Ever look at a bit of Javascript sandboxing code and say to yourself “I know I can probably break out of that”? No? Just me? Must be a security researcher thing. As a hacker, one of the best place...
In late July 2025, Arctic Wolf observed an increase in ransomware activity targeting SonicWall firewall devices for initial access. In the intrusions reviewed, multiple pre-ransomware intrusions we...
A vulnerability that researchers call CurXecute is present in almost all versions of the AI-powered code editor Cursor and can be exploited to execute remote code with developer privileges. The se...
Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wallet drainer. The package, @kodane/patch-manag...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2013-10034 Kaseya - KServer ...
This research explores how large language models (LLMs) can complement, rather than replace, the efforts of malware analysts in the complex field of reverse engineering. LLMs may serve as powerful...
In July 2025, the eSentire Threat Response Unit (TRU) identified multiple sophisticated incidents believed to be attributed to the Interlock Group, a ransomware gang that has targeted organizations...
During a ransomware intrusion, we encountered a script that was filled with clear comments for what each command and function did. It was immediately, jarringly out of place, as at Huntress we typi...
Key Findings – Q2 2025 Ransomware Trends Ransomware-as-a-Service (RaaS) group disruptions: Several major ransomware groups have disappeared, leaving a fragmented ecosystem. Slight decline in public...
Overview Proofpoint has identified a cluster of activity using Microsoft OAuth application creation and redirects that lead to malicious URLs enabling credential phishing. The fake Microsoft 365 a...
Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been targeting embassies located in Moscow using an adversary-i...
Introduction Over the last five years, the Democratic People’s Republic of Korea (DPRK) has transitioned from smash-and-grab cryptocurrency raids to a more covert, scalable model of economic warfar...
Bitdefender cybersecurity experts discovered serious vulnerabilities in Dahua smart cameras that could have allowed hackers to take full control of the devices remotely. Fortunately, the vulnerabil...
Key Findings Check Point Research (CPR) conducted a focused analysis of Storm-2603, a threat actor associated with recent ToolShell exploitations, together with other Chinese APT groups. Storm-260...
Key Takeaways APT36 has expanded its focus to include Indian railway systems, oil and gas infrastructure, and the Ministry of External Affairs. They use .desktop files disguised as PDF docume...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2024-45515 n/a - n/a An iss...
Key Takeaways From This Blog Initial access can be physical and extremely low-profile, evading most traditional defenses. Memory and network forensics were the only effective techniques in det...
A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal dat...
Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with...
Security researchers may have discovered a reliable hosting company run by Qwins Ltd. that supports a broad range of international malware operations in a recent analysis resulting from standard fo...