Overview Earlier this month, security sleuth and researcher “Chaotic Eclipse” (also known as Nightmare-Eclipse) published a zero-day exploit known as YellowKey, which allowed them to access BitLoc...

Overview of the First VPN Service 🚀 The Federal Bureau of Investigation (FBI) has released a FLASH report to share indicators of compromise (IOCs) and tactics related to the First VPN Service. Thi...

🚨 Important Security Alert! An attachment in an email impersonating DHL about a shipment contains a link to a preconfigured SimpleHelp remote access tool—an ideal starting point for attackers to e...

Roblox Developers Face Malware Attacks 🚨 Developers behind some of Roblox’s millions of games are facing alarming malware attacks that result in the loss of their entire games. According to a repo...

Overview A French-speaking attacker infiltrated a small automotive business in France, deploying a keylogger and stealing sensitive banking and email credentials. Before his command-and-control (C...

FortiBleed Leak Exposes Fortinet VPN Credentials for 73,000 Devices 🚨 A newly discovered data leak dubbed “FortiBleed” has exposed what appears to be a collection of Fortinet and FortiGate VPN cre...

The Red Agent POV: How it Reasoned its Way to SSRF The Red Agent found a critical multi-step attack chain that allowed SSRF-to-Local-File-Read on GCP Cloud Run. The target was a GCP Cloud Run serv...

Synthetic APTs: The Collapse of TTP Cyber Threat Intelligence (CTI) attribution relies on identifying the Tactics, Techniques, and Procedures (TTPs) that distinguish one threat actor from another....

CVE-2026-48764 - TypeBot SSRF Vulnerability Exploited via DNS Rebinding CVE-2026-48764 impacts TypeBot, a chatbot builder tool. In versions prior to 3.17.2, a significant SSRF vulnerability exists...

Rockwell Automation RSLinx Vulnerability Advisory 🚨 Attention all users of RSLinx Classic! 🚨 A critical vulnerability has been identified in Rockwell Automation’s RSLinx Classic software that cou...

Overview The Google Threat Intelligence Group (GTIG) has identified a sophisticated campaign attributed to UNC6508, a People’s Republic of China (PRC)-nexus threat actor, targeting institutions in...

How Orca Traced an nginx Flaw to 1.45 Million Tengine Servers While the rest of the industry was busy patching nginx, Orca’s Threat Research Team was asking a different question, and the answer le...

Hidden in Teams: DragonForce Attackers Weaponize Microsoft Teams Relays 🚨 Backdoor.Turn, a Go-based RAT, is the first known malware to abuse Microsoft Teams’ TURN relay servers to mask command-and...

FishMonger’s Arsenal Upgraded: SprySOCKS for Windows 🚀 ESET researchers have discovered SprySOCKS for Windows, a backdoor weaponizing a kernel driver for advanced stealthiness. This malware is lin...

Dissecting Sapphire Sleet’s macOS Intrusion from Lure to Compromise Microsoft has identified an additional Sapphire Sleet macOS intrusion that follows the same core attack chain previously documen...

Ababil of Minab Exposed 🚨 Ababil of Minab is a pro-Iranian threat actor that surfaced in late March 2026, claiming destructive intrusions against targets in the United States, Israel, Saudi Arabia...

CVE-2026-44587 - CarrierWave Bypass Vulnerability CarrierWave is a framework for uploading files from Ruby applications. In versions prior to 2.2.7 and 3.1.3, the content_type_denylist check fails...

Users Cry Foul After AMD Stripped Memory Crypto from Its Consumer CPUs A decade ago, AMD introduced a protection mechanism to its high-end CPUs to safeguard against cold boot attacks and other phy...

Operation Highland: Uncovering Velvet Ant’s Intrusion When Sygnia’s IR team began reconstructing the intrusion that would become known as Operation Highland, they discovered that the earliest fore...

Feds Freaked Over Fable 5 After Simple ‘Fix This Code’ Prompt The “jailbreak” that prompted the Trump administration to block Anthropic’s most advanced models was actually a simple three-word prom...