Zero-day vulnerability in Japanese LMS exploited to deploy Cobalt Strike
The vulnerability, CVE-2026-5426, stems from the use of hard-coded ASP.NET machine keys within the LMS.
20 articles
The vulnerability, CVE-2026-5426, stems from the use of hard-coded ASP.NET machine keys within the LMS.
The Oncology Institute disclosed on May 20, 2026, that Kroll, a third-party administrator for an unnamed vendor, detected unauthorized access to systems that...
The attack exploits vulnerabilities in iOS 16, specifically CVE-2025-43300 within the ImageIO framework and potentially CVE-2025-55177, to gain unauthorized ...
RemotePE is deployed through a multi-stage attack chain involving two loaders, DPAPILoader and RemotePELoader.
A user on a cybercrime forum is selling a database of 340 million records allegedly linked to OnlyFans users for approximately $76,000.
The vulnerability, identified as CVE-2026-26980, affects Ghost versions 3.24.
The RondoDox botnet has been exploiting this vulnerability since May 17, as discovered by VulnCheck's Canary Network.
The vulnerabilities, identified as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, allow for unauthorized system changes, path traversal for accessing un...
Cisco's research highlights several key issues with AI-generated reports, including inconsistency and standardization challenges due to LLMs using different ...
New research from Checkmarx reveals that 75% of organizations admit to frequently or sometimes deploying code they are aware is vulnerable.
The attack on Based Apparel, reportedly an attempt to distribute infostealer malware designed to steal user credentials, was first brought to light by a user...
The acquisition of Symmetry Systems is expected to bolster Zscaler's cybersecurity offerings, particularly in protecting artificial intelligence applications.
Ghostwriter, also known as UAC-0057 and UNC1151, employs a multi-stage attack.
The Hunt.io report identified over 1,350 C2 servers across 98 providers in 14 Middle Eastern countries.
Former CEO Adam Young and former CSO Harrison Gevirtz admitted to a misprision of a felony charge. They operated C.
The Dutch financial crime investigators (FIOD) arrested a 57-year-old company director and a 39-year-old who headed a separate firm providing internet connec...