SECURITY 228

• Scans for Adminer Understanding the Threat Mar 18, 2026
• Transparent COM Instrumentation for Malware Analysis Mar 18, 2026
• Researchers Found Font-Rendering Trick to Hide Malicious Commands Mar 18, 2026
• New Ubuntu Flaw Enables Local Attackers to Gain Root Access Mar 18, 2026
• Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access Mar 18, 2026
• How to Examine Polyglot Files with Spectra Analyze Mar 17, 2026
• GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos Mar 16, 2026
• Flaw in UK's Corporate Registry Exposes Directors' Data Mar 16, 2026
• AppsFlyer Web SDK Hijacked to Spread Crypto-Stealing JavaScript Code Mar 14, 2026
• Twenty Years of Cloud Security Research Mar 13, 2026
• CrackArmor - Critical AppArmor Flaws Enable Local Privilege Escalation to Root Mar 13, 2026
• Canadian Retail Giant Loblaw Notifies Customers of Data Breach Mar 12, 2026
• This Android Vulnerability Can Break Your Lock Screen in Under 60 Seconds Mar 12, 2026
• Hewlett Packard Enterprise Fixes Critical Authentication Bypass in Aruba AOS-CX Mar 11, 2026
• Alert Regarding Vulnerabilities in Adobe Acrobat and Reader Mar 11, 2026
• Vulnerabilities in Lantronix EDS3000PS and EDS5000 Mar 10, 2026
• Honeywell IQ4x BMS Controller Vulnerability Advisory Mar 10, 2026
• How We Hacked McKinsey's AI Platform Mar 10, 2026
• Improper File Access Permission Settings in Digital Arts Products Mar 9, 2026
• Fixing Request Smuggling Vulnerabilities in Pingora OSS Deployments Mar 9, 2026
• How AI Assistants are Moving the Security Goalposts Mar 8, 2026
• An AI Broke Out of Its System to Mine Crypto Mar 7, 2026
• High-severity Qualcomm Bug Hits Android Devices in Targeted Attacks Mar 4, 2026
• Cisco Fixes Maximum-Severity Secure FMC Bugs Threatening Firewall Security Mar 4, 2026
• Most Cybercriminals Are Middle-Aged New Data Reveals Mar 3, 2026
• Google Quantum-Proofs HTTPS by Squeezing 15kB of Data into 700-Byte Space Feb 28, 2026
• QuickLens Chrome Extension Steals Crypto and Shows ClickFix Attack Feb 28, 2026
• Critical Juniper Networks PTX Flaw Allows Full Router Takeover Feb 26, 2026
• The Investigative Gap - Why Forensic Context is the SOC’s Greatest Bottleneck Feb 26, 2026
• Post-Exploitation at Scale - The Rise of AILM Feb 26, 2026
• One-click Disaster Microsoft’s Entra Tokens at Risk Feb 25, 2026
• Man Accidentally Gains Control of 7,000 Robot Vacuums Feb 25, 2026
• Critical Cisco SD-WAN Bug Exploited in Zero-Day Attacks 🚨 Feb 25, 2026
• RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN Feb 24, 2026
• Go Library Maintainer Critiques GitHub's Dependabot as a 'Noise Machine' Feb 24, 2026
• How to Set Up Private DNS Mode on Your iPhone - Why You Should Do It ASAP Feb 23, 2026
• 2025 - The Untold Stories of Check Point Research Feb 23, 2026
• Hackers Hide Pulsar RAT Inside PNG Images in New NPM Supply Chain Attack Feb 22, 2026
• Critical Vulnerabilities Found in NesterSoft WorkTime Feb 22, 2026
• Predator Spyware Hides iOS Recording Indicators Feb 21, 2026
• PayPal App Code Error Exposes Personal Information Feb 20, 2026
• Welker OdorEyes EcoSystem Pulse Bypass System Vulnerability Alert Feb 19, 2026
• Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot Feb 18, 2026
• Keenadu The Tablet Conqueror and Major Android Botnets Feb 17, 2026
• Fake Incident Report Used in Phishing Campaign Feb 17, 2026
• Critical Vulnerabilities in GE Vernova Enervista UR Setup Feb 17, 2026
• Android 17 Beta Introduces Secure-By-Default Architecture Feb 17, 2026
• Security Flaw at DavaIndia Pharmacy Exposes Customer Data Feb 16, 2026
