Whats The Hax?

BL

BleepingComputer

1h ago · 15 items

CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs 1h ago A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices. ScarCruft hackers push BirdCall Android malware via game platform 1h ago The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain attack through a video game platform. Weaver E-cology critical bug exploited in attacks since March 11h ago Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. Amazon SES increasingly abused in phishing to evade detection 14h ago The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. Backdoored PyTorch Lightning package drops credential stealer 16h ago A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services. Trellix discloses data breach after source code repository hack 17h ago Cybersecurity firm Trellix disclosed a data breach after attackers gained access to They don’t hack, they borrow: How fraudsters target credit unions 20h ago Fraudsters aren't hacking credit unions, they are exploiting normal business processes. Flare reveals how structured loan fraud methods use stolen identities to pass verification and secure funds. Progress warns of critical MOVEit Automation auth bypass flaw 21h ago Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. Webinar: Why MSPs must rethink security and backup strategies 21h ago Security breaches don't just test your defenses—they test your recovery. Join Kaseya in our upcoming webinar to learn how MSPs strengthen resilience with SaaS backups and BCDR to stay operational after attacks. CISA says ‘Copy Fail’ flaw now exploited to root Linux systems 22h ago CISA has warned that threat actors have started exploiting the Microsoft confirms April Windows updates cause backup failures 23h ago Instructure confirms data breach, ShinyHunters claims attack 1d ago Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha 1d ago Telegram Mini Apps abused for crypto scams, Android malware delivery 1d ago Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks 2d ago

15 loaded Show 5 more

LN

Latest news

1h ago · 20 items

Trojan abuses Microsoft Phone Link app to steal your passwords 1h ago Cross-device syncing isn't always a safe practice. Here's everything you need to know about this threat. The best mobile antivirus software of 2026: Expert tested and reviewed 1h ago My hands-on guide to the best mobile antivirus apps covers top picks like Bitdefender, Sophos, and more for Android and iOS. What you'll pay for AI agents will be wildly variable and unpredictable 1h ago A test of leading AI agents found vastly different amounts of tokens consumed with no transparency and no guarantees of success. Forget the soundbar: How I upgraded my TV audio with spare Bluetooth speakers 9h ago You don't have to shell out hundreds (or thousands) of dollars on smart speakers for a robust home entertainment setup. Android phone slow? I changed 2 developer settings for an instant speed boost 9h ago Skip the optimizer apps. Simply enable Android Developer Options to unlock these performance-enhancing features. It's much easier than you think. This wearable gadget effectively soothes my migraines and headaches, and it's under $50 13h ago The Renpho Eyeris 2 Massager helps alleviate my headaches and tired eyes, and I can stream music with it too. This e-reader lets you view in color, and it's $60 cheaper now 13h ago The Kindle Colorsoft brings a smooth color display to your favorite books, and it's dropped in price again. Verizon will give you a free Samsung Galaxy S26, watch, and tablet right now - how to qualify 14h ago The latest add-a-line deal gets you a free Galaxy S26, Galaxy Watch 8, and Galaxy Tab S10 FE Tablet at Verizon. The future of IT service delivery is built on AI and automation 15h ago IT teams and Managed Service Providers are under pressure to deliver faster service in an increasingly complex threat landscape. They can no longer do without integrated, AI-driven systems. I tested Google Maps vs. Apple Maps to find the best navigation app - and this one wins 15h ago Apple Maps has improved over the years, but how does it compare to Google Maps today? Here's which one is best. I found an AirTag alternative that's twice as durable and works with Android phones 15h ago MacBook Neo vs. iPad Air: How I'm choosing between Apple's $599 laptop and tablet 16h ago This 4TB WD Black SSD for 50% off at Best Buy is a deal I can seriously recommend 16h ago Your ChatGPT account just got more secure, but you have to opt in - here's how 16h ago Whatever you do, don't buy cheap DisplayPort cables for your PC - here's why 16h ago Miss Windows XP or 7? Then I have a free, open-source alternative for you 16h ago 5 MacOS command line tools I swear by over their GUI counterparts 17h ago Hundreds of readers bought these headphones this year (and they're not from Bose, Sony, or Apple) 18h ago How this travel company's AI rollout drove a 73% satisfaction boost: A 5-step playbook for your business 19h ago Building an agentic AI strategy that pays off - without risking business failure 19h ago

20 loaded Show 10 more

CY

cybersecurity

1h ago · 20 items

The UK’s Age Verification Law Is Producing Compliance Theater 1h ago Microsoft Edge: Passwords end up in memory as plaintext 1h ago Do people still get viruses in 2026, or is that mostly a myth now? 1h ago Mitigation script for Copy Fail vulnerability CVE-2026-31431 1h ago Popular DAEMON Tools software infected – supply chain attack ongoing since April 8, 2026 1h ago Critical Apache HTTP Server RCE (CVE-2026-23918) - Millions of Servers Potentially Exposed. Patches released 1h ago DigiCert breached via malicious screensaver file 1h ago CISO Security Mind Map 2026 2h ago AI Security Trainings 3h ago Who are your favorite cybersecurity YouTubers? 6h ago Free resource: searchable archive of every BSides conference talk 8h ago L1 SOC Analyst for ~2 years - Should I still get the Security + Certification? 10h ago Do CTFs help real world security skills, or just teach patterns? 11h ago Trellix discloses data breach after source code repository hack 14h ago John Strand Pay What You Can Information Security Core Skills live starting May 11th 15h ago Is this not such a big deal 16h ago AI Code Security Study: 6 LLMs vs OWASP Top 10 17h ago We are insider risk researchers focused on agentic AI, endpoint activity, and emerging threats. AMA 18h ago I am so sick of being hired to do Info Sec work just to do basic IT and Engineering work. 19h ago Cyber insurance renewal questionnaire had 14 identity-specific questions this year. Three years ago it had two. I was not ready for this. 19h ago

20 loaded Show 10 more

SE

SecurityWeek

1h ago · 10 items

MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs 1h ago WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities 1h ago Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks 15h ago Trellix Source Code Repository Breached 16h ago Cybersecurity M&A Roundup: 33 Deals Announced in April 2026 21h ago DigiCert Revokes Certificates After Support Portal Hack 21h ago Exploitation of ‘Copy Fail’ Linux Vulnerability Begins 23h ago OpenAI Rolls Out Advanced Security for ChatGPT Accounts 1d ago Over 40,000 Servers Compromised in Ongoing cPanel Exploitation 1d ago Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats 1d ago

HS

hacking: security in practice

1h ago · 20 items

Is this fake too?🤣 1h ago I just figured out my dad use to be a Phreaker in the 1980s 1h ago Best tools for blocking spam calls and spam links? 2h ago someone else’s UI appearing on screen for split second— possible hacker?? 2h ago Avoiding rouge AP detection in enterprise networks 5h ago BAT: VPS-based C2 with .ko/.sys rootkits compilation against target kernel headers 17h ago Iwas developing a hacker game that transports the feeling of the 90s 17h ago CISA says ‘Copy Fail’ flaw now exploited to root Linux systems 20h ago IPod Nano Gets Three Monitors 21h ago Chrome "Best AdBlocker" trojanized extension - 100k downloads. 22h ago Any good open sources that bypass modern heuristic analysis? 1d ago [SHOWCASE] Cascavel v3 1d ago Can HTTP POST bodies be intercepted without network or host access? 1d ago built a PE packer where every packed file has a different instruction set – custom VM with randomized opcodes, single C++ file (Want suggestions for future updates past v4) 1d ago Dump sql time based is too slow 1d ago North Korea rejects US cybercrime claims as 'absurd slander' 2d ago is credential stuffing using openbullet2 dead in 2026? 2d ago Hacking Wired Analog CCTV cameras going to a DVR (BNC and Coax) 2d ago Adobe-Clawback — bulk-download every PDF from your Adobe Creative Cloud account (Python, resumable, MIT) 2d ago Small models are better at cost-to-recall than large models like Mythos for vulnerability research 3d ago

