Hackers Abuse Cloudflare-Hosted AWS Phishing Domains to Steal Console Logins
A concise but sophisticated phishing campaign that targeted AWS console users by abusing Cloudflare-hosted domains to deliver adversary-in-the-middle (AiTM) ...
20 articles
A concise but sophisticated phishing campaign that targeted AWS console users by abusing Cloudflare-hosted domains to deliver adversary-in-the-middle (AiTM) ...
Google has released Chrome version 149.0.
The binary tracked as macOS.Gaslight as a Rust-based macOS implant and infostealer whose most novel features are analyst-directed prompt injection and a hard...
A newly disclosed vulnerability in the Microsoft Windows Recovery Environment (WinRE) could allow attackers to bypass UEFI and BIOS password protections, exp...
A sophisticated malware campaign that combined a phishing lure, an obfuscated Windows JavaScript dropper, a malicious Google Chrome extension and a Native Me...
Anthropic has accused the Chinese technology conglomerate Alibaba of orchestrating a large-scale, coordinated operation to extract capabilities from its Clau...
Cisco Catalyst SD-WAN Manager instances are currently being targeted in a zero-day exploitation campaign that allows attackers to escalate their privileges t...
OpenClaw’s agentic marketplace, ClawHub, was designed to accelerate AI-driven workflows by letting third-party “skills” extend an AI agent’s capabilities. Th...
During a recent investigation into activity affecting a diplomatic mission in Indonesia, researchers uncovered a previously undocumented loader family they n...
Europol, in collaboration with global law enforcement agencies and private sector partners, has successfully disrupted a significant cybercrime-as-a-service ...
Agentic red-team tools designed for autonomous offensive security operations are themselves vulnerable, allowing attackers to steal API keys, weaponize the a...
The Python-based remote access trojan ModeloRAT and a newly observed stealth backdoor, dubbed Backdoor.Mistic, to activity consistent with an initial access ...
Android Malware Campaign Uses Fake Document Reader App with 100K Google Play Downloads tracks a fresh Anatsa campaign that abused trust in a seemingly useful...
Grafana Labs has confirmed that a recent supply chain attack involving the TanStack npm ecosystem resulted in the cloning of its internal GitHub repositories...
An active phishing campaign that impersonates Microsoft Teams to trick victims into downloading a legitimately signed remote access tool (RAT) preconfigured ...
A concerted campaign by an initial access broker with ties to the Payouts King ransomware ecosystem that leverages a novel browser-based delivery technique t...
A proof-of-concept exploit has been released for CVE-2026-45502, a server-side request forgery (SSRF) vulnerability in the Microsoft Exchange Server’s Exchan...
A newly disclosed stored cross-site scripting (XSS) vulnerability in Webmin has raised significant security concerns, as it allows attackers with limited pri...
A newly released AI model, Claude Fable 5, has made a significant advancement in autonomous systems programming by generating a bootable Windows NT-style ker...
Cisco has disclosed a critical server-side request forgery (SSRF) vulnerability affecting its Unified Communications Manager (Unified CM) and Unified Communi...