• RoguePilot - Exploiting GitHub Copilot for a Repository Takeover Feb 16, 2026
• Eurail Confirms Stolen Traveler Data for Sale on Dark Web Feb 16, 2026
• Snail Mail Phishing Targets Trezor and Ledger Users Feb 14, 2026
• Security Experts Warn Discord Age Checks Create 'Identity Honey Pot' Feb 12, 2026
• Microsoft Store Outlook Add-in Hijacked to Steal 4,000 Accounts Feb 11, 2026
• Quick Howto - Extract URLs from RTF Files Feb 9, 2026
• Password Guessing Without AI How Attackers Build Targeted Wordlists Feb 9, 2026
• How the GNU C Compiler Became the Clippy of Cryptography Feb 9, 2026
• BeyondTrust Fixes Critical Pre-Auth Bug Allowing Remote Code Execution Feb 9, 2026
• Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks Feb 6, 2026
• Eradicating Trivial Vulnerabilities at Scale Feb 6, 2026
• Eradicating Trivial Vulnerabilities at Scale Feb 6, 2026
• Web Traffic Hijacking Malicious Nginx Configurations Uncovered Feb 5, 2026
• The Double-Edged Sword of Non-Human Identities Feb 4, 2026
• DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon Feb 3, 2026
• Wave of Citrix NetScaler Scans Utilize Thousands of Residential Proxies Feb 3, 2026
• Step Finance Reports $40M Crypto Theft Due to Compromised Devices Feb 3, 2026
• Multiple Vulnerabilities Found in ELECOM Wireless LAN Products Feb 3, 2026
• Notepad++ Hijacked by State-Sponsored Hackers Feb 2, 2026
• Mutagen Astronomy From Discovery to CISA Recognition—A Seven-Year Journey Feb 2, 2026
• Mutagen Astronomy - From Discovery to CISA Recognition—A Seven-Year Journey Feb 2, 2026
• Multiple Vulnerabilities Found in Cybozu Garoon Feb 2, 2026
• Android RAT Uses Hugging Face to Host Malware Feb 2, 2026
• 341 Malicious ClawHub Skills Discovered Stealing User Data Feb 2, 2026
• Why has Microsoft been routing example.com traffic to a company in Japan? Jan 27, 2026
• WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware Jan 27, 2026
• Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core Jan 27, 2026
• Initial Stages of Romance Scams [Guest Diary] Jan 27, 2026
• Defending with AD Tripwires - GOAD Walkthrough Jan 26, 2026
• FBI Accessed Windows Laptops After Microsoft Shared BitLocker Recovery Keys Jan 24, 2026
• Delta Electronics DIAView Vulnerability Advisory Jan 22, 2026
• Don't click on the LastPass 'create backup' link - it's a scam Jan 21, 2026
• Can you use too many LOLBins to drop some RATs? Jan 21, 2026
• Critical TP-Link VIGI camera flaw allowed remote takeover of surveillance systems Jan 20, 2026
• Leveraging Landlock telemetry for Linux detection engineering Jan 14, 2026
• German Manufacturing Under Phishing Attacks - Tracking a Stealthy AsyncRAT Campaign Jan 14, 2026
• A single click mounted a covert, multistage attack against Copilot Jan 14, 2026
• Why iPhone users should update and restart their devices now Jan 13, 2026
• Unveiling VoidLink – A Stealthy, Cloud-Native Linux Malware Framework Jan 13, 2026
• CVE-2026-22200 Jan 12, 2026
• Fake WinRAR downloads hide malware behind a real installer Jan 8, 2026
• Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers Jan 7, 2026
• NordVPN Denies Breach After Hacker Claims Access to Salesforce Dev Data Jan 5, 2026
• China's guardian of secrets 保密管理系统 Jan 4, 2026
• New React Rsc Vulnerabilities Enable.Html Dec 14, 2025
• NANOREMOTE, cousin of FINALDRAFT Dec 14, 2025
• 7 Best Security Awareness Training Platforms For MSPs in 2026 Dec 14, 2025
• Multiple India-based CCTV Cameras Dec 9, 2025
• Exploitation of React2Shell Surges Dec 8, 2025
