Cybersecurity News
-
Exploiting Trust: How Malvertisers Leveraged GitLab and Claude.ai for In-Memory RAT Deployment
A highly sophisticated malvertising and social engineering campaign has recently emerged, showcasing a tactical pivot from weaponized GitLab Pages to the abuse of Claude.ai’s shared chat functionality. This campaign enables…
Read More » -
Critical Information Disclosure in Gravity SMTP Plugin: Active Exploitation of API Credentials
Security researchers have identified a significant information disclosure vulnerability in the Gravity SMTP WordPress plugin, which is currently being leveraged by threat actors to exfiltrate highly sensitive configuration data. By…
Read More » -
Critical Command Injection and Data Exfiltration Vulnerabilities Identified in Splunk AI Toolkit
Splunk has issued a critical security advisory regarding a significant vulnerability discovered within its AI Toolkit. This flaw provides a pathway for authenticated administrators to execute arbitrary operating system commands,…
Read More » -
Technical Analysis: Sapphire Sleet’s Cascading AppleScript Payload Chain on macOS
Recent threat intelligence has uncovered a sophisticated macOS campaign attributed to the North Korean actor Sapphire Sleet. The campaign leverages highly crafted .scpt (AppleScript) lure files to execute a multi-stage,…
Read More » -
Supply Chain Alert: 140 Mastra npm Packages Compromised via Typosquatted Dependency
A sophisticated software supply chain attack has recently targeted the JavaScript ecosystem, compromising over 140 npm packages within the popular Mastra namespace. This breach exposes developers, CI/CD pipelines, and enterprise-grade…
Read More » -
Serverless Phishing: How Threat Actors Weaponize GitHub Pages and APIs for Large-Scale Financial Fraud
A highly sophisticated, long-running phishing campaign has transitioned into a modular, serverless architecture, specifically designed to exploit the trust of reputable cloud platforms. By weaponizing GitHub Pages, threat actors are…
Read More » -
Rokarolla: zLabs Uncovers Sophisticated Android Banking Trojan
Cybersecurity researchers have uncovered a highly capable Android banking trojan dubbed Rokarolla—a name derived directly from its Command-and-Control (C2) infrastructure. According to recent analysis from the zLabs research team, this…
Read More » -
Critical Alert: Active Exploitation of Authentication Bypass in Oracle PeopleSoft (CVE-2026-35273)
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated its warning regarding a critical security flaw within the Oracle PeopleSoft Enterprise PeopleTools ecosystem. Identified as CVE-2026-35273, this vulnerability has transitioned…
Read More » -
Evolution of SprySOCKS: Analyzing the New Windows-Based Backdoor Variants
For much of its operational lifespan, the SprySOCKS backdoor has been a staple of the Linux environment, utilized extensively by the threat actor known as FishMonger (also identified as Earth…
Read More » -
27-Year Authentication Bypass and Kernel Heap Over-read Fixed in OpenBSD’s PPP Stack
A critical architectural flaw has been identified within the OpenBSD Point-to-Point Protocol (PPP) stack, specifically targeting the Password Authentication Protocol (PAP) validation logic. This vulnerability allows an unauthenticated attacker to…
Read More » -
Data Breach Analysis: Novo Nordisk Faces Exfiltration of Clinical Data and Proprietary AI Assets
Novo Nordisk, the Danish pharmaceutical leader driving the global metabolic health market with its GLP-1 agonists, has officially confirmed a cybersecurity incident involving unauthorized access to sensitive clinical data and…
Read More » -
Stealth via Infrastructure: How DragonForce Leverages Microsoft Teams TURN Relays for C2
In a sophisticated display of living-off-the-trusted-infrastructure, the DragonForce ransomware group has successfully weaponized Microsoft Teams’ backend architecture to mask malicious command-and-control (C2) traffic. By exploiting the protocol designed to facilitate…
Read More » -
Active Exploitation Detected: Critical Vulnerabilities Targeting Fortinet FortiSandbox Infrastructure
The cybersecurity landscape has seen a rapid escalation in activity as threat actors pivot toward targeting core security infrastructure. Recent intelligence confirms that multiple critical vulnerabilities in Fortinet FortiSandbox appliances…
Read More » -
Advanced Phishing Evolution: UNC1151 Targets Gmail with Real-Time 2FA Interception
The threat actor known as Ghostwriter (UNC1151) has significantly upgraded its operational capabilities, moving beyond localized phishing to execute sophisticated, high-volume campaigns targeting Google Mail users. According to a recent…
Read More » -
Supply Chain Attack on WordPress Ecosystem: How a CDN Compromise Exposed 1.2 Million Sites
A sophisticated supply chain attack has struck the WordPress ecosystem, targeting the widely used OptinMonster plugin and exposing over 1.2 million websites to potential takeover. The breach also extends to…
Read More » -
The Ransomware Consolidation Wave: How Hyflock and The Gentlemen are Reshaping the RaaS Landscape
The ransomware landscape is undergoing a period of rapid reconsolidation. Rather than the disappearance of major players, we are witnessing a “repackaging” of institutional knowledge, where veteran operators are launching…
Read More » -
Critical Alert: Active Exploitation of Jenkins RCE Vulnerability (CVE-2026-53435) via Insecure Deserialization
A critical Remote Code Execution (RCE) vulnerability, tracked as CVE-2026-53435, is currently being leveraged in active, real-world cyberattacks targeting Jenkins automation servers. This flaw represents a significant threat to the…
Read More »