Overview Earlier this month, security sleuth and researcher “Chaotic Eclipse” (also known as Nightmare-Eclipse) published a zero-day exploit known as YellowKey, which allowed them to access BitLoc...

Overview of the First VPN Service 🚀 The Federal Bureau of Investigation (FBI) has released a FLASH report to share indicators of compromise (IOCs) and tactics related to the First VPN Service. Thi...

🚨 Important Security Alert! An attachment in an email impersonating DHL about a shipment contains a link to a preconfigured SimpleHelp remote access tool—an ideal starting point for attackers to e...

Yarbo Android/iOS Mobile Application and Cloud Infrastructure Vulnerabilities 🚨 The recent vulnerabilities discovered in the Yarbo Android/iOS mobile applications and cloud infrastructure pose sig...

VRChat Denies Data Breach Claims 🚫 A data breach notice has been filed with the Maine Attorney General, claiming that over 2.4 million users of VRChat may have had their data compromised. However,...

OnyxC2 Malware-as-a-Service Offers Enterprise-Grade Data Theft OnyxC2 is a MaaS stealer targeting over 210 applications, utilizing DLL sideloading, encrypted payloads, and remote access features t...

How to Defend ARM64 Cloud Infrastructure from ITScape ITScape (CVE-2026-46316) is a guest-to-host escape vulnerability in the vGIC-ITS (Interrupt Translation Service) emulation within KVM/arm64, d...

A Tale of Two Eras Published on June 11, 2026 🚀 Talos’ Yuri Kramarz has published a compelling blog that highlights how AI-driven vulnerability discovery has completely outpaced human patching ca...

7 Open Source Incident Response Tools by Category Open source incident response (IR) tools provide security teams with transparent, inspectable software for live response, case management, log ana...

Who Runs the Ransomware Group ‘The Gentlemen’? 🚀 A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool...

Oracle PeopleSoft Servers Hacked 🚨 Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 org...

Justice Department and FBI Disable 13 Websites 🚨 Thirteen internet domains used to target U.S. persons, including current and former security clearance holders with access to classified and sensit...

GitHub Ends Automatic Install Script Execution for npm 🚀 GitHub is set to end the ability for attackers to leverage automatic install script execution in npm when expected changes arrive in July. ...

Expanded JDY IoT and SOHO Botnet Enables Rapid Vulnerability Exploitation 🚀 Black Lotus Labs recently identified a significant resurgence of the JDY botnet, a covert reconnaissance network tied to...

Siemens KACO Blueplanet Inverters Vulnerabilities Attention! 🚨 KACO Blueplanet Inverters have been found to contain multiple vulnerabilities that could allow attackers to derive credentials from t...

ServiceNow Discloses Security Incident Exposing Customer Data 🚨 ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API en...

Schneider Electric Modicon Network Managed Switches Vulnerability Schneider Electric is aware of a RADIUS protocol vulnerability, identified as CVE-2024-3596, affecting its Modicon Network Managed...

Phishing Attacks Leverage TikTok, Instagram Reels Short-form videos on social media apps are currently being leveraged by threat actors as a phishing vector, utilizing tutorial-style content with ...

Fighting Spyware: An Update From WhatsApp Last year, WhatsApp made history by securing a landmark verdict and permanent injunction barring NSO Group – a spyware firm blacklisted for actions contra...

CVE-2026-9746 - Server Crashes Due to Exchange Option DNB reports on CVE-2026-9746, a server vulnerability identified where, when using $changestreams and $_requestReshardingResumeToken with the e...