credential

April 21, 2026

The Trojan Horse in Your Inbox: How Attackers Are Weaponizing GitHub Issue Notifications

In a sophisticated evolution of social engineering, threat actors are no longer just sending fake emails; they are hijacking the…
Read More »
April 21, 2026

SideWinder APT Leverages Cloudflare Workers and Tailored PDF Lures in Sophisticated Zimbra Phishing Campaign

A highly sophisticated credential-harvesting operation, attributed to the SideWinder APT, has been identified targeting critical South Asian government infrastructure. The…
Read More »
April 20, 2026

Nexcorium Botnet Exploiting Critical TBK DVR Vulnerabilities

The IoT landscape is once again facing a significant surge in automated exploitation. A new, highly capable Mirai-based botnet, dubbed…
Read More »
April 20, 2026

Hybrid Threat Analysis: Dual-Payload Campaign Bundling Gh0st RAT with CloverPlus Adware

A sophisticated new malware campaign has surfaced, utilizing a multi-stage delivery mechanism that bundles a high-impact Remote Access Trojan (RAT)…
Read More »
April 20, 2026

Operation PhantomCLR: Exploiting .NET AppDomain Mechanisms via Trusted Intel Binaries

In a sophisticated display of living-off-the-land (LotL) tactics, threat actors are hijacking the fundamental architecture of the .NET AppDomain to…
Read More »
April 20, 2026

Notion Data Leak Exposes Editor Email Addresses Without Authentication

Security researchers have confirmed that any public Notion page now leaks the full names, email addresses, and profile pictures of…
Read More »
April 17, 2026

Sapphire Sleet’s Fake Zoom SDK Preys on macOS Users Through Social Engineering

A sophisticated cyber campaign orchestrated by North Korean threat actor Sapphire Sleet reveals a significant shift toward social engineering over…
Read More »
April 17, 2026

Google’s Gemini AI: Revolutionizing Ad Security to Combat Malvertising

Google has dramatically escalated its cyber defense capabilities by integrating advanced Gemini AI technology to neutralize malicious advertising campaigns. By…
Read More »
April 17, 2026

ATHR: Integrated Telephony-Based Attack Infrastructure and AI-Driven Voice Social Engineering in TOAD Attack Campaigns

Cybercriminal threat actors are increasingly leveraging telephone-oriented attack delivery (TOAD) methodologies to circumvent conventional email security infrastructure. This trend is…
Read More »
April 17, 2026

Exploitation of CVE-2026-39987 in Marimo: A Multi-Stage Attack Campaign Targeting AI/ML Developer Infrastructure

Threat actors are actively exploiting CVE-2026-39987, a critical pre-authentication remote code execution (RCE) vulnerability in the marimo Python notebook platform,…
Read More »
April 17, 2026

Still Using FTP? 6 Million Exposed Servers Remain Security Risk

A recent security brief from internet intelligence firm Censys reveals that despite its 55-year history, the File Transfer Protocol (FTP)…
Read More »
April 15, 2026

Threat Group Disrupts Middle East Critical Sectors in Cyber Reconnaissance Operation

Cybersecurity researchers have identified a persistent threat group operating with high fidelity to the tradecraft of MuddyWater. This actor recently…
Read More »
April 15, 2026

Attackers Weaponize Google Cloud Storage to Deliver Remcos RAT Through Phishing Campaigns

Cybercriminals are increasingly leveraging Google Cloud Storage infrastructure to circumvent email and web content filters, deploying Remcos Remote Access Trojan…
Read More »
April 15, 2026

Fortinet Releases Critical Security Patches for 11 Vulnerabilities

Fortinet has announced a comprehensive security update addressing 11 newly identified vulnerabilities across several of its core enterprise products. These…
Read More »
April 14, 2026

Emerging Android Banking Trojan Mirax: A Stealthy RAT with Residential Proxy Capabilities

A new Android banking trojan called Mirax is rapidly gaining traction in the cybercrime ecosystem, combining powerful remote access features…
Read More »
April 14, 2026

Exposed Botnet Panel Reveals Live Twitter/X Credential-Stuffing Operation With No Authentication

A fully operational credential-stuffing botnet targeting Twitter/X accounts has been discovered running entirely without authentication, leaving its command-and-control infrastructure, worker…
Read More »
April 14, 2026

Janela RAT: Financial Cybercrime Campaign Using Fake MSI Installers and Malicious Browser Extensions

Janela Remote Access Trojan (RAT) campaigns leverage fake Windows MSI installers and malicious browser extensions to infiltrate financial networks and…
Read More »
April 14, 2026

China-Linked APT41 Deploys Stealthy Linux Backdoor with SMTP Command-Control

Security researchers have uncovered a previously undocumented Linux backdoor attributed to China-linked APT41 (Winnti) group, actively targeting cloud workloads across…
Read More »
April 13, 2026

SaaS Platforms Abused: GitHub and Jira Become Phishing Proxies

Threat actors are weaponizing GitHub and Jira’s internal notification systems to craft undetectable phishing campaigns. By hijacking official mail servers,…
Read More »
April 13, 2026

VIPERTUNNEL: Python Malware Unmasked Through Fake DLLs & Multi-Stage Obfuscation

Hackers are leveraging a sophisticated Python backdoor called VIPERTUNNEL to establish covert command-and-control channels in victim networks. The attack chain…
Read More »

Previous page Next page