-
Forensic Investigation Reveals Pegasus Spyware Compromise of MEP Stelios Kouloglou
On July 3, 2026, Citizen Lab published a comprehensive forensic report documenting the unauthorized infection of former Greek Member of…
Read More » -
CVE-2026-45504: SSRF Flaw in Microsoft Exchange Server 2019 Enables Arbitrary File Reads
A recently disclosed vulnerability in Microsoft Exchange, tracked as CVE-2026-45504 (CVSS 8.8), has caught the attention of security researchers and…
Read More » -
CVE-2026-28496: Critical SSTI Vulnerability in FOSSBilling Poses Imminent Risk of RCE and Database Compromise
A high-severity Server-Side Template Injection (SSTI) vulnerability has been identified in FOSSBilling, tracked as CVE-2026-28496. This flaw allows for potential…
Read More » -
Technical Analysis: Sophisticated AiTM Phishing Campaign Targeting AWS Console Users
A highly coordinated and technically proficient phishing campaign has been identified, specifically targeting AWS console users through an Adversary-in-the-Middle (AiTM)…
Read More » -
Technical Analysis: Privilege Escalation via Stored XSS in Webmin (CVE-2026-22678)
A critical security flaw has been identified in Webmin, a widely utilized web-based interface for Unix system administration. The vulnerability,…
Read More » -
Supply Chain Vulnerability: OAuth Token Compromise at Klue Impacts LastPass Salesforce Data
A sophisticated supply chain incident involving the market intelligence platform Klue has resulted in unauthorized access to specific datasets within…
Read More » -
Supply Chain Vulnerability: Analyzing the Massive Data Exfiltration at Tata Electronics
Tata Electronics has confirmed a significant cybersecurity breach following claims by a threat actor group that they have successfully exfiltrated…
Read More » -
Deep Dive: The CodeStorm Adversary-in-the-Middle (AiTM) Campaign Targeting Microsoft 365
A sophisticated multi-organization phishing campaign, attributed to the CodeStorm threat actor, is currently targeting Microsoft 365 tenants. Unlike traditional credential…
Read More » -
Urgent Security Advisory: Critical Remote Code Execution and DoS Vulnerabilities in NGINX Components
F5 has issued an emergency out-of-band security notification following the discovery of several high-severity vulnerabilities within the NGINX ecosystem. These…
Read More » -
Critical Information Disclosure in Gravity SMTP Plugin: Active Exploitation of API Credentials
Security researchers have identified a significant information disclosure vulnerability in the Gravity SMTP WordPress plugin, which is currently being leveraged…
Read More » -
Advanced Phishing Evolution: UNC1151 Targets Gmail with Real-Time 2FA Interception
The threat actor known as Ghostwriter (UNC1151) has significantly upgraded its operational capabilities, moving beyond localized phishing to execute sophisticated,…
Read More » -
SHADOWBYT3$ Claims Compromise of Nintendo Data; Incident Remains Unverified
Recent telemetry from threat intelligence monitoring channels has identified a potential security incident involving Nintendo. A threat actor operating under…
Read More » -
Critical Security Breach Alleged Against Tchap: French Government Communication Infrastructure Compromised
A significant cybersecurity incident has reportedly targeted Tchap, the sovereign, secure messaging platform utilized by French government agencies. Initial reports…
Read More » -
Deconstructing the AudiA6 Takedown: A Blow to the Industrialized Crypto-Laundering Ecosystem
In a landmark victory for international law enforcement, a massive cryptocurrency laundering infrastructure known as “AudiA6” has been dismantled. This…
Read More »