logs
-
Supply Chain Vulnerability: Analyzing the Massive Data Exfiltration at Tata Electronics
Tata Electronics has confirmed a significant cybersecurity breach following claims by a threat actor group that they have successfully exfiltrated…
Read More » -
Weaponizing FortiOS: How Hackers Weaponized Diagnostic Commands to Steal Credentials
A sophisticated, large-scale credential harvesting operation, dubbed “FortiBleed”, has surfaced, demonstrating a highly efficient method for compromising Fortinet FortiGate firewalls.…
Read More » -
Deep Dive: The CodeStorm Adversary-in-the-Middle (AiTM) Campaign Targeting Microsoft 365
A sophisticated multi-organization phishing campaign, attributed to the CodeStorm threat actor, is currently targeting Microsoft 365 tenants. Unlike traditional credential…
Read More » -
£39 Million in Chaos: Inside the TfL Cybercrime Trial
In a landmark development for international cybersecurity law enforcement, two individuals linked to the notorious Scattered Spider cybercrime collective have…
Read More » -
Critical Path Traversal Vulnerability in Avada Builder Threatens Over One Million WordPress Installations
A high-severity security flaw has been identified in the widely utilized Avada (Fusion) Builder WordPress plugin, posing a significant risk…
Read More » -
Urgent Remediation Required: Active Exploitation of Splunk Enterprise Authentication Bypass (CVE-2026-20253)
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated the threat level for a critical vulnerability within Splunk Enterprise, designated…
Read More » -
FortiBleed: The Industrial-Scale Exploitation of 70,000 Fortinet Firewalls via Offline Cracking and Legacy Hashes
A massive cyber espionage operation, colloquially termed “FortiBleed,” has fundamentally shaken the enterprise security landscape. The campaign has successfully compromised…
Read More » -
Critical Information Disclosure in Gravity SMTP Plugin: Active Exploitation of API Credentials
Security researchers have identified a significant information disclosure vulnerability in the Gravity SMTP WordPress plugin, which is currently being leveraged…
Read More » -
Technical Analysis: Sapphire Sleet’s Cascading AppleScript Payload Chain on macOS
Recent threat intelligence has uncovered a sophisticated macOS campaign attributed to the North Korean actor Sapphire Sleet. The campaign leverages…
Read More » -
Data Breach Analysis: Novo Nordisk Faces Exfiltration of Clinical Data and Proprietary AI Assets
Novo Nordisk, the Danish pharmaceutical leader driving the global metabolic health market with its GLP-1 agonists, has officially confirmed a…
Read More » -
Active Exploitation Detected: Critical Vulnerabilities Targeting Fortinet FortiSandbox Infrastructure
The cybersecurity landscape has seen a rapid escalation in activity as threat actors pivot toward targeting core security infrastructure. Recent…
Read More » -
Velvet Ant: Surgical Subversion of Critical Infrastructure Authentication Stacks (PAM and OpenSSH)
In a sophisticated display of cyber-persistence, the China-nexus threat actor known as Velvet Ant has been unmasked for executing a…
Read More » -
Critical Authentication Bypass in Palo Alto Networks GlobalProtect: Technical Deep Dive and Mitigation Strategies
Palo Alto Networks has issued a high-priority security advisory following the confirmed active exploitation of a critical vulnerability in its…
Read More » -
Critical Security Breach Alleged Against Tchap: French Government Communication Infrastructure Compromised
A significant cybersecurity incident has reportedly targeted Tchap, the sovereign, secure messaging platform utilized by French government agencies. Initial reports…
Read More »