20 loaded Show 10 more

RE

Reverse Engineering

1h ago · 20 items

Copy.fail: Why Internal LLMs Are Non-Negotiable for Security 1h ago Reverse-engineering Final Fantasy X (PS3) trophy system with Ghidra 13h ago [CrackMe] PyVMP v6 : The Fortress. I dare you to break it (again x2). 15h ago [WIP] Resolve indirect calls in Binary Ninja with DynamoRIO instrumentation 20h ago IDA-MCP Is Now RE-MCP With Ghidra Support 21h ago Reverse-engineered the BLE protocol of the LuckPrinter-SDK family of thermal pocket printers (DP-L1S) — Python CLI + Web Bluetooth client + full command reference 22h ago /r/ReverseEngineering's Weekly Questions Thread 1d ago GitHub - 03DSmoothie/minecraft-cpp-versions: Minecraft recoded in C++ (multiple versions) 1d ago Automated RASP Bypass with Frida + AI Agent | nutcracker & aipwn demo 1d ago Please critique my reverse engineering ctf platform. It is meant for beginners but I would like input from serious reverse engineers. It is functionally done but I need criticism for further refinements, thank you! 1d ago "AccountDumpling": Hunting Down the Google-Sent Phishing Wave Compromising 30,000+ Facebook Accounts 2d ago How to build .NET obfuscator - Part II 2d ago libghidra - SDK for automating Ghidra from Python, Rust, and C++ 2d ago Release: Open-source CAN bus reverse engineering suite tailored for offline ML signal decoding, MitM injection, and UDS analysis. 2d ago Why my macOS Messages badge lied to me (and the one-line fix) 3d ago Running Adobe’s 1991 PostScript Interpreter in the Browser 3d ago Hello! Here is my Oura Ring 4 pure Python driver! Let me know what you think :) 3d ago /r/ReverseEngineering's Triannual Hiring Thread 4d ago In-circuit NAND acquisition for edge devices (Raspberry Pi GPIO, no chip-off) 4d ago Revealing NVIDIA Closed-Source Driver Command Streams for CPU-GPU Runtime Behavior Insight 4d ago

20 loaded Show 10 more

FB

For [Blue|Purple] Teams in Cyber Defence

1h ago · 20 items

The cPanel Zero-Day Was Active for 64 Days Before Anyone Knew 1h ago GIDR: A behavioral intrusion detection system for Windows. Files are innocent until proven guilty at runtime. When malicious behavior is detected, the entire attack chain is traced to root and eliminated. 6h ago dMSA Ouroboros: Self-Sustaining Credential Extraction in Windows Server 2025 6h ago N-Day Research with AI: Using Ollama and n8n 6h ago 38 CVEs in Healthcare Software Used by 100,000 Medical Providers 16h ago Recursively fuzzing MS-RPC structures and monitoring using ETW 17h ago VanGuard — open-source single-binary DFIR toolkit (Velociraptor, Hayabusa, Chainsaw, Loki, YARA) with TUI, air-gap support, and 28 pre-built use cases 23h ago CVE-2026-31431：我用 DeepSeek 复现了 AI 发现Copy Fail 提权的全过程 - CVE-2026-31431: I used DeepSeek to reproduce the entire process of AI detecting Copy Fail privilege escalation. 1d ago 《APT高级威胁研究报告》（2026 版）- Advanced Threat Research Report (2026 Edition) 1d ago nginxpulse: 轻量级 Nginx 访问日志分析与可视化面板，提供实时统计、PV 过滤、IP 归属地与客户端解析。- A lightweight Nginx access log analysis and visualization dashboard, providing real-time statistics, PV filtering, IP geolocation, and client resolution. 1d ago 蔓灵花组织使用NUITKA打包的python样本进行投递 - The Manlinghua organization used Python samples packaged in NUITKA for delivery. 1d ago gdrv3.sys - Reverse Engineering a Signed Kernel Driver with 13 Hardware Access Primitives 1d ago Added new vulnerable samples for IoBitUnlocker, Zemana and TfSysMon 1d ago Meet Bluekit: The AI-Powered All-in-One Phishing Kit 1d ago Malicious Ruby Gems and Go Modules Impersonate Developer Tools to Steal Secrets and Poison CI 1d ago A hacker group was detained in Lviv Oblast, which hacked game accounts and received almost UAH 10 million in profit from their sale in Russia 1d ago IRQL - Incident Response Query Language - A collection of Kusto (KQL) functions that unify security logs behind a consistent, analyst-friendly dialect 1d ago [2603.28728] Study of Post Quantum status of Widely Used Protocols 1d ago Malicious Intercom PHP Package Spreads Mini Shai-Hulud Attack to Packagist via Composer Plugin 1d ago Possible supply chain attack on version 2.6.3 · Issue #21689 · Lightning-AI/pytorch-lightning 1d ago

20 loaded Show 10 more

TH

The Hacker News

1h ago · 20 items

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows 1h ago Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API 2h ago Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries 3h ago Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools 16h ago Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass 17h ago ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More 19h ago 2026: The Year of AI-Assisted Attacks 22h ago Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia 22h ago Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks 1d ago Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M 1d ago CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV 2d ago Trellix Confirms Source Code Breach With Unauthorized Repository Access 3d ago 30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign 3d ago Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks 3d ago China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists 3d ago Top Five Sales Challenges Costing MSPs Cybersecurity Revenue 3d ago Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks 4d ago Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft 4d ago PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials 4d ago ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories 4d ago

20 loaded Show 10 more

HN

Help Net Security

1h ago · 10 items

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China 1h ago ScarCruft supply chain attack trojanized Windows and Android games on a Yanbian gaming platform to spy on ethnic Koreans since late 2024. Meta adds proof-based security to encrypted backups 1h ago Meta encrypted backups update adds OTA key distribution and verifiable HSM deployments to strengthen WhatsApp and Messenger security. Can your coding style predict whether your code is vulnerable? 5h ago Code stylometry vulnerability detection uses developer coding habits to flag risky software, but LLM-generated code may erode the signal. One in four MCP servers opens AI agent security to code execution risk 5h ago Noma research shows AI agent security gaps in Skills create blind spots that MCP-focused governance and observability tools miss. Cybersecurity jobs available right now: May 5, 2026 6h ago Here are the worldwide cybersecurity job openings available as of May 5, 2026, including on-site, hybrid, and remote roles. Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) 19h ago CVE-2026-4670 and CVE-2026-5174 in MOVEit Automation may allow unauthorized access, administrative control, and lead to data exposure. Penske Logistics launches platform for real-time supply chain visibility 20h ago Penske Logistics launches Supply Chain Insight, a platform offering real-time visibility across transportation and warehousing operations. DigiCert breached via malicious screensaver file 20h ago A security breach at DigiCert enabled attackers to issue code signing certificates later used to sign malware. Operant AI Endpoint Protector secures AI agents and MCP tools 20h ago Operant AI launches Endpoint Protector to secure AI tools, coding agents, and MCP workflows at endpoints against emerging threats. Owl IRD enables one-way forensic data transfer for incident response teams 20h ago Owl Cyber Defense launches IRD, a pocket-sized diode for secure transfer of forensic data from compromised systems to safe environments.

MS

MSRC Security Update Guide

1h ago · 20 items

CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions 1h ago CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow 1h ago CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference 1h ago CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net 1h ago CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place 2h ago CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow 2h ago CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow 2h ago CVE-2026-42798 2h ago CVE-2026-37457 2h ago CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions 2h ago CVE-2026-35469 SpdyStream: DOS on CRI 2h ago CVE-2026-32148 Lockfile checksums not verified in Hex allows dependency integrity bypass 2d ago CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure 2d ago CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion 2d ago CVE-2017-20230 Storable versions before 3.05 for Perl has a stack overflow 2d ago CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service 2d ago CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions 2d ago CVE-2026-30656 2d ago CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow 2d ago CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference 2d ago