• Despite Microsoft’s secret patch, LNK loophole remains viable for hackers to deliver malware Dec 4, 2025
• Google fixes two Android zero days exploited in attacks, 107 flaws Dec 2, 2025
• Glassworm malware returns in third wave of malicious VS Code packages Dec 1, 2025
• Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems Nov 27, 2025
• Over 390 Abandoned iCalendar Sync Domains Could Expose ~4 Million Devices to Security Risks Nov 27, 2025
• Old tech, new vulnerabilities - NTLM abuse, ongoing exploitation in 2025 Nov 26, 2025
• Russian RomCom Utilizing SocGholish to Deliver Mythic Agent to U.S. Companies Supporting Ukraine Nov 25, 2025
• Is Your Android TV Streaming Box Part of a Botnet? Nov 24, 2025
• Weaponized file name flaw makes updating glob an urgent job Nov 23, 2025
• Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update Nov 23, 2025
• WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide Nov 19, 2025
• Mac users warned about new DigitStealer information stealer Nov 19, 2025
• Critics scoff after Microsoft warns AI feature can infect machines and pilfer data Nov 19, 2025
• Active Directory Trust Misclassification - Why Old Trusts Look Like Insecure External Trusts Nov 19, 2025
• Agents built into your workflow - Get Security Copilot with Microsoft 365 E5 Nov 18, 2025
• RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet Nov 15, 2025
• Microsoft Patch Tuesday for November 2025 — Snort rules and prominent vulnerabilities Nov 11, 2025
• Google sounds alarm on self-modifying AI malware Nov 6, 2025
• How an Attacker Drained 28M from Balancer Through Rounding Error Exploitation Nov 5, 2025
• Exploiting Microsoft Teams Impersonation and Spoofing Vulnerabilities Exposed Nov 4, 2025
• Chrome can now store your driver's license and passport, but is that safe? Nov 4, 2025
• 11 ways to delete or hide yourself from the internet - and protect your privacy Nov 4, 2025
• Drawn to Danger Windows Graphics Vulnerabilities Lead to Remote Code Execution and Memory Exposure Nov 2, 2025
• Attackers targeting unpatched Cisco kit notice malware implant removal, install it again Nov 2, 2025
• New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL Nov 1, 2025
• TEE.Fail attack breaks confidential computing on Intel, AMD, NVIDIA CPUs Oct 28, 2025
• BiDi Swap The bidirectional text trick that makes fake URLs look real Oct 28, 2025
• Hackers exploit 34 zero-days on first day of Pwn2Own Ireland Oct 21, 2025
• Data brokers are constantly doxing us, and we can’t do anything about it Oct 19, 2025
• Whisper 2FA Behind One Million Phishing Attempts Since July Oct 15, 2025
• Elasticsearch Leak Exposes 6 Billion Records from Scraping, Old and New Breaches Oct 15, 2025
• Unverified COTS hardware enables persistent attacks in small satellites via SpyChain Oct 14, 2025
• New Android Pixnapping attack steals MFA codes pixel-by-pixel Oct 14, 2025
• New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login Oct 12, 2025
• SquareX Shows AI Browsers Fall Prey to OAuth Attacks, Malware Downloads and Malicious Link Distribution Oct 9, 2025
• SaaS Breaches Start with Tokens - What Security Teams Must Watch Oct 9, 2025
• New Mic-E-Mouse Attack Shows Computer Mice Can Capture Conversations Oct 7, 2025
• Ghost in the Cloud Weaponizing AWS X-Ray for Command & Control Oct 5, 2025
• Massive network of 30,000 websites filters victims before delivering scams or malware Oct 1, 2025
• Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability Oct 1, 2025
• SVG Security Analysis Toolkit to Detect Malicious Scripts Hidden in SVG Files Sep 29, 2025
