Overview Earlier this month, security sleuth and researcher “Chaotic Eclipse” (also known as Nightmare-Eclipse) published a zero-day exploit known as YellowKey, which allowed them to access BitLoc...

Overview of the First VPN Service 🚀 The Federal Bureau of Investigation (FBI) has released a FLASH report to share indicators of compromise (IOCs) and tactics related to the First VPN Service. Thi...

🚨 Important Security Alert! An attachment in an email impersonating DHL about a shipment contains a link to a preconfigured SimpleHelp remote access tool—an ideal starting point for attackers to e...

Magecart Skimmer Turns Stripe into a Malware Command Server 🚨 Sansec has uncovered a Magecart family that operates its skimmer directly through Stripe. The attacker cleverly stores the card steale...

iFood Confirms Data Breach Affecting 1.2 Million Users in Brazil 🚨 Brazilian food delivery app iFood has confirmed that it fell victim to a data breach in December 2025, impacting 1.2 million user...

VerdantBamboo: Just Another BRICKSTORM in the Firewall 🚀 In September 2025, Volexity conducted an incident response engagement after suspicious network traffic was observed from a Linux-based virt...

NAVTOR NavBox Vulnerability Advisory 🚨 A vulnerability, CVE-2026-21404, has been identified in NAVTOR NavBox through version 4.16.1.20. Successful exploitation of this vulnerability could allow a ...

EU Fines Temu 200 Million Euros for Breaching the DSA Last week, the European Commission issued a €200 million fine against Temu for breaching the DSA. The Commission argued that Temu failed to ad...

Understanding Illicit Ecosystems: XSS and the Current State of the Russian-Speaking Underground For more than two decades, XSS has been the gathering ground for the Russian-speaking cybercriminal ...

New Fake-Invoice Campaign Uncovered by Malwarebytes 🚨 A new batch of fake payment invoices is being staged right now, and we caught the campaign while it was still being put together! The emails i...

Bend the Beam Like Beckham to Defeat Anti-Jamming Tech It’s hard to stop a signal jammer if you can’t locate the source, say Rice University researchers. 📡 Wireless jamming attacks are on the ris...

Argamal RAT Distributed with Hentai Games 🚨 In April 2026, a new malware campaign targeting players of “hentai” games was discovered. Once launched, the infected games install a previously unknown...

From Malspam to DesckVB RAT Deployment 🚨 In May 2026, the Huntress SOC responded to a DesckVB RAT infection that began with a malspam. This delivery chain tells an interesting story: the lure rout...

Espionage Campaign Targeted Stock Exchange Executive for Five Months A five-month espionage campaign targeted the email account of a senior figure at a major global stock exchange. Unknown attacke...

Your Car is Following You - How to Reclaim Your Data Privacy on the Open Road 🚗🔍 Today’s vehicles know where you live, when you travel, and your driving habits. It’s becoming increasingly difficul...

Mini Shai-Hulud Campaign Compromises Red Hat Cloud Services 🚨 A mini Shai-Hulud campaign has compromised Red Hat Cloud Services npm packages to steal developer and CI/CD secrets during installatio...

Microsoft Changes Course on Legal Threats 🚀 Microsoft has announced that it will no longer pursue legal action against security researchers who conduct or publish their findings. This decision com...

HP Poly VoIP Vulnerability Alert 🚨 HP has released patches for a critical buffer overflow vulnerability in multiple IP-enabled conference phones from its Poly Voice line. This remote code executio...

Google Patches Over 100 Android Security Vulnerabilities 🚀 Google has released new security updates for Android, patching more than 100 vulnerabilities. Android users, it’s time to update your dev...

Dashlane Reports Cyberattack 🚨 Password manager maker Dashlane has reported that hackers have obtained at least a dozen encrypted vaults used for storing customer passwords during a weekend cybera...