20 loaded Show 10 more

TI

Technical Information Security Content & Discussion

1h ago · 20 items

Proton Pass: Second-Password Bypass Through Emergency Access 1h ago We probed 6,000 web apps for Stripe webhook signature checks. 1,542 don't bother 5h ago Lateral Movement - Cross-Session Activation 19h ago "AccountDumpling": Hunting Down the Google-Sent Phishing Wave Compromising 30,000+ Facebook Accounts 1d ago Acoustic Keystroke Recovery - Reconstructing Typed Text from a Laptop Microphone (Full Guide, 85% success rate) 1d ago How to exfiltrate data using only numeric outputs 2d ago For vulnerability research, smaller models run repeatedly can outperform larger frontier models on cost-to-recall. 3d ago Every incident public companies have disclosed to the SEC, in one searchable database 3d ago r/netsec monthly discussion & tool thread 3d ago Handled, Not Hosted: Administrative Activity Inside a Bulletproof Hoster 4d ago Seventeen vulnerabilities in Omi, fourteen days of silence 4d ago High Fidelity Check for the cPanel Authentication Bypass (CVE-2026-41940) 5d ago Copy Fail exploit lets 732 bytes hijack Linux systems and quietly grab root 5d ago The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) - watchTowr Labs 5d ago The Thymeleaf Template Injection That Only Hurts If You Let It 5d ago Set up automated dependency scanning after the recent npm/PyPI supply chain attacks 5d ago A Route to Root in a 4G Industrial Router 6d ago [Research] Full-chain RCE in Microsoft Semantic Kernel & Agent Framework 1.0 (6 Bypasses) 6d ago The Bot Left a Fingerprint: Detecting and Attributing LLM-Generated Passwords 6d ago 89 vulnerabilities in XAPI / Citrix XenServer 7d ago

20 loaded Show 10 more

NE

NetworkChuck

11h ago · 15 items

Summer of CCNA LIVE Launch Party 11h ago Learn networking with REAL labs 👉 Join the Summer of CCNA 7d ago Most AI coding tools don’t sandbox on Windows (except one) 10d ago I built a network with gachapon machines 21d ago i didn't want to like this.... 25d ago Milla Jovovich made an AI memory tool…..it’s pretty good 27d ago Gemma 4 on the iPhone (local AI, no internet required) 29d ago Anthropic says NO MORE OpenClaw!! 31d ago the WORST hack of 2026 34d ago OpenClaw......RIGHT NOW??? (it's not what you think) 35d ago I almost quit YouTube.... 54d ago YouTube BROKE but the ads kept working... 56d ago the prompting trick nobody teaches you 59d ago hackers now steal your data in 72 minutes 61d ago your browser is holding your AI back 62d ago

15 loaded Show 5 more

BH

Black Hat

14h ago · 15 items

SecTor 2025 | Detecting Forbidden White Labeled and Counterfeit Devices 14h ago SecTor 2025 | Not-So-Secret Agents: Deploying AI to Optimize Security Operations 5d ago Why Black Hat is Essential for Academics | Black Hat Stories 6d ago What Makes Black Hat Truly Shine | Black Hat Stories 7d ago SecTor 2025 | AI, Deepfakes, and the Next Evolution of Digital Identity Verification 7d ago SecTor 2025 | Security and Safety Testing for Agentic AI 7d ago SecTor 2025 | Quantifying Cyber Risk as a National Defense Imperative 8d ago SecTor 2025 | Foreign Information Manipulation and Interference (FIMI) (Disinformation 2.0) 8d ago SecTor 2025 | Ghost SIM Attack: Hacking Mobile Network Authentication Policies 9d ago SecTor 2025 | CAN Bus for Car Nerds and Security People Who Should Know Better 9d ago SecTor 2025 | Hacking Policy for the Public Good 10d ago SecTor 2025 | Behind Closed Doors - Bypassing RFID Readers & Physical Access Controls 10d ago Black Hat Stories | Meet David Oswald, Cyber Security Professor at Durham University 10d ago SecTor 2025 | What If We Caught SUNBURST in CI/CD? 11d ago SecTor 2025 | Deconstructing a Meta-Adversary Forged from Offensive AI 11d ago

15 loaded Show 5 more

TR

The Record from Recorded Future News

16h ago · 5 items

Educational company Infrastructure reports cyber incident 16h ago Forbes preliminarily agrees to pay $10 million to settle California wiretapping lawsuit 17h ago Ransomware group claims breach of pro-Orbán Hungarian media firm 18h ago Senate Judiciary advances bill that would bar minors from interacting with AI companions 3d ago Federal agencies must patch cPanel bug by Sunday, CISA says 3d ago

MA

Malware Analysis & Reports

17h ago · 20 items

Built a PE Malware Analysis Pipeline to Learn Why Most Detection Tools Suck at Correlation 17h ago VirusTotal has one flag for this sus site 1d ago Anyone wanna learn the CEH or OSCP red teaming free 2d ago Fake Tailscale site on Google Ads uses ClickFix to get you to execute malware yourself 3d ago Minecraft Malware C2 Tracking 3d ago Minirat malware deployed via NPM targeting macOS machines 5d ago VECT Ransomware Is Actually a Wiper 6d ago The Malware Factory: GLASSWORM Forensics in Open VSX 6d ago Phishing-to-RMM Attacks: The Remote Access Blind Spot Businesses Can't Ignore 6d ago [ Removed by Reddit ] 6d ago Ikeja Electric Distribution Ransomware 6d ago Recently updated a authentic minecraft mod launcher called Modrinth 7d ago This appeared on scan today no downloads Vulnerabledriver:WinNT/Winring0 7d ago Ransomware is getting uglier as cybercriminals fake leaks and skip encryption entirely 7d ago New Lazarus APT Campaign: “Mach-O Man” macOS Malware Kit Hits Businesses 9d ago Save time and use Zig to write your Malware POC 10d ago Cracking CastleLoader’s Inno Setup Password 10d ago I built a C2 framework that uses Discord and Telegram for communication 10d ago fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet. 11d ago Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet 11d ago

20 loaded Show 10 more

MS

Microsoft Security Blog

19h ago · 10 items

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise 19h ago Microsoft Defender Research observed a large-scale credential theft campaign that exemplifies this trend, using code of conduct-themed lures, a multi-step attack chain, and legitimate email services to distribute fully authenticated message... CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments 3d ago A high-severity Linux vulnerability, “Copy Fail” (CVE-2026-31431), enables root privilege escalation across cloud environments and Kubernetes workloads. With a working exploit already in the wild, organizations should act quickly to detect,... Microsoft Agent 365, now generally available, expands capabilities and integrations 3d ago ​We’re announcing the general availability of Agent 365, plus previews of new capabilities to discover and manage shadow AI agents. Learn more. What’s new, updated, or recently released in Microsoft Security 4d ago Stay ahead of emerging threats with Microsoft’s newest security innovations and updates, delivered through the In the Loop series. Email threat landscape: Q1 2026 trends and insights 4d ago In early 2026, email threats increased with a rise in credential phishing, QR code phishing, and CAPTCHA-gated campaigns, highlighted by Microsoft’s disruption of the Tycoon2FA phishing platform which led to a 15% volume decrease and shifts... 8 best practices for CISOs conducting risk reviews 5d ago Read Microsoft expert tips for CISOs on embracing strong proactive security to mitigate increased exposure to security threats. Simplifying AWS defense with Microsoft Sentinel UEBA 6d ago Learn how Microsoft Sentinel UEBA helps defenders distinguish benign AWS activity from attacker behavior by enriching raw CloudTrail logs with clear, binary behavioral signals derived from baseline user, peer, and device behavior patterns. AI-powered defense for an AI-accelerated threat landscape 12d ago Read how Microsoft is partnering with Anthropic and broader industry to use leading models, paired with our platforms and expertise, to turn AI-driven discovery into protection at scale. Detection strategies across cloud and identities against infiltrating IT workers 13d ago The shift to remote and hybrid work since the pandemic expanded global hiring and accelerated digital onboarding, increasing reliance on online identity verification and remote access. Making opportunistic cyberattacks harder by design 14d ago How Microsoft secures Dynamics 365 and Power Platform by removing credentials, reducing attack surfaces, and using platform engineering to block opportunistic threats.

