LONGLEASH Malware Adds Reverse Shell, Proxying, and Intermediate C2 Capabilities
A significant upgrade to malware maintained by the UAT-7810 actor: LONGLEASH, a successor to the previously reported SHORTLEASH implant, now sporting reverse...
20 articles
A significant upgrade to malware maintained by the UAT-7810 actor: LONGLEASH, a successor to the previously reported SHORTLEASH implant, now sporting reverse...
A suspected China-aligned cluster dubbed UNK_MassTraction that is exploiting n-day flaws in Roundcube webmail to compromise physics and engineering departmen...
The Trump administration has reportedly lifted previous restrictions on the launch of OpenAI’s GPT-5.6, enabling a broader commercial rollout of this advance...
Anthropic has announced an extension of access to its advanced AI model, Claude Fable 5, allowing users on all paid plans to continue using the system until ...
A critical vulnerability in Google Cloud’s Dialogflow CX platform allowed attackers to bypass VPC Service Controls (VPC-SC) and silently exfiltrate sensitive...
Accenture is currently investigating a potential data breach after a threat actor using the alias “888” claimed to be selling approximately 35GB of stolen da...
A critical vulnerability known as “GitLost” has been discovered in GitHub’s newly introduced Agentic Workflows by Noma Labs. This flaw allows unauthenticated...
SindriKit 1.3.
TeamPCP’s wide-scale supply-chain compromises have materially fueled VECT ransomware operations by supplying a vast archive of stolen CI/CD credentials, resh...
A targeted spear-phishing campaign that configures AnyDesk for silent, persistent remote access and exfiltrates its configuration using the Blat SMTP utility...
Thousands of Model Context Protocol (MCP) servers, widely used to connect large language models (LLMs) to external systems, have been found vulnerable to cri...
Microsoft has confirmed a significant policy change in the upcoming Windows 11 version 26H2. This update introduces a new default behavior for Windows settin...
The U.S.
Turla’s Kazuar backdoor has re-emerged as a technically sophisticated persistence and reconnaissance tool that combines DLL side-loading with PowerShell-base...
Microsoft has introduced a new security architecture to safeguard autonomous AI agents on Windows, unveiling the Microsoft Execution Containers (MXC) SDK at ...
A newly disclosed vulnerability in the Linux kernel, tracked as CVE-2026-53359 and named “Januscape,” reveals a 16-year-old flaw in KVM/x86 virtualization. T...
A recent security audit of PHP’s PDO ecosystem uncovered a denial-of-service vector in the pdo_pgsql driver that can crash PHP processes when emulated prepar...
A sophisticated interview-themed phishing campaign that impersonates major global brands to harvest Gmail credentials. Attackers pose as recruiters offering ...
Authorities used a persistent Windows Global Device ID, along with VPN telemetry and cloud service records, to connect the infrastructure used in a major ext...
A coordinated social-engineering campaign observed in late June 2026 combined email phishing with an abused Microsoft Teams cross‑tenant chat to deliver a so...