Archive
All articles, newest first. Page 1.
Rokarolla: The Android Trojan That Turns Your Phone Into a Digital Prison
Discovered by Zimperium zLabs, the Rokarolla trojan deploys 137 commands and fake overlays to isolate victims, steal banking credentia…
Lorem Ipsum Pivots to ClickFix After Fox Tempest Takedown
BlueVoyant reports the Lorem Ipsum malware abandoned signed Microsoft Teams installers for ClickFix tactics on compromised WordPress s…
GhostTree: The NTFS Attack That Freezes EDR
Varonis Threat Labs disclosed GhostTree, an evasion technique that neutralizes Windows Defender using recursive NTFS junctions — no el…
Vertex AI SDK: Cross-Tenant Bucket Squatting Enabled RCE
Google Cloud Vertex AI SDK versions 1.139.0 through 1.140.0 were vulnerable to cross-tenant bucket squatting leading to remote code ex…
DragonForce Weaponizes Microsoft Teams TURN Relays for Stealth C2
The DragonForce ransomware group deployed Backdoor.Turn, the first documented in-the-wild malware to abuse Microsoft Teams' legitimate…
Cisco SD-WAN, CVE-2026-20262: Internal Discovery, External Exploitation
Cisco disclosed CVE-2026-20262, a path traversal vulnerability in Catalyst SD-WAN Manager actively exploited in the wild. It requires…
SprySOCKS Returns to Windows: Kernel Rootkit and Government Targeting
ESET discovered Windows variants of the SprySOCKS backdoor—previously Linux-only—equipped with a kernel rootkit and used against gover…
Malware on Steam Workshop: Animated Wallpapers Steal Credentials
Dozens of malicious wallpapers on Steam Workshop have infected thousands of users, delivering backdoors, Steam account theft, and hidd…
iRhythm: Patient Health Data Stolen via Social Engineering
iRhythm Holdings disclosed a data breach in which attackers exfiltrated PHI and PII from third-party business applications through soc…
LiteSpeed cPanel: Two CVEs Added to KEV Catalog, Shared Hosting at Risk
CISA adds two distinct LiteSpeed cPanel plugin flaws to its Known Exploited Vulnerabilities catalog: root privilege escalation on shar…
North Korea Targets Developers: When the IDE Becomes the Attack Surface
North Korean state actors abused VS Code, npm, GitHub, and Hugging Face to distribute malware to developers. The UNK_DeadDrop campaign…
Conti Developer Sentenced: Why Loaders Are the RaaS Achilles' Heel
Ukrainian Conti ransomware developer Oleksii Lytvynenko pleaded guilty in U.S. federal court after extradition from Ireland. The case…
Chinese APT UNC6508: A Year of Espionage on REDCap Servers
Google exposes UNC6508: over a year of REDCap server compromise at U.S. and Canadian medical and military institutions using InfiniteR…
Anthropic Disables Fable 5 and Mythos 5 on US Directive Restricting Foreign Access
On June 12, 2026, at 5:21 p.m. ET, Anthropic received a US government directive ordering the immediate suspension of all access to Fab…
Infinite Campus: 137,123 Staff Emails Exposed in Salesforce Breach
ShinyHunters compromised an Infinite Campus employee's Salesforce account on March 18, 2026. After a failed extortion attempt, 137,123…
The Gentlemen: LLMs Accelerate the Ransomware Attack Cycle
CERT-AGID reveals that The Gentlemen ransomware group uses LLMs to build platforms in three days and customize extortion. Technical cl…
The Gentlemen: LLMs Cut Ransomware Development to Three Days
CERT-AGID reports the ransomware group The Gentlemen uses LLMs to build platforms in three days, personalize extortion, and replicate…
HAMLOCK: Invisible AI Backdoor Spans Chip and Software
Researchers demonstrate HAMLOCK, a supply-chain attack that splits a neural-network backdoor between minimal software weight changes (…
ZDI-26-356: Apache Reverse Proxy Betrayed by AJP Backend
CVE-2026-34032 in mod_proxy_ajp lets a compromised AJP backend read out of bounds, with potential escalation to RCE via vulnerability…
Adobe Acrobat Reader: UAF in Annotation Parser Enables RCE via Malicious PDF
CVE-2026-27220: use-after-free in Adobe Acrobat Reader DC's Annotation parser, CVSS 7.8. Patch available, no known in-the-wild exploit…
ZDI-26-358: XSS in Allegra with a Classification Anomaly
Trend Micro's Zero Day Initiative published advisory ZDI-26-358 detailing an XSS flaw in Allegra's downloadAttachment method. The advi…
ShinyHunters Hits 100+ Universities with Oracle Zero-Day
CVE-2026-35273 in PeopleSoft EMHub: unauthenticated RCE, CVSS 9.8, 68% of victims in higher education. CISA mandates patch by June 15.
Langflow CVE-2026-5027: RCE Under Active Exploitation with 7,000 Instances Exposed
A critical path traversal vulnerability in Langflow is being exploited in the wild. CVE-2026-5027 (CVSS 8.8) enables unauthenticated r…
X.Org Server: Root LPE via XkbSetCompatMap; Patch Released
CVE-2026-33999 in X.Org Server enables local privilege escalation to root. Discovered by ZDI, the fix follows a coordinated disclosure…