SL

Security Latest

19h ago · 20 items

DHS Demanded Google Surrender Data on Canadian’s Activity, Location Over Anti-ICE Posts 19h ago Disneyland Now Uses Face Recognition on Visitors 2d ago Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers 3d ago OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts 4d ago 90,000 Screenshots of One Celebrity's Phone Were Exposed Online 5d ago Why Sharing a Screenshot Can Get You Jailed in the UAE 6d ago The Race Is on to Keep AI Agents From Running Wild With Your Credit Cards 6d ago Cole Allen Charged With Attempting to Assassinate Trump 7d ago California Engineer Identified in Suspected Shooting at White House Correspondents’ Dinner 9d ago Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos 9d ago The Latest Push to Extend Key US Spy Powers Is Still a Mess 10d ago Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet 11d ago AI Tools Are Helping Mediocre North Korean Hackers Steal Millions 12d ago Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox 13d ago Meta Is Sued Over Scam Ads on Facebook and Instagram 13d ago They Built a Legendary Privacy Tool. Now They’re Sworn Enemies 14d ago The Weird, Twisting Tale of How China Spied on Alysa Liu and Her Dad 15d ago It Takes 2 Minutes to Hack the EU’s New Age-Verification App 16d ago Republican Mutiny Sinks Trump's Push to Extend Warrantless Surveillance 17d ago The Shocking Secrets of Madison Square Garden’s Surveillance Machine 18d ago

20 loaded Show 10 more

DB

David Bombal

20h ago · 15 items

May the force help you troubleshoot ... 20h ago Dual Boot Windows and Ubuntu Linux in 10 Minutes (2026) 1d ago They got hacked and now you will get attacked ☹️ 6d ago Stop Reflashing USBs: Build a Ventoy Toolkit 8d ago Stop using these browsers in 2026! 10d ago How long before your encryption is broken? (Quantum Switch is here) 11d ago I want this WiFi gadget! (Speed Testing and more) 13d ago How to track dark ships using OSINT (with demos) 15d ago How your ISP tracks you (even with encrypted DNS) 17d ago Hackers are using AI to win. 3 ways to STOP them in 2026. 22d ago Hacking Windows Active Directory in 10 minutes 24d ago Learn Linux in 180s: head and tail commands 25d ago Warning: Vibe Hacking is here 26d ago Apple privacy? See what they are actually doing. 27d ago Disable Face ID Quickly (iPhone) 28d ago

15 loaded Show 5 more

NA

NahamSec

21h ago · 15 items

Stop Using AI Connectors Until You Watch This 21h ago One ChatGPT connector. One email. Full AI agent hijack. #BugBounty #PromptInjection #ai #hacking 21h ago This hacker made $40,000 using Claude #ai #hacking #bugbounty 7d ago My Friend Made $40,000 Using Claude Code (Here's How) 7d ago I Learned How to Jailbreak AI Chatbots 14d ago Here’s everything I have learned from making $2M in bounties. #bugbounty 18d ago Is AI Killing Bug Bounty? 21d ago An AI Hacker Showed Me How to Exfil Data in Zero Clicks 28d ago I Earned $2M Hacking. Here's Everything I Know 35d ago BECOMING AN AI HACKER (Episode 01) 49d ago Was This Vulnerability Worth $15,000? 56d ago I Hacked My First AI Chatbot 70d ago Can I Replace AI With My Recon Methodology? 77d ago 10+ Daily Essentials As An Ethical Hacker 84d ago Hacking a Windows Web Application 91d ago

15 loaded Show 5 more

SE

Securelist

1d ago · 10 items

“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security 1d ago Kaspersky expert breaks down a new phishing scheme that uses the Amazon SES cloud email service. Let’s look at some examples to see how you can tell a phishing email from a real one. Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India 5d ago The Silver Fox group is targeting companies in Russia and India by impersonating tax authorities to distribute ValleyRAT and the new ABCDoor backdoor. PhantomRPC: A new privilege escalation technique in Windows RPC 11d ago Kaspersky researcher discovered a vulnerability in RPC architecture that enables an attacker to create a fake RPC server and escalate their privileges. FakeWallet crypto stealer spreading through iOS apps in the App Store 15d ago In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Threat landscape for industrial automation systems in Q4 2025 19d ago The report contains industrial threat statistics for Q4 2025. It covers various infection vectors and malware types, as well as regional statistics and statistics by industry. JanelaRAT: a financial threat targeting users in Latin America 22d ago Kaspersky GReAT experts describe the latest JanelaRAT campaign detailing infection chain and malware functionality updates. The long road to your crypto: ClipBanker and its marathon infection chain 26d ago Threat actors are distributing a Trojan disguised as Proxifier software; through a multi-stage infection chain, it delivers ClipBanker – malware that replaces cryptocurrency wallet addresses in the clipboard. Financial cyberthreats in 2025 and the outlook for 2026 27d ago In this report, Kaspersky experts share their insights into the 2025 financial threat landscape, including regional statistics and trends in phishing, PC malware, and infostealers. A laughing RAT: CrystalX combines spyware, stealer, and prankware features 34d ago Kaspersky researchers analyze a new CrystalX RAT distributed as MaaS and featuring extensive spyware, stealer, and prankware capabilities. An AI gateway designed to steal your data 39d ago Dissecting the supply chain attack on LiteLLM, a multifunctional gateway used in many AI agents. Explaining the dangers of the malicious code and how to protect yourself.

RF

Recorded Future

1d ago · 20 items

Working in London at the World’s Largest Intelligence Company 1d ago See what it is like to work at the Recorded Future London office. The Iran War: What You Need to Know 4d ago Insikt Group tracks the cyber, physical, and geopolitical components of the US-Israeli strikes on Iran — with continuously updated threat analysis and scenarios. Risk Scenarios for the US’s Strategic Pivot 5d ago The United States (US) is shifting toward a more force-driven security strategy primarily relying on military operations and economic pressure to counter transnational criminal organizations and limit Chinese, Russian, and Iranian influence... Building with AI: Here's What No Briefing Will Tell You 5d ago What building with AI for three months revealed about four leadership blind spots executives can't afford to ignore: the comprehension gap, eroding competitive moats, deployment complexity, and what "senior" really means now. The Money Mule Solution: What Every Scam Has in Common 7d ago Learn how mule account intelligence — not tactic-tracking — is the most effective lever for preventing APP fraud before funds move. Lazarus Doesn't Need AGI 7d ago Explore the 2026 Claude Mythos breach, supply chain risks, and the $2B+ crypto theft pipeline. From Overwhelmed to Autonomous: Rethinking Threat Intelligence in 2026 11d ago For most security teams today, volume and access to intelligence isn’t the problem. It’s the speed at which they can turn that intelligence into action. . Critical minerals and cyber operations 12d ago Learn how critical minerals and rare earth elements (REEs) are evolving from commodities into strategic flashpoints. Explore the geopolitical risks of China’s refining dominance, the race for resources in the Arctic and space, and the risin... Today, trust is the superpower that makes innovation possible 12d ago How better intelligence and collaboration can unlock new opportunities for growth and greater financial health for more people. Evolution of Chinese-Language Guarantee Telegram Marketplaces 13d ago Chinese-language, Telegram-based “guarantee” marketplaces are increasingly popular among Chinese-speaking criminal groups despite the widely publicized shutdown of Huione Guarantee in 2025. AI Hype vs. Reality: Is AI Really Rewriting the Vulnerability Equation? 13d ago Emerging Enterprise Security Risks of AI 14d ago 4 Essential Integration Workflows for Operationalizing Threat Intelligence Recorded Future 18d ago From Bazooka to Fake Nikes 19d ago Your Supply Chain Breach Is Someone Else's Payday 20d ago Iran War: Future Scenario and Business Implications 21d ago A New Way to Buy Recorded Future: Solutions and Packages Built for the 2026 Threat Landscape 21d ago March 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-Day 22d ago VIP Credential Monitoring Blog 25d ago Third-Party Risk Is an Intelligence Operation. It's Time We Treated It Like One. 26d ago

20 loaded Show 10 more

TM

Trend Micro Research, News, Perspectives

1d ago · 20 items

Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities 1d ago Kuse Web App Abused to Host Phishing Document 6d ago Bad actors took advantage of the legitimate name and services of Kuse, a popular AI-based app designed for workplaces. The attackers exploited the users’ trust in Kuse to carry out a phishing attack. Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories 14d ago The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables 15d ago Identity Protection in the AI Era 22d ago Learn about a proactive, identity-first security approach that integrates visibility, threat detection and response, zero trust enforcement, AI protection, and threat intelligence into a unified model. U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026 26d ago Discover how TrendAI Vision One™ empowers government agencies and educational institutions with advanced visibility, intelligence, and automation to stay ahead of evolving public sector threats. Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do 28d ago Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads 32d ago TrendAI Insight: New U.S. National Cyber Strategy 34d ago Explore the White House National Cyber Strategy and its six pillars to strengthen U.S. cybersecurity—covering deterrence, regulation, federal modernization, critical infrastructure protection, AI leadership, and workforce development. The Real Risk of Vibecoding 35d ago Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads 35d ago TrendAI™ Research at RSAC 2026: Advancing Defense Across AI‑Driven and Cyber‑Physical Threats 35d ago TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM 36d ago Your AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain Compromise 40d ago Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities 40d ago Your AI Stack Just Handed Over Your Root Keys: Inside the litellm PyPI Breach 41d ago Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries 47d ago Why East-West Visibility Matters for Grid Security 48d ago From Misconfigured Spring Boot Actuator to SharePoint Exfiltration: How Stolen Credentials Bypass MFA 48d ago TrendAI™ Supports Global Law Enforcement Efforts 50d ago

