malicious
-
Unmasking CL-STA-1062: The Stealthy Threat Targeting Southeast Asian Infrastructure
During 2025, a Chinese-speaking threat actor, tracked as CL-STA-1062, significantly escalated its regional operations. Targeting government entities and critical energy…
Read More » -
Critical Escalation: CISA Flags Actively Exploited SSRF Vulnerability in Cisco Unified Communications Manager
The Cybersecurity and Infrastructure Security Agency (CISA) has officially updated its Known Exploited Vulnerabilities (KEV) catalog to include a critical…
Read More » -
Supply Chain Alert: Shai-Hulud/Hades Malware Targets Leo/RStreams Ecosystem
A sophisticated supply-chain attack has been identified targeting the Leo/RStreams ecosystem, an AWS-native event streaming SDK frequently utilized in Kinesis,…
Read More » -
Technical Analysis: Sophisticated AiTM Phishing Campaign Targeting AWS Console Users
A highly coordinated and technically proficient phishing campaign has been identified, specifically targeting AWS console users through an Adversary-in-the-Middle (AiTM)…
Read More » -
Critical Security Patch: Google Chrome Addresses Multiple Memory Safety Vulnerabilities
Google has officially deployed a critical security update for the Chrome browser, releasing versions 149.0.7827.196/197 for Windows and macOS, and…
Read More » -
Dismantling the Cybercrime Assembly Line: Inside Operation Endgame’s Infrastructure Takedown
In a massive synchronized strike against the digital underworld, Europol—working in tandem with a global coalition of law enforcement agencies…
Read More » -
Deep Dive: The Synergy of ModeloRAT and Backdoor.Mistic in Initial Access Brokerage
Security researchers are uncovering a sophisticated operational pipeline linking the Python-based remote access trojan (RAT) ModeloRAT with a newly identified…
Read More » -
Social Engineering at Scale: How a Fake Document Utility Deployed Anatsa Banking Trojan to 100K Users
A sophisticated Android malware campaign has recently been identified, leveraging a deceptive “document reader” application to distribute the notorious Anatsa…
Read More » -
Threat Intelligence Report: Sophisticated Microsoft Teams Impersonation Campaign Deploying Signed RATs
A highly organized phishing campaign is currently targeting users by impersonating Microsoft Teams. Rather than relying on traditional malware, this…
Read More » -
Breaking the Sandbox: How the Payouts King Actor Uses “Edgecution” to Pivot from Browser to Host
A sophisticated campaign orchestrated by an initial access broker linked to the Payouts King ransomware ecosystem has introduced a highly…
Read More » -
Technical Analysis: Privilege Escalation via Stored XSS in Webmin (CVE-2026-22678)
A critical security flaw has been identified in Webmin, a widely utilized web-based interface for Unix system administration. The vulnerability,…
Read More » -
Technical Analysis: SSRF Vulnerability in Microsoft Exchange EWS (CVE-2026-45502)
A functional proof-of-concept (PoC) has surfaced for CVE-2026-45502, a Server-Side Request Forgery (SSRF) vulnerability residing within the Exchange Web Services…
Read More »