Overview Earlier this month, security sleuth and researcher “Chaotic Eclipse” (also known as Nightmare-Eclipse) published a zero-day exploit known as YellowKey, which allowed them to access BitLoc...

Overview of the First VPN Service 🚀 The Federal Bureau of Investigation (FBI) has released a FLASH report to share indicators of compromise (IOCs) and tactics related to the First VPN Service. Thi...

🚨 Important Security Alert! An attachment in an email impersonating DHL about a shipment contains a link to a preconfigured SimpleHelp remote access tool—an ideal starting point for attackers to e...

Siemens WinCC Certificate Manager Vulnerability Advisory 🚨 Attention: A critical vulnerability has been identified in the Siemens WinCC Certificate Manager that could potentially allow attackers t...

Meta Pauses Controversial Employee-Tracking Program 🚫 Meta has paused a controversial employee-tracking program after an internal security review revealed that highly granular keystroke and screen...

Major Vulnerability Discovered in CI/CD Systems 🚨 A significant software supply chain vulnerability has been identified across the open-source network, allowing cybercriminals to hijack build pipe...

Nearly Half of LG Smart TV Apps Contain Residential Proxy SDKs We scanned 6,038 apps across LG and Samsung; 2,058 were selling your IP address. On screen, it’s a relaxing fish tank, a clock, solit...

GTA 6 Scams Emerge as Pre-Orders Open 🚨 As Rockstar Games announced that pre-orders for Grand Theft Auto VI (GTA 6) will be available from June 25, scammers have already created fake websites offe...

FFmpeg Fixes PixelSmash Flaw in Widely Used Video Decoder 🚀 A newly disclosed FFmpeg flaw dubbed ‘PixelSmash’ could be exploited for remote code execution on Jellyfin servers under certain conditi...

Thousands of D-Link Routers Under Control of AryStinger Botnet Researchers have found that the recently discovered AryStinger botnet has quietly hijacked thousands of end-of-life D-Link routers an...

Researchers Uncover Critical DifyTap Vulnerabilities 🚨 Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform, that could allow ...

New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer 🚨 Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer through a previously unrepor...

Overview A heap over-read in the Squid web proxy can leak another user’s cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic t...

Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain 🚨 Security researchers at Paradigm Shift have unveiled a groundbreaking exploit known as usbliter8, which allows arbit...

Texas Government Data Breach 🚨 The Texas Parks and Wildlife Department (TPWD) has disclosed a significant data breach at its license system vendor, exposing personal information for over three mil...

Peter Thiel’s Secret Society Leak 🚨 A simple website flaw exposed members, political profiles, login tokens, and dating data from Peter Thiel’s secretive Dialog network. Dialog, a private invitati...

Large-Scale Malware Distribution Campaign on GitHub Uncovered 🚨 A significant malware distribution campaign has been discovered on GitHub, involving 10,000 repositories that are spreading Trojan m...

Vulnerabilities in Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT 🚨 Attention Healthcare Providers! 🚨 The Apollo Pharmacy Blood Glucose Monitoring System (Model No. APG-01 BT) has been...

New Abuse of the ClickOnce Technology, Part 1 To help solve the challenge of application deployment, Microsoft offers multiple solutions including its Microsoft Store, the native Windows Installer...

FortiBleed: You Can’t Patch Your Way Out of This A multi-phase campaign, dubbed FortiBleed, has cracked administrative credentials on roughly half of the world’s internet-facing FortiGate firewall...