20 loaded Show 10 more

JH

John Hammond

3d ago · 15 items

JHT Course Launch: Web App Junior Analyst! 3d ago FAKE Zoom Taxes MALWARE 7d ago the WORST phishing email i've ever seen 10d ago Hackers Stole Your Account (for free) 11d ago The Dawn of AI Warfare (with Katrina Manson) 13d ago The Payload Podcast #005 - Casey Smith 14d ago JHT Livestream: mitmproxy & OpenWRT to read HTTPS traffic! 17d ago HUGE AI-powered Microsoft Account phishing campaign 25d ago robots take over the world or something i guess idk 26d ago How Teenage Hackers Hijack the Internet (with Joe Tidy!) 26d ago Hackers make FAKE notifications 27d ago AI Cyber Defense Ops Course Launch! 31d ago Extremely Easy Identity Management (with Authentik!) 31d ago The Payload Podcast #004 - AI with Shane Caldwell 32d ago HUGE npm axios supply chain attack 35d ago

15 loaded Show 5 more

DA

darkreading

3d ago · 20 items

76% of All Crypto Stolen in 2026 Is Now in North Korea 3d ago If AI's So Smart, Why Does It Keep Deleting Production Databases? 3d ago Name That Toon: Mark of (Security) Progress 3d ago 20 Years in Cyber: Dark Reading Marks Milestone With Month of Special Coverage 3d ago TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack 4d ago Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug 4d ago Anthropic's Mythos Has Landed: Here's What Comes Next for Cyber 4d ago Oracle Red Bull Racing Team Revs Up Automation to Boost Security 4d ago Claude Mythos Fears Startle Japan's Financial Services Sector 5d ago Reverse Engineering With AI Unearths High-Severity GitHub Bug 5d ago AI Finds 38 Security Flaws in Electronic Health Record Platform 5d ago Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error 5d ago Lotus Wiper Attack Targets Venezuelan Energy Firms, Utilities 5d ago BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures 6d ago NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later 6d ago Feuding Ransomware Groups Leak Each Other's Data 6d ago Vidar Rises to Top of Chaotic Infostealer Market 6d ago Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain 6d ago UNC6692 Combines Social Engineering, Malware, Cloud Abuse 7d ago Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation 7d ago

20 loaded Show 10 more

SA

Security - Ars Technica

3d ago · 20 items

Ubuntu infrastructure has been down for more than a day 3d ago GPT-5.5 matches heavily hyped Mythos Preview in new cybersecurity tests 3d ago The most severe Linux threat to surface in years catches the world flat-footed 4d ago Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden 5d ago Open source package with 1 million monthly downloads stole user credentials 7d ago Why are top university websites serving porn? It comes down to shoddy housekeeping. 10d ago In a first, a ransomware family is confirmed to be quantum-safe 11d ago Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage 12d ago Microsoft issues emergency update for macOS and Linux ASP.NET threat 12d ago Mozilla: Anthropic's Mythos found 271 security vulnerabilities in Firefox 150 13d ago Contrary to popular superstition, AES 128 is just fine in a post-quantum world 13d ago US-sanctioned currency exchange says $15 million heist done by "unfriendly states" 17d ago Recent advances push Big Tech closer to the Q-Day danger zone 17d ago "TotalRecall Reloaded" tool finds a side entrance to Windows 11's Recall database 19d ago UK gov's Mythos AI tests help separate cybersecurity threat from hype 20d ago Iran-linked hackers disrupt operations at US critical infrastructure sites 26d ago Thousands of consumer routers hacked by Russia's military 26d ago CBP facility codes sure seem to have leaked via online flashcards 29d ago OpenClaw gives users yet another reason to be freaked out about security 31d ago New Rowhammer attacks give complete control of machines running Nvidia GPUs 32d ago

20 loaded Show 10 more

TC

The Cyber Mentor

3d ago · 15 items

A Guide to LNK File Forensics 3d ago Josh Mason | Real Folks of Cyber | DITL 5d ago Use BLUR-IT to Increase Your OPSEC 13d ago How to Investigate with Windows Prefetch Files 17d ago Cybersecurity Books to Read: DFIR Investigative Mindset 20d ago Bye Bye Bellini! | Andrew Bellini's Farewell Stream | Cybersecurity | AMA 26d ago Getting Started With The Windows Registry 31d ago How Digital Forensics Caught the BTK Killer 34d ago Welcoming Megan to TCM! | Cybersecurity | AMA 40d ago 3 Reasons IoT Security Will Explode in 2026 41d ago Blue Team CTF Walkthrough: DFIR 45d ago The Importance of Forensic Soundness 48d ago 5 Cybersecurity Books That Made Me a Better Investigator 52d ago LIVE: On-Stream GIVEAWAY! | CTF Launch | AMA 54d ago Project Helix Blue Team CTF Teaser - Coming Wednesday! 55d ago

15 loaded Show 5 more

AL

Alerts

3d ago · 20 items

CISA Adds One Known Exploited Vulnerability to Catalog 3d ago CISA Adds One Known Exploited Vulnerability to Catalog 4d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 6d ago CISA Adds Four Known Exploited Vulnerabilities to Catalog 10d ago CISA Adds One Known Exploited Vulnerability to Catalog 11d ago CISA Adds One Known Exploited Vulnerability to Catalog 12d ago ​​Supply Chain Compromise Impacts Axios Node Package Manager​ 14d ago CISA Adds Eight Known Exploited Vulnerabilities to Catalog 14d ago CISA Adds One Known Exploited Vulnerability to Catalog 18d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 20d ago CISA Adds Seven Known Exploited Vulnerabilities to Catalog 21d ago CISA Adds One Known Exploited Vulnerability to Catalog 26d ago CISA Adds One Known Exploited Vulnerability to Catalog 28d ago CISA Adds One Known Exploited Vulnerability to Catalog 32d ago CISA Adds One Known Exploited Vulnerability to Catalog 33d ago CISA Adds One Known Exploited Vulnerability to Catalog 35d ago CISA Adds One Known Exploited Vulnerability to Catalog 38d ago CISA Adds One Known Exploited Vulnerability to Catalog 39d ago CISA Adds One Known Exploited Vulnerability to Catalog 40d ago CISA Adds Five Known Exploited Vulnerabilities to Catalog 45d ago

20 loaded Show 10 more

AC

All CISA Advisories

3d ago · 20 items

CISA Adds One Known Exploited Vulnerability to Catalog 3d ago Careful Adoption of Agentic AI Services 3d ago This guidance discusses cybersecurity challenges and risks associated with the introduction of agentic AI into IT environments, as well as best practices for ABB AWIN Gateways 4d ago ABB Ability OPTIMAX 4d ago ABB PCM600 4d ago ABB Edgenius Management Portal 4d ago CISA Adds One Known Exploited Vulnerability to Catalog 4d ago ABB Ability Symphony Plus Engineering 4d ago ABB System 800xA, Symphony Plus IEC 61850 4d ago Adapting Zero Trust Principles to Operational Technology 5d ago This guidance provides a roadmap for organizations to reference as they transition toward a zero trust architecture. NSA GRASSMARLIN 6d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 6d ago CISA Adds Four Known Exploited Vulnerabilities to Catalog 10d ago SpiceJet Online Booking System 11d ago Carlson Software VASCO-B GNSS Receiver 11d ago Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera 11d ago Milesight Cameras 11d ago Defending Against China-Nexus Covert Networks of Compromised Devices 11d ago Yadea T5 Electric Bicycle 11d ago Intrado 911 Emergency Gateway (EGW) 11d ago

