This week Google and partners took action to disrupt what we believe is one of the largest residential proxy networks in the world, the IPIDEA proxy network. IPIDEA’s proxy infrastructure is a litt...

After the viral AI assistant Clawdbot was forced to rename to Moltbot due to a trademark dispute, opportunists moved quickly. Within days, typosquat domains and a cloned GitHub repository appeared—...

In a huge blow to the global cybercrime underground, US federal authorities have seized the clearnet and dark web domains of RAMP (Ramp4u.io), a well-known Russian-language cybercrime forum used by...

Microsoft patched a bevy of bugs that allowed bypasses of Windows Administrator Protection before the feature was made available earlier this month. James Forshaw, security researcher at Google’s P...

Source: SANS Internet Storm Center I was looking for possible exploitation of CVE-2026-21962, a recently patched WebLogic vulnerability. While searching for related exploit attempts in our data, I...

A new security alert has been issued over a computer program that is acting as a silent gateway for intruders. The tool, known by the technical name HEURRemoteAdmin.GoToResolve.gen, is being called...

Artificial intelligence is now embedded across the attack lifecycle, accelerating the execution of familiar techniques at greater speed and scale. … Alongside its role as an enabler, AI is now a di...

TA584 is one of the most prominent cybercriminal threat actors tracked by Proofpoint threat researchers. In 2025, the actor demonstrated multiple attack chain changes including expanded global targ...

We discovered a handful of security issues in Solarwinds Web Help Desk. These issues include an unauthenticated remote-code execution vulnerability via deserialization, static credentials that allo...

Microsoft has suppressed an unexplained anomaly on its network that was routing traffic destined to example.com—a domain reserved for testing purposes—to a maker of electronics cables located in Ja...

Meta on Tuesday announced it’s adding Strict Account Settings on WhatsApp to secure certain users against advanced cyber attacks because of who they are and what they do. The feature, similar to Lo...

A critical sandbox escape vulnerability in Grist-Core has been disclosed that allows remote code execution (RCE) through a single malicious spreadsheet formula. The issue was uncovered by Cyera Res...

Romance scams are a form of social-engineering fraud that causes both financial and emotional harm. They vary in technique and platform, but most follow the same high-level roadmap: initial contact...

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. The open-sou...

Hackers have claimed responsibility for a cyberattack against Panera Bread, a major American restaurant chain, that allegedly resulted in the leak of millions of customer and employee records. The ...

PeckBirdy is a sophisticated JScript-based C&C framework used by China-aligned APT groups to exploit LOLBins across multiple environments, delivering advanced backdoors to target gambling indus...

In January 2026, an app called Freecash shot up to the number two spot on Apple’s free iOS chart in the US, helped along by TikTok ads that resemble job offers from TikTok itself. The ads promised ...

In September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the Indian g...

Cellebrite’s products have been used by the Jordanian authorities to extract data from the phones of activists and civil society members without their consent. During our forensic investigation of ...

Part 2 flips to the defender’s point of view. We deploy AD Tripwires inside the same GOAD lab and show how a small set of purpose-built tripwire accounts produces deterministic alerts the moment an...