is a path traversal flaw that leverages Alternate Data Streams (ADS) to write malicious files to arbitrary locations. Attackers have exploited this in the past to plant malware in the Windows Startup folder, for persistence across reboots.
Researchers at cybersecurity company ESET discovered the vulnerability and reported in early August 2025 that the Russia-aligned group RomCom had been exploiting it in zero-day attacks.
Nike investigates data breach after extortion gang leaks files
Nike is investigating what it described as a “potential cyber security incident” after the World Leaks ransomware gang leaked 1.4 TB of files allegedly stolen from the sportswear giant.
“We always take consumer privacy and data security very seriously,” the company told BleepingComputer in an email statement. “We are investigating a potential cyber security incident and are actively assessing the situation.”
This comes after the extortion group added Nike to its dark web data-leak site, claiming it stole nearly 190,000 files containing corporate data providing information on Nike’s business operations.
NTCOF — June 20, 2021 — Boltzman Brains
If you would like to join us for a live online service, go to the NTCOF web site at https://www.churchoffreethought.org/ and sign up for the newsletter at the bottom of any page.