20 loaded Show 10 more

HA

Hak5

4d ago · 15 items

Why You Must Check Your Password Manager Immediately | THREAT WIRE 4d ago NIST Is Scaling Back CVEs — And That’s a Problem | THREAT WIRE 10d ago there are too many stories to cover #cybersecurity #news @endingwithali 18d ago Use After Free Bugs Are Out of Control @endingwithali #threatwire #cybersecurity 18d ago Are you thinking about software supply chain attacks? #hacker @endingwithali #cybersecurity 18d ago Age Restricted Internet Is On It’s Way #threatwire @endingwithali #hackernews 18d ago Age Restricted Internet Is On It’s Way - Threat Wire 19d ago Use After Free Bugs Are Out of Control! - Threat Wire 25d ago 🔴 [PAYLOAD REVIEW] WiFi Pineapple Pager 📟🍍 27d ago 🍍📟 Firmware 1.0.8 - WiFi Pineapple Pager 28d ago No More Routers In The US - Threat Wire 33d ago Why is Google Closing Android? - Threat Wire 39d ago Meta Ending End to End on Instagram- Threat Wire 45d ago Chrome Is Thinking Quantum - Threat Wire 53d ago 🔴 [PAYLOAD REVIEW] WiFi Pineapple Pager 📟🍍 57d ago

15 loaded Show 5 more

CS

Cisco Security Advisory

4d ago · 20 items

Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense 4d ago On April 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an update to V1: Emergency Directive (ED) 25-03: Identify and Mitigate Potential Compromise of Cisco Devices related to Cisco Secure Firewall Adaptiv... Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities 6d ago Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to achieve remote code execution or conduct path traversal attacks on an affec... Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability 10d ago A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability... Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities 12d ago Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more informatio... Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities 12d ago Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to execute arbitrary code or commands on the underlying operating system of an affe... Cisco Catalyst SD-WAN Vulnerabilities 12d ago Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an attacker to access an affected system, elevate privileges to root, gain access to sensitive information, and overwrite arbitrary files. For m... Cisco Webex Services Certificate Validation Vulnerability 18d ago A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of imp... Cisco Secure Web Appliance Authentication Bypass Vulnerability 18d ago A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improp... Cisco Identity Services Engine Remote Code Execution Vulnerabilities 19d ago Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit these vulnerabilities, the att... Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability 19d ago A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the u... Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities 19d ago Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability 19d ago Cisco Unity Connection Arbitrary File Download Vulnerabilities 19d ago Cisco Unity Connection Cross-Site Scripting, Open Redirect, and SQL Injection Vulnerabilities 19d ago Cisco Webex Contact Center Cross-Site Scripting Vulnerability 19d ago Cisco IOS XE Software Denial of Service Vulnerability 32d ago Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability 33d ago Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access Vulnerability 33d ago Cisco Nexus Dashboard and Nexus Dashboard Insights Server-Side Request Forgery Vulnerability 33d ago Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability 33d ago

20 loaded Show 10 more

SM

Security | Microsoft Azure Blog | Microsoft Azure

4d ago · 10 items

Enforcing trust and transparency: Open-sourcing the Azure Integrated HSM 4d ago Learn how Microsoft Azure Integrated HSM delivers hardware‑enforced key protection in the cloud, combining FIPS Level 3 assurances with transparency and open‑source collaboration. Azure IaaS: Keep critical applications running with built-in resiliency at scale 33d ago Learn how Azure IaaS helps organizations start from a resilient platform foundation with availability, continuity, and recovery capabilities. Azure IaaS: Explore new resources for building a stronger, more efficient infrastructure 61d ago Learn how Azure IaaS helps you modernize infrastructure, improve performance and resilience, optimize costs, and prepare for AI workloads. Read more. Azure reliability, resiliency, and recoverability: Build continuity by design 76d ago Learn how Azure reliability, resiliency, and recovery capabilities work together to improve cloud continuity. Read more. Microsoft strengthens sovereign cloud capabilities with new services 181d ago Discover new Microsoft digital sovereignty capabilities and upcoming features across AI, security, and productivity, to address sovereign cloud needs. Enhancing software supply chain security with Microsoft’s Signing Transparency 182d ago Microsoft Signing Transparency delivers verifiable code integrity and tamper-evident software releases for stronger supply chain security. Oracle Database@Azure offers new features, regions, and programs to unlock data and AI innovation 202d ago Migrate Oracle solutions to the cloud with a trusted, enterprise-ready platform from Microsoft and Oracle. Learn more. Building secure, scalable AI in the cloud with Microsoft Azure 307d ago Forrester Research shows how Azure helps enterprises scale generative AI securely, unlocking real business value. Learn more. Enhance AI security with Azure Prompt Shields and Azure AI Content Safety 333d ago Learn how Prompt Shields and Azure AI Content Safety can help guard against direct and indirect threats to your LLM-based solution. Navigating the 2024 holiday season: Insights into Azure’s DDoS defense 462d ago Learn more on how Azure DDoS is keeping you prepared for this years trends in advanced attack tactics to keep your data secure.

CD

Cyber Defense Magazine

4d ago · 10 items

Innovator Spotlight: The Open Group 4d ago Preparing For Hybrid Warfare: Actions To Take When The Cloud Goes Dark 4d ago Operationalizing Cyber Resilience: A Practitioner’s Framework for Real-World Security Constraints 5d ago Innovator Spotlight: Puneet Bhatnagar 6d ago Cybersecurity Risks in 2026 6d ago Retro-Coding and the Roots of Logic: Why The Byte Brothers: Program a Problem Still Matters 7d ago Innovator Spotlight: TokenCore 7d ago Platform Engineering: The Rise of a Disciplinary Rethink 7d ago 60% Of Cyberattacks Are Identity Based — Is Identity First A Bad Idea? 7d ago From Threat Detection To Decision Intelligence: Rethinking Modern Cyber Defense 8d ago

KO

Krebs on Security

4d ago · 10 items

Anti-DDoS Firm Heaped Attacks on Brazilian ISPs 4d ago A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazi... ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty 13d ago A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phish... Patch Tuesday, April 2026 Edition 20d ago Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dub... Russia Hacked Routers to Steal Microsoft Office Tokens 27d ago Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backe... Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab 29d ago An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gang... ‘CanisterWorm’ Springs Wiper Attack Targeting Iran 42d ago A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or ha... Feds Disrupt IoT Botnets Behind Huge DDoS Attacks 46d ago The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT) devices, such as ro... Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker 54d ago A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub out... Microsoft Patch Tuesday, March 2026 Edition 55d ago Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing "zero-day" flaws this month (compared to February's five zero-day treat), but as usu... How AI Assistants are Moving the Security Goalposts 57d ago AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popularity with developers and IT workers. But as so many eyebrow-r...

WE

WeLiveSecurity

5d ago · 20 items

This month in security with Tony Anscombe – April 2026 edition 5d ago The calm before the ransom: What you see is not all there is 11d ago GopherWhisper: A burrow full of malware 12d ago New NGate variant hides in a trojanized NFC payment app 14d ago What the ransom note won’t say 15d ago That data breach alert might be a trap 18d ago Supply chain dependencies: Have you checked your blind spot? 18d ago Recovery scammers hit you when you’re down: Here’s how to avoid a second strike 25d ago As breakout time accelerates, prevention-first cybersecurity takes center stage 28d ago Digital assets after death: Managing risks to your loved one’s digital estate 34d ago This month in security with Tony Anscombe – March 2026 edition 35d ago RSAC 2026 wrap-up – Week in security with Tony Anscombe 38d ago A cunning predator: How Silver Fox preys on Japanese firms this tax season 39d ago Virtual machines, virtually everywhere – and with real security gaps 41d ago Cloud workload security: Mind the gaps 42d ago Move fast and save things: A quick guide to recovering a hacked account 46d ago EDR killers explained: Beyond the drivers 47d ago Face value: What it takes to fool facial recognition 53d ago Cyber fallout from the Iran war: What to have on your radar 53d ago Sednit reloaded: Back in the trenches 56d ago

