Overview Earlier this month, security sleuth and researcher “Chaotic Eclipse” (also known as Nightmare-Eclipse) published a zero-day exploit known as YellowKey, which allowed them to access BitLoc...

Overview of the First VPN Service 🚀 The Federal Bureau of Investigation (FBI) has released a FLASH report to share indicators of compromise (IOCs) and tactics related to the First VPN Service. Thi...

🚨 Important Security Alert! An attachment in an email impersonating DHL about a shipment contains a link to a preconfigured SimpleHelp remote access tool—an ideal starting point for attackers to e...

Vulnerabilities in Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT 🚨 Attention Healthcare Providers! 🚨 The Apollo Pharmacy Blood Glucose Monitoring System (Model No. APG-01 BT) has been...

New Abuse of the ClickOnce Technology, Part 1 To help solve the challenge of application deployment, Microsoft offers multiple solutions including its Microsoft Store, the native Windows Installer...

FortiBleed: You Can’t Patch Your Way Out of This A multi-phase campaign, dubbed FortiBleed, has cracked administrative credentials on roughly half of the world’s internet-facing FortiGate firewall...

Apple Patches High-Severity Eavesdropping Vulnerability in Beats Studio Buds Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited...

Popa Botnet Linked to Publicly-Traded Israeli Firm 🚨 For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked...

Operation Endgame Disrupts SocGholish Malware Infrastructure 🚨 Date Published: June 18, 2026 Source: Hackread Operation Endgame has expanded its reach by dismantling the network infrastructure of...

I Could’ve Rickrolled the Entire FIFA World Cup! 🎉 When you register on agents.fifa.org, FIFA adds your account to their Microsoft Entra tenant (formerly Azure AD). This tenant powers all of FIFA’...

AzeoTech DAQFactory Vulnerability Advisory 🚨 CISA has published an advisory regarding a critical vulnerability in AzeoTech DAQFactory. Successful exploitation of this vulnerability could allow an ...

Roblox Developers Face Malware Attacks 🚨 Developers behind some of Roblox’s millions of games are facing alarming malware attacks that result in the loss of their entire games. According to a repo...

Overview A French-speaking attacker infiltrated a small automotive business in France, deploying a keylogger and stealing sensitive banking and email credentials. Before his command-and-control (C...

FortiBleed Leak Exposes Fortinet VPN Credentials for 73,000 Devices 🚨 A newly discovered data leak dubbed “FortiBleed” has exposed what appears to be a collection of Fortinet and FortiGate VPN cre...

The Red Agent POV: How it Reasoned its Way to SSRF The Red Agent found a critical multi-step attack chain that allowed SSRF-to-Local-File-Read on GCP Cloud Run. The target was a GCP Cloud Run serv...

Synthetic APTs: The Collapse of TTP Cyber Threat Intelligence (CTI) attribution relies on identifying the Tactics, Techniques, and Procedures (TTPs) that distinguish one threat actor from another....

CVE-2026-48764 - TypeBot SSRF Vulnerability Exploited via DNS Rebinding CVE-2026-48764 impacts TypeBot, a chatbot builder tool. In versions prior to 3.17.2, a significant SSRF vulnerability exists...

Rockwell Automation RSLinx Vulnerability Advisory 🚨 Attention all users of RSLinx Classic! 🚨 A critical vulnerability has been identified in Rockwell Automation’s RSLinx Classic software that cou...

Overview The Google Threat Intelligence Group (GTIG) has identified a sophisticated campaign attributed to UNC6508, a People’s Republic of China (PRC)-nexus threat actor, targeting institutions in...

How Orca Traced an nginx Flaw to 1.45 Million Tengine Servers While the rest of the industry was busy patching nginx, Orca’s Threat Research Team was asking a different question, and the answer le...