• Microsoft Flags AI-Driven Phishing LLM-Crafted SVG Files Outsmart Email Security Sep 29, 2025
• Cisco warns of IOS zero-day vulnerability exploited in attacks Sep 24, 2025
• US Secret Service dismantled covert communications network near the U.N. in New York Sep 23, 2025
• Microsoft Fixed Entra ID Vulnerability Allowing Global Admin Impersonation Sep 23, 2025
• ShadowLeak Exploit Exposed Gmail Data Through ChatGPT Agent Sep 22, 2025
• Researchers expose MalTerminal, an LLM-enabled malware pioneer Sep 22, 2025
• Microsoft Entra ID flaw allowed hijacking any company's tenant Sep 22, 2025
• Heathrow Airport Cyberattack What Happened, Who’s Affected, and What CISOs Should Know Sep 22, 2025
• Unmasking Akira The ransomware tactics you can’t afford to ignore Sep 19, 2025
• Google Chrome 0-Day Vulnerability Actively Exploited in the Wild – Patch Now Sep 18, 2025
• APT37 Targets Windows with Rust Backdoor and Python Loader Sep 8, 2025
• Severe Hikvision HikCentral Product Flaws What You Need to Know Sep 4, 2025
• Google fixes actively exploited Android flaws in September update Sep 3, 2025
• Azure AD Credentials Exposed in Public App Settings File Sep 2, 2025
• WhatsApp patches vulnerability exploited in zero-day attacks Aug 29, 2025
• Apple rushes out fix for active zero-day in iOS and macOS Aug 21, 2025
• Major password managers can leak logins in clickjacking attacks Aug 20, 2025
• Flaws in Software Used by Hundreds of Cities and Towns Exposed Sensitive Data Aug 20, 2025
• New Research Links VPN Apps, Highlights Security Deficiencies Aug 19, 2025
• New Ghost-tapping Attacks Steal Customers’ Cards Linked to Services Like Apple Pay and Google Pay Aug 18, 2025
• EncryptHub Abuses Brave Support in new Campaign Exploiting- MSC Eviltwin Flaw Aug 16, 2025
• New 'Curly COMrades' APT Using NGEN COM Hijacking in Georgia, Moldova Attacks Aug 12, 2025
• OWASP AIVSS targets agentic AI risk Aug 6, 2025
• Critical Vulnerability Impacting Over 100K Sites Patched in Everest Forms Plugin Aug 6, 2025
• Smart Contract Scams | Ethereum Drainers Pose as Trading Bots to Steal Crypto Aug 5, 2025
• ReVault! When your SoC turns against you… Aug 5, 2025
• Perplexity is using stealth, undeclared crawlers to evade website no-crawl directives Aug 4, 2025
• New Plague Linux malware stealthily maintains SSH access Aug 4, 2025
• Fingerprinting Malware C2s with Tags Aug 4, 2025
• Critical Vulnerability in NestJS Devtools Localhost RCE via Sandbox Escape Aug 1, 2025
• Dahua Camera flaws allow remote hacking. Update firmware now Jul 31, 2025
• Qwins Ltd Bulletproof Hosting Provider Powering Global Malware Campaigns Jul 30, 2025
• Exploiting Direct Send Attackers Abuse Microsoft 365 to Deliver Internal Phishing Attacks Jul 30, 2025
• Auto-Color Backdoor How Darktrace Thwarted a Stealthy Linux Intrusion Jul 29, 2025
• Attackers Actively Exploiting Critical Vulnerability in Alone Theme Jul 29, 2025
• Hackers Exploit Official Gaming Mouse Software to Spread Windows-based Xred Malware Jul 26, 2025
• Critical Vulnerabilities Found in Tridium Niagara Framework Jul 23, 2025
• Account Takeover Vulnerability Affecting Over 400K Installations Patched in Post SMTP Plugin Jul 23, 2025
• BIDI Swap Unmasking the Art of URL Misleading with Bidirectional Text Tricks Jul 22, 2025
• NET RFQ Request for Quote Scammers Casting Wide Net to Steal Real Goods Jul 21, 2025
• Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict Jul 21, 2025
• Fake Receipts Generators the rising threat to major retail brands Jul 17, 2025
• British spies and SAS named in Afghan data breach Jul 17, 2025