20 loaded Show 10 more

ZU

ZDI: Upcoming Advisories

5d ago · 1 items

ZDI-CAN-30796: Docker 5d ago

PN

Proofpoint News Feed

5d ago · 10 items

Claude Mythos Fears Startle Japan's Financial Services Sector 5d ago AI-Era Threats Spread Beyond Email Into SaaS, Collaboration Apps, and AI Assistants 6d ago Proofpoint Research Reveals Half of Global Organizations Experienced AI Incidents Despite Having AI Security Controls in Place 7d ago Inaugural global study finds more than half of organizations are not fully confident their AI security controls would detect compromised AI Clear market trend for software providers to help with AI: Proofpoint CEO 11d ago Sumit Dhawan, Proofpoint CEO, joins 'Closing Bell' to discuss ServiceNow's quarterly earnings results, if Anthropic's Mythos makes incumbent players more important and much more. Proofpoint CEO on AI Security Innovations | Nasdaq at RSAC 2026 12d ago Cargo thieving hackers running sophisticated remote access campaigns, researchers find 18d ago Freight Hacker Wields Code-Signing Service to Evade Defenses 18d ago Sumit Dhawan on NYSE Floor Talk | Proofpoint AI Security 19d ago FIFA World Cup 2026: More than One-Third of Official Partners Expose the Public to the Risk of Email Fraud 21d ago Analysis by cybersecurity company Proofpoint reveals that while most partners have implemented baseline email authentication, many are still not proactively blocking fraudulent emails that Microsoft 365 mailbox rules abused for exfiltration, persistence 21d ago

BF

Blog – Forter

6d ago · 10 items

Toys“R”Us Japan Implements Forter’s Fraud Management and Payment Optimization Solutions 6d ago More of What Matters: Forter’s April Product Release 7d ago If AI Agents Can’t Find You, Do You Even Exist? 7d ago Return Policy Abuse Is Theft. It’s Time to Treat It That Way. 19d ago What Is Return Abuse and Why Is It Getting Harder to Stop? 20d ago Return Abuse Prevention Starts with the Person, Not the Policy 20d ago Shoptalk 2026: Retail in the Age of AI 28d ago Visa’s Updated VAMP Program: What Merchants Need to Know 40d ago New at Forter: Go Live in Days, Not Months 48d ago Forter and VGS Expand Partnership to Power Trusted Agentic Commerce 67d ago

DE

DEFCONConference

6d ago · 15 items

DEF CON 34 - DEF CON Policy Announcement - Katie Noble, Heather West 6d ago DEF CON 33 - DisguiseDelimit: Exploiting Synology NAS with Delimiters and Novel Tricks - Ryan Emmon 75d ago DEF CON 33 - Browser Extension Clickjacking: One Click and Your Credit Card Is Stolen - Marek Tóth 75d ago DEF CON 33 - Can't Stop the ROP: Automating Universal ASLR Bypasses - Bramwell Brizendine 75d ago DEF CON 33 Recon Village - How to Become One of Them: Deep Cover Ops - Sean Jones, Kaloyan Ivanov 124d ago DEF CON 33 Recon Village - Inside the Shadows Tracking RaaS Groups, Cyber Threats - John Dilgen 124d ago DEF CON 33 Recon Village - Autonomous Video Hunter AI Agents for Real Time OSINT - Kevin Dela Rosa 124d ago DEF CON 33 Recon Village - A Playbook for Integration Servers - Ryan Bonner, Guðmundur Karlsson 124d ago DEF CON 33 Recon Village - Mapping the Shadow War From Estonia to Ukraine - Evgueni Erchov 124d ago DEF CON 33 Recon Village - Building Local Knowledge Graphs for OSINT - Donald Pellegrino 124d ago DEF CON 33 Recon Village - OSINT & Modern Recon Uncover Global VPN Infrastructure - Vladimir Tokarev 124d ago DEF CON 33 Recon Village - Pretty Good Pivot - Simwindie 124d ago DEF CON 33 Recon Village - enumeraite: AI Assisted Web Attack Surface Enumeration - Özgün Kültekin 124d ago DEF CON 33 Recon Village - OSINT Signals Pop Quiz - Master Chen 124d ago DEF CON 33 Recon Village - Investigating Foreign Tech from Online Retailers - Michael Portera 124d ago

15 loaded Show 5 more

IP

IppSec

9d ago · 15 items

HackTheBox - Sorcery 9d ago HackTheBox - AirTouch 16d ago HackThebox - Eighteen 23d ago HackTheBox - DarkZero 30d ago HackTheBox - Browsed 37d ago HackTheBox - Conversor 44d ago HackTheBox - Gavel 51d ago HackTheBox - Principal 52d ago HackTheBox - ExpressWay 58d ago HackTheBox - Guardian 65d ago HackTheBox - GiveBack 72d ago HackTheBox - Soulmate 79d ago HackTheBox - Signed 86d ago HackTheBox - CodePartTwo 93d ago HackTheBox - Imagery 100d ago

15 loaded Show 5 more

FP

Fraud Prevention – Riskified

11d ago · 1 items

Agentic commerce: harness it, don’t outsource it 11d ago External AI agents fly blind without your data. Learn why native AI, powered by identity intelligence, is the key to owning customer relationships in retail.

M3

Microsoft 365 Blog

12d ago · 10 items

Copilot’s agentic capabilities in Word, Excel, and PowerPoint are generally available 12d ago Copilot's newest features are now generally available as the default experience across all Microsoft 365 subscriptions. Bring your everyday business apps into the flow of work with agents in Microsoft 365 Copilot 21d ago Discover how apps integrate with AI agents to power Copilot experiences, streamline workflows, and turn business context into action. New and improved: Multi-agent orchestration, connected experiences, and faster prompt iteration 33d ago Explore what's new in Copilot Studio: Multi-agent systems now generally available, plus updates to the Prompt Editor and governance controls. Copilot Cowork: Now available in Frontier 35d ago Today, Copilot Cowork—designed for long-running, multi-step work in Microsoft 365—is available via the Frontier program. Copilot Cowork: A new way of getting work done 56d ago Copilot Cowork turns intent into action across Microsoft 365—automating tasks, coordinating workflows, and keeping you in control. See how. Powering Frontier Transformation with Copilot and agents 56d ago Wave 3 of Microsoft 365 Copilot introduces Copilot Cowork, multi‑model intelligence, and enterprise‑ready AI—built to get real work done. SharePoint at 25: How Microsoft is putting knowledge to work in the AI era 63d ago Discover how SharePoint’s 25‑year legacy powers Microsoft 365 Copilot, Work IQ, and AI‑driven knowledge for organizations worldwide. Microsoft Sovereign Cloud adds governance, productivity, and support for large AI models securely running even when completely disconnected 69d ago The ultimate Microsoft 365 community event returns—your front‑row seat to the future of intelligent work 88d ago Join the ultimate Microsoft 365 community event with fresh insights, AI innovations, and a front‑row look at the future of intelligent work. 6 core capabilities to scale agent adoption in 2026 98d ago Learn six capabilities to support agent adoption at scale in 2026 with Microsoft Copilot Studio, from governance and security to operations.

CC

CISA Cybersecurity Advisories

13d ago · 10 items

Defending Against China-Nexus Covert Networks of Compromised Devices 13d ago Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure 28d ago U.S. organizations should review the TTPs and IOCs in this advisory for indications of current or historical activity on their networks, and apply the Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure 150d ago The authoring organizations encourage critical infrastructure organizations to implement the recommendations in this advisory to reduce the likelihood and CISA Shares Lessons Learned from an Incident Response Engagement 224d ago Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System 252d ago The authoring agencies strongly urge network defenders to hunt for malicious activity and to apply the mitigations in this CSA to reduce the threat of Chinese CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization 279d ago #StopRansomware: Interlock 287d ago Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider 326d ago CISA urges software vendors, downstream customers, and end users to immediately implement the Mitigations listed in this advisory based on confirmed compromise Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations 349d ago Russian GRU Targeting Western Logistics Entities and Technology Companies 357d ago Executives and network defenders should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and IOCs

