malicious
-
Over 1,300 SharePoint Servers Remain Vulnerable to Active Spoofing Exploits
In what is becoming a stark case study in patch management latency, more than 1,370 Microsoft SharePoint servers remain exposed…
Read More » -
Critical Infrastructure Breach: Compromise of France’s ANTS National Identity Portal
In a significant blow to national digital sovereignty, the French National Agency for Secure Documents (ANTS) has confirmed a major…
Read More » -
LOTUSLITE: How Mustang Panda is Weaponizing Trusted Binaries Against the Banking Sector
In a sophisticated display of “living off the land” tradecraft, threat actors are increasingly leveraging Microsoft-signed developer tools to mask…
Read More » -
Critical Security Alert: Addressing the .NET 10.0.7 Out-of-Band Patch for CVE-2026-40372
In a rare move that highlights the severity of a recent cryptographic regression, Microsoft has released an emergency out-of-band (OOB)…
Read More » -
The Rise of GenAI-Assisted NFC Relays: Analyzing the New NGate Malware Campaign
Cybersecurity researchers have identified a sophisticated new evolution in the NGate malware family. In this latest iteration, threat actors are…
Read More » -
The Human Vulnerability: Deconstructing Sapphire Sleet’s macOS Social Engineering Campaign
In the evolving landscape of cyber warfare, the most dangerous vulnerability isn’t always found in a line of code—it’s found…
Read More » -
Analyzing the Critical Groovy-Based RCE in Apache Syncope (CVE-2025-57738)
In a significant blow to identity management security, security researchers have unveiled a high-severity Remote Code Execution (RCE) vulnerability within…
Read More » -
PureRAT Hides PE Payload via Steganographic Delivery
Modern threat actors are increasingly moving away from traditional, disk-heavy malware in favor of “living-off-the-land” (LotL) techniques. A recent, highly…
Read More » -
CISA Issues Urgent Alert Over Compromised Axios NPM Package
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding a sophisticated software supply chain attack targeting…
Read More » -
The Trojan Horse in Your Inbox: How Attackers Are Weaponizing GitHub Issue Notifications
In a sophisticated evolution of social engineering, threat actors are no longer just sending fake emails; they are hijacking the…
Read More » -
Critical RCE Vulnerability Discovered in SGLang: How Malicious GGUF Models Can Compromise Inference Servers
In an era where AI infrastructure speed is prioritized, a significant security oversight has been uncovered within SGLang, a high-performance…
Read More » -
Stealth by Design: Unpacking the Sophisticated ‘Stealtok’ Malicious Extension Campaign
In a sobering reminder of how easily trust can be exploited, security researchers at LayerX have exposed a highly coordinated…
Read More » -
SideWinder APT Leverages Cloudflare Workers and Tailored PDF Lures in Sophisticated Zimbra Phishing Campaign
A highly sophisticated credential-harvesting operation, attributed to the SideWinder APT, has been identified targeting critical South Asian government infrastructure. The…
Read More » -
Inside MiningDropper: Unpacking the Sophisticated Modular Framework Targeting Android Ecosystems
In the ever-evolving landscape of mobile threats, a new player has emerged that operates less like a traditional piece of…
Read More » -
Operation PhantomCLR: Exploiting .NET AppDomain Mechanisms via Trusted Intel Binaries
In a sophisticated display of living-off-the-land (LotL) tactics, threat actors are hijacking the fundamental architecture of the .NET AppDomain to…
Read More »