• Zyxel security advisory for path traversal vulnerability in APs Jul 15, 2025
• Tracking Protestware Spread 28 npm Packages Affected by Payload Targeting Russian-Language Users Jul 15, 2025
• Konfety Returns Classic Mobile Threat with New Evasion Techniques Jul 15, 2025
• Global Louis Vuitton data breach impacts UK, South Korea, and Turkey Jul 14, 2025
• DOGE Denizen Marko Elez Leaked API Key for xAI Jul 14, 2025
• Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) Jul 11, 2025
• macOS.ZuRu Resurfaces | Modified Khepri C2 Hides Inside Doctored Termius App Jul 10, 2025
• At last, a use case for AI agents with sky-high ROI Stealing crypto Jul 10, 2025
• Asus and Adobe vulnerabilities Jul 10, 2025
• Server with Rockerbox Tax Firm Data Exposed 286GB of Records Jul 9, 2025
• Risky Bulletin Browser extensions hijacked for web scraping botnet Jul 9, 2025
• Attackers Inject Code into WordPress Theme to Redirect Visitors Jul 9, 2025
• Animation-Driven Tapjacking on Android Jul 8, 2025
• Unmasking Insecure HTTP Data Leaks in Popular Chrome Extensions Jul 5, 2025
• Large Language Models (LLMs) Are Falling for Phishing Scams What Happens When AI Gives You the Wrong URL? Jul 1, 2025
• Can You Trust that Verified Symbol? Exploiting IDE Extensions is Easier Than it Should Be Jul 1, 2025
• Zero-day Bluetooth gap turns millions of headphones into listening stations Jun 26, 2025
• Extracting Lines of Interest From Zeek Logs Jun 26, 2025
• The Case of Hidden Spam Pages Jun 25, 2025
• In the Wild Malware Prototype with Embedded Prompt Injection Jun 25, 2025
• Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack Jun 24, 2025
• Another Wave North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages Jun 24, 2025
• Trix Shots Remote Code Execution on Aviatrix Controller Jun 23, 2025
• ConnectUnwise Threat actors abuse ConnectWise as builder for signed malware Jun 23, 2025
• Androxgh0st Continues Exploitation Operators Compromise a US University For Hosting C2 Logger Jun 22, 2025
• What’s Inside the Massive Chinese Data Leak Jun 18, 2025
• Fault Injection – Follow the White Rabbit Jun 18, 2025
• Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User Jun 13, 2025
• The TokenBreak Attack Jun 12, 2025
• Inside a Dark Adtech Empire Fed by Fake CAPTCHAs Jun 12, 2025
• GitHub Device Code Phishing Jun 12, 2025
• From Trust to Threat Hijacked Discord Invites Used for Multi-Stage Malware Delivery Jun 12, 2025
• EchoLeak Zero-Click AI Attack in Microsoft Copilot Exposes Company Data Jun 12, 2025
• The Evolution of Linux Binaries in Targeted Cloud Operations Jun 10, 2025
• Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account Jun 10, 2025
• Peep show 40K IoT cameras worldwide stream secrets to anyone with a browser Jun 10, 2025
• Critical Vulnerability Patched in SAP NetWeaver Jun 10, 2025
• Blitz Malware A Tale of Game Cheats and Code Repositories Jun 6, 2025
• ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware Jun 5, 2025
• Same Automated Impersonation for All Jun 4, 2025
• Roundcube Webmail under fire critical exploit found after a decade Jun 4, 2025
• Fake WordPress Caching Plugin Used to Steal Admin Credentials Jun 4, 2025
• Versa Concerto Understanding and Mitigating CVE-2025-34027 Jun 2, 2025
• Mark Your Calendar APT41 Innovative Tactics May 28, 2025
• The Sharp Taste of Mimo’lette Analyzing Mimo’s Latest Campaign targeting Craft CMS May 27, 2025
• Twenty Years of Cloud Security Research Oct 4, 2023
• CrackArmor - Critical AppArmor Flaws Enable Local Privilege Escalation to Root Oct 1, 2023