HS

Heimdal Security Blog

14d ago · 15 items

Heimdal Expands AI Strategy with AI Wingman and Third-Party AI Containment 14d ago Heimdal today unveiled the next phase of its AI strategy, expanding AI Wingman with three new layers - Assist, Triage and SOC - alongside the introduction of Third-Party AI Containment. You Only Know What You’ve Got When Its Gone 38d ago Prepare for the expected. Rehearse an action plan in case of technology failure or cyberattacks. We all know they can happen. Nordic MSPs Can Now Access Heimdal’s Unified Security and Compliance Platform Through Elovade 48d ago Heimdal has appointed Elovade as its official distributor in the Nordic region. The move gives MSPs and resellers across Sweden, Norway, Denmark, Iceland, and Finland direct access to Heimdal's consolidated cybersecurity platform through a ... OpenClaw Incidents Show Why AI Adoption Pressure Puts Companies at Risk 60d ago The OpenClaw security failures show how hasty AI adoption can expose businesses and supply chains to major cyber risk. Heimdal Claims Industry First With a Cyber Essentials Control Mapping for PEDM to Help Organisations Prove Least Privilege 85d ago Heimdal is the first vendor to publish a dedicated Cyber Essentials control mapping for PEDM, setting out how privilege management supports Cyber Essentials requirements and what evidence can be produced to support assessment and assurance. Five Predictions for Cyber Security Trends in 2026 90d ago Morten Kjaersgaard, Heimdal’s Founder, and Adam Pilton, a former cybercrime investigator, predict five cyber security trends for 2026. Heimdal Achieves OPSWAT Gold Certification for Anti-Malware 110d ago Heimdal today announced that its Next-Gen Antivirus (NGAV) with Extended Threat Protection (XTP) has achieved OPSWAT Gold Certification for Anti-Malware, validating its compatibility and effectiveness within OPSWAT’s industry-leading Access... How to Avoid Holiday Shopping Scams (From a Former Cyber Detective) 144d ago Worried about holiday scams? Ex-cybercrime detective Adam Pilton breaks down the biggest threats and how to shop safely this festive season. ITDR Best Practices: How to Detect, Prevent, and Contain Critical Identity Threats 158d ago Key takeaways: ITDR solutions monitor identity-based threats that traditional security tools miss, like hackers logging in with stolen credentials Effective ITDR requires integration with privileged access management and automated responses... When Buyers Discount MSPs With One Big Customer 158d ago Your biggest customer loves you. Three years together. They trust you, pay on time, and refer others. From where you sit, that’s loyalty. From where a buyer sits, that’s a $$$ discount on your exit. This perception gap kills more MSP deals ... You’re Not Technical? That Excuse Just Expired! 158d ago Tool Sprawl Taxes Your Business More Than You Think 160d ago Heimdal 5.1.0 RC Dashboard: Smarter Automation, Stronger Compliance, and Smoother Control 164d ago Can Generative AI Be Weaponized for Cyberattacks? 167d ago Digital Warfare and the New Geopolitical Frontline 181d ago

15 loaded Show 5 more

BA

Blog Articles - Identity Insights | Trulioo

18d ago · 13 items

Business Fraud at Network Scale: What the $3.5B Medicare Hospice Crisis Reveals About Know Your Business 18d ago What is Customer Due Diligence (CDD) 42d ago Why Legacy Identity Verification Can’t Stop AI-Enabled Fraud 45d ago AML, KYC and Identity Verification in Australia 54d ago When Fraud Becomes Background Noise: The Industrialization of Digital Deception 119d ago The Efficiency Era of KYC: Reverification and Reusable Identity Take Center Stage 119d ago The End of Static KYB: Business Identity in Constant Motion 119d ago Know Your Agent: The Next Chapter in Digital Trust 119d ago When Rules Move Faster Than Readiness: Regulatory Adaptability as a Competitive Advantage 119d ago Digital Identity Trends 2026: AI Fraud, Compliance, and Orchestration 138d ago The World’s Identity Platform 1190d ago KYC: 3 Steps to Achieving Know Your Customer Compliance 1461d ago AML Compliance Checklist: Best Practices for Anti-Money Laundering 1476d ago

13 loaded Show 3 more

FP

Fraud Prevention Archives - Alloy Silverstein

60d ago · 2 items

AI in Tax Season: Risks, Scams, and How to Protect Your Data 60d ago Tax Season Scams to Watch For This Year 67d ago

LI

LiveOverflow

61d ago · 15 items

Security-driven Rapid Release - Pwn2Own Documentary (Part 4) 61d ago Firefox JIT Bug - Pwn2Own Documentary (Part 3) 64d ago The First Exploit - Pwn2Own Documentary (Part 2) 68d ago The World's Hardest Hacking Competition - Pwn2Own Documentary (Part 1) 71d ago From Zero to Zero Day (and beyond) - Life of a Hacker: Jonathan Jacobi 391d ago The German Hacking Championship 416d ago Do you know this common Go vulnerability? 430d ago Google's Mobile VRP Behind the Scenes with Kristoffer Blasiak (Hextree Podcast Ep.1) 565d ago My theory on how the webp 0day was discovered #short 581d ago My theory on how the webp 0day was discovered (BLASTPASS) 582d ago Learn Android Hacking! - University Nevada, Las Vegas (2024) 609d ago My Trip to Las Vegas for DEFCON & Black Hat 622d ago Finding The .webp Vulnerability in 8s (Fuzzing with AFL++) 833d ago A Vulnerability to Hack The World - CVE-2023-4863 865d ago Reinventing Web Security 896d ago

15 loaded Show 5 more

SK

STÖK

253d ago · 15 items

Life in the Nordics 🌲 | Foraging Blueberries, Mushrooms & Nosework Training with Our Dogs 253d ago Winter vanlife = good times 855d ago What an experience! Getting a Christmas tree from our own piece of land. #movingupnorth! 862d ago Had to much GLÖGG and lost my camera during - 13371122 - Intigriti + Visma 869d ago IS THIS THE END? 928d ago Escaping the grind and decompiling python 3.9 pyc files to find vulnerabilites 1083d ago How to turn bugs into a "passive" income stream! ft Detectify's Almroot 1323d ago HOW DID THIS HAPPEN!? (13370822 LHE VLOG) 1337d ago Q: How to write a BUG BOUNTY report that actually gets paid? 1453d ago facts: Bug Bounty hunters has made ridiculous amounts of $$ from known DNS techniques.. 1467d ago Q: HOW do you find hidden stuff on websites? (this episode is all about CONTENT DISCOVERY!) 1481d ago Q: HOW do you get started in bug bounty?? How do you build your automation?! 1495d ago Q: PENTEST VS BUGBOUNTY? (Bounty Thursday's - ON AIR) 1509d ago BOUNTY THURSDAYS - LIVE #2 (NEWS/TOOLS and Community Questions with Jason Haddix) 1523d ago Livestream från STÖK 1537d ago

15 loaded Show 5 more

HA

HackerSploit

390d ago · 15 items

How FIN6 Exfiltrates Files Over FTP 390d ago Emulating FIN6 - Active Directory Enumeration Made EASY 441d ago The SECRET to Embedding Metasploit Payloads in VBA Macros 446d ago Offensive VBA 0x4 - Reverse Shell Macro with Powercat 455d ago Offensive VBA 0x3 - Developing PowerShell Droppers 461d ago Offensive VBA 0x2 - Program & Command Execution 465d ago Offensive VBA 0x1 - Your First Macro 467d ago Emulating FIN6 - Gaining Initial Access (Office Word Macro) 473d ago FIN6 Adversary Emulation Plan (TTPs & Tooling) 476d ago Developing An Adversary Emulation Plan 476d ago Introduction To Advanced Persistent Threats (APTs) 481d ago Introduction To Adversary Emulation 503d ago Mastering Persistence: Using an Apache2 Rootkit for Stealth and Defense Evasion 512d ago Planning Red Team Operations | Scope, ROE & Reporting 651d ago Mapping APT TTPs With MITRE ATT&CK Navigator 656d ago

15 loaded Show 5 more

TH

Threatpost

1342d ago · 10 items

Student Loan Breach Exposes 2.5M Records 1342d ago 2.5 million people were affected, in a breach that could spell more trouble down the line. Watering Hole Attacks Push ScanBox Keylogger 1343d ago Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms 1344d ago Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. Ransomware Attacks are on the Rise 1347d ago Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. Cybercriminals Are Selling Access to Chinese Surveillance Cameras 1348d ago Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. Twitter Whistleblower Complaint: The TL;DR Version 1349d ago Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. Firewall Bug Under Active Attack Triggers CISA Warning 1350d ago CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP. Fake Reservation Links Prey on Weary Travelers 1351d ago Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. iPhone Users Urged to Update to Patch 2 Zero-Days 1354d ago Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. Google Patches Chrome’s Fifth Zero-Day of the Year 1355d ago An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.