Overview Earlier this month, security sleuth and researcher “Chaotic Eclipse” (also known as Nightmare-Eclipse) published a zero-day exploit known as YellowKey, which allowed them to access BitLoc...

Overview of the First VPN Service 🚀 The Federal Bureau of Investigation (FBI) has released a FLASH report to share indicators of compromise (IOCs) and tactics related to the First VPN Service. Thi...

🚨 Important Security Alert! An attachment in an email impersonating DHL about a shipment contains a link to a preconfigured SimpleHelp remote access tool—an ideal starting point for attackers to e...

Microsoft’s Open Source Tools Hacked 🚨 Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injec...

New EDRChoker Tool 🚀 A newly released open-source red team tool called EDRChoker introduces a novel technique for silencing cloud-connected Endpoint Detection and Response (EDR) agents. Instead of...

CVE-2026-11459 - SecureAge CatchPulse IOCTL Vulnerability Disclosed 🚨 A new security vulnerability, tracked as CVE-2026-11459, has been detected in SecureAge CatchPulse up to version 10.9.1. This ...

Oxford University Student Data Breach 🚨 Oxford University students seeking work will be dismayed to learn that crooks have breached a second external platform provider for the university in as man...

Former Cyber Executive Turns Whistleblower Against IBM for Data Breach Cover-Up A former IBM cybersecurity executive has made serious allegations against the company, claiming it covered up multip...

Claude Opus Uncovers Critical Flaw in Zcash’s Privacy Layer 🚨 Claude Opus 4.8 has revealed a four-year-old critical flaw in Zcash that could have allowed the undetectable creation of counterfeit c...

Dark Web Nemesis Market Vendor Sentenced to 26 Years for Drug Trafficking A California man has been sentenced to more than 26 years in federal prison for trafficking fentanyl and methamphetamine t...

C-Suite Impersonation in the Gulf: How Threat Actors Are Targeting UAE & Saudi Executives in 2026 When a senior executive at a Dubai-based energy conglomerate receives a WhatsApp message that ...

New Extortion Tactics by Pink 🚨 A new extortion brand called Pink is making waves by using voice phishing and fake help-desk calls to gain initial access to organizations’ IT environments. This gr...

Magecart Skimmer Turns Stripe into a Malware Command Server 🚨 Sansec has uncovered a Magecart family that operates its skimmer directly through Stripe. The attacker cleverly stores the card steale...

iFood Confirms Data Breach Affecting 1.2 Million Users in Brazil 🚨 Brazilian food delivery app iFood has confirmed that it fell victim to a data breach in December 2025, impacting 1.2 million user...

VerdantBamboo: Just Another BRICKSTORM in the Firewall 🚀 In September 2025, Volexity conducted an incident response engagement after suspicious network traffic was observed from a Linux-based virt...

NAVTOR NavBox Vulnerability Advisory 🚨 A vulnerability, CVE-2026-21404, has been identified in NAVTOR NavBox through version 4.16.1.20. Successful exploitation of this vulnerability could allow a ...

EU Fines Temu 200 Million Euros for Breaching the DSA Last week, the European Commission issued a €200 million fine against Temu for breaching the DSA. The Commission argued that Temu failed to ad...

Understanding Illicit Ecosystems: XSS and the Current State of the Russian-Speaking Underground For more than two decades, XSS has been the gathering ground for the Russian-speaking cybercriminal ...

New Fake-Invoice Campaign Uncovered by Malwarebytes 🚨 A new batch of fake payment invoices is being staged right now, and we caught the campaign while it was still being put together! The emails i...

Bend the Beam Like Beckham to Defeat Anti-Jamming Tech It’s hard to stop a signal jammer if you can’t locate the source, say Rice University researchers. 📡 Wireless jamming attacks are on the ris...