The Kimwolf botnet compromised more than 2 million Android devices, turning them into residential proxies for DDoS attacks and traffic abuse.
Get the latest international news and world events from around the world.
Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware
Security experts have disclosed details of an active malware campaign that’s exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers.
“Attackers achieve evasion by pairing a malicious libcares-2.dll with any signed version of the legitimate ahost.exe (which they often rename) to execute their code,” Trellix said in a report shared with The Hacker News. “This DLL side-loading technique allows the malware to bypass traditional signature-based security defenses.”
The campaign has been observed distributing a wide assortment of malware, such as Agent Tesla, CryptBot, Formbook, Lumma Stealer, Vidar Stealer, Remcos RAT, Quasar RAT, DCRat, and XWorm.
Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow
Node.js has released updates to fix what it described as a critical security issue impacting “virtually every production Node.js app” that, if successfully exploited, could trigger a denial-of-service (DoS) condition.
“Node.js/V8 makes a best-effort attempt to recover from stack space exhaustion with a catchable error, which frameworks have come to rely on for service availability,” Node.js’s Matteo Collina and Joyee Cheung said in a Tuesday bulletin.
“A bug that only reproduces when async_hooks are used would break this attempt, causing Node.js to exit with 7 directly without throwing a catchable error when recursions in user code exhaust the stack space. This makes applications whose recursion depth is controlled by unsanitized input vulnerable to denial-of-service attacks.”
Microsoft updates Windows DLL that triggered security alerts
Microsoft has resolved a known issue that was causing security applications to incorrectly flag a core Windows component, the company said in a service alert posted this week.
The list of affected systems is quite extensive and includes both client (Windows 10 and Windows 11) and server (Windows Server 2012 through Windows Server 2025) platforms.
According to widespread user reports over the past several months, third-party security software flagged Windows assets, including WinSqlite3.dll, a dynamic link library (DLL) included with the Windows system libraries that implements the SQLite database engine, as vulnerable to attacks exploiting a memory corruption vulnerability (CVE-2025–6965).
Google plans to make Chrome for Android an agentic browser with Gemini
Google appears to be testing a new feature that integrates Gemini into Chrome for Android, allowing you to use agentic browser capabilities on your mobile device.
As spotted by Leo on X, Google is testing agentic capabilities and Gemini integration for Chrome on Android.
This claim is based on new references spotted on Chromium, which is the source code of Chrome.
Google’s Personal Intelligence links Gmail, Photos and Search to Gemini
Google is rolling out ‘Personal Intelligence,’ a new Gemini feature that pulls your data from Gmail, Photos, Google Search, and other products.
There are a couple of use cases for Personal Intelligence. Instead of offering generic answers, Gemini can use details from places you already store them.
This makes the whole experience more ‘personal.’