data
-
From Disclosure to Exploitation in Hours: LMDeploy SSRF Vulnerability Exploited in the Wild
In the rapidly evolving landscape of AI infrastructure, the window between vulnerability disclosure and active exploitation is shrinking to a…
Read More » -
The Industrialization of Web3 Theft: How HexagonalRodent Leverages AI and Social Engineering to Loot Developers
In a sophisticated evolution of North Korean cyber operations, a threat actor group known as HexagonalRodent is systematically targeting the…
Read More » -
Tropic Trooper Campaign: Leveraging GitHub and VS Code Tunnels for Stealthy C2
A sophisticated new campaign attributed to the threat actor Tropic Trooper (also known as Earth Centaur or Pirate Panda) has…
Read More » -
The Multi-Stage Supply Chain Compromise of Checkmarx KICS
In a sophisticated demonstration of supply chain exploitation, the official Checkmarx KICS (Keeping Infrastructure as Code Secure) ecosystem has fallen…
Read More » -
Critical Supply Chain Compromise: Malicious Infostealer Detected in Xinference Python Package
The software development community is facing a significant security milestone as a sophisticated supply chain attack has successfully targeted Xinference,…
Read More » -
Precision Targeting: Deconstructing the notnullOSX macOS Stealer Campaign
A sophisticated new cyber-threat has emerged in the macOS ecosystem, targeting high-net-worth individuals through a highly curated social engineering campaign.…
Read More » -
Needle Stealer Malware Hijacking Traders via Fake “TradingClaw” AI Agent
Cybersecurity researchers have identified a sophisticated social engineering campaign leveraging a fraudulent “TradingView AI agent” to distribute the Needle Stealer…
Read More » -
Security Patch: iOS and iPadOS 26.4.2 Fixes Notification Data Leakage Vulnerability
Apple has officially deployed iOS 26.4.2 and iPadOS 26.4.2, a targeted security release designed to mitigate a critical privacy vulnerability.…
Read More » -
Google Ads Weaponized for Crypto Theft
The traditional security perimeter is shifting. Malicious actors are increasingly bypassing technical firewalls by exploiting the one thing users trust…
Read More » -
Mozilla MFSA-2026-30: Critical Memory Safety & Privilege Escalation Fixes for Firefox 150 & Thunderbird 150
Mozilla has released a comprehensive security advisory (MFSA-2026-30) addressing a significant cluster of vulnerabilities affecting various components of the Firefox…
Read More » -
Exploiting the Frictionless Frontier: How Criminal Syndicates Weaponize French Freelancer Fintech Accounts
The rapid evolution of digital banking has provided unprecedented convenience for the modern entrepreneur, but it has also inadvertently engineered…
Read More » -
Critical OS Command Injection Vulnerability (CVE-2026-21571) Identified in Atlassian Bamboo
Atlassian has issued a critical security advisory regarding a high-impact OS Command Injection vulnerability, tracked as CVE-2026-21571, affecting Atlassian Bamboo…
Read More » -
The Trojan Candidate: How Jasper Sleet Infiltrates Cloud Environments via Remote Hiring Exploits
In a sophisticated evolution of social engineering, Microsoft has issued a critical warning regarding Jasper Sleet, a North Korea-aligned threat…
Read More » -
Security Advisory: Discovery of “Auraboros,” an Unauthenticated, High-Capability RAT Framework
In a significant finding for the threat intelligence community, a previously undocumented Remote Access Trojan (RAT) framework, dubbed Auraboros, has…
Read More » -
Scaling the Frontier: The Massive Infrastructure Accord Between Amazon and Anthropic
In a landmark move that underscores the escalating arms race for computational supremacy, Amazon and Anthropic have announced a massive…
Read More » -
Analyzing DinDoor, the Deno-Powered Backdoor Disguised as Legitimate Tooling
In the evolving landscape of advanced persistent threats (APTs), attackers are increasingly moving away from custom compiled binaries in favor…
Read More »