security
-
Harvester APT Deploys Linux Variant of GoGra Backdoor via Microsoft Graph API, Outlook Mailboxes
In a significant pivot for cyber espionage tactics, security researchers have uncovered a Linux-compatible variant of the GoGra backdoor. This…
Read More » -
From Disclosure to Exploitation in Hours: LMDeploy SSRF Vulnerability Exploited in the Wild
In the rapidly evolving landscape of AI infrastructure, the window between vulnerability disclosure and active exploitation is shrinking to a…
Read More » -
The Evolution of Deception: Unmasking North Korean ‘Laptop Farms’ and Remote Work Infiltration
North Korean threat actors are refining a high-stakes social engineering playbook, leveraging the global shift toward remote work to bypass…
Read More » -
Tropic Trooper Campaign: Leveraging GitHub and VS Code Tunnels for Stealthy C2
A sophisticated new campaign attributed to the threat actor Tropic Trooper (also known as Earth Centaur or Pirate Panda) has…
Read More » -
Needle Stealer Malware Hijacking Traders via Fake “TradingClaw” AI Agent
Cybersecurity researchers have identified a sophisticated social engineering campaign leveraging a fraudulent “TradingView AI agent” to distribute the Needle Stealer…
Read More » -
Security Patch: iOS and iPadOS 26.4.2 Fixes Notification Data Leakage Vulnerability
Apple has officially deployed iOS 26.4.2 and iPadOS 26.4.2, a targeted security release designed to mitigate a critical privacy vulnerability.…
Read More » -
Mozilla Leveraged Claude Mythos to Patch 271 Zero-Day Vulnerabilities
In a landmark release for web browser security, Mozilla has deployed Firefox 150, a version defined by an unprecedented security…
Read More » -
Inside the ProxySmart Ecosystem: How a Belarusian Platform is Powering a Global SIM Farm-as-a-Service Network
Infrastructure intelligence firm Infrawatch has recently uncovered a sprawling, globally distributed SIM Farm-as-a-Service ecosystem, all orchestrated through a single software…
Read More » -
Exploiting the Frictionless Frontier: How Criminal Syndicates Weaponize French Freelancer Fintech Accounts
The rapid evolution of digital banking has provided unprecedented convenience for the modern entrepreneur, but it has also inadvertently engineered…
Read More » -
Critical OS Command Injection Vulnerability (CVE-2026-21571) Identified in Atlassian Bamboo
Atlassian has issued a critical security advisory regarding a high-impact OS Command Injection vulnerability, tracked as CVE-2026-21571, affecting Atlassian Bamboo…
Read More » -
CVE-2026-22752: Critical Metadata Injection Flaw in Spring Authorization Server’s Dynamic Client Registration
In the ecosystem of modern identity management, the Authorization Server serves as the “source of truth” for application security. A…
Read More » -
Scaling the Frontier: The Massive Infrastructure Accord Between Amazon and Anthropic
In a landmark move that underscores the escalating arms race for computational supremacy, Amazon and Anthropic have announced a massive…
Read More » -
Critical Infrastructure Breach: Compromise of France’s ANTS National Identity Portal
In a significant blow to national digital sovereignty, the French National Agency for Secure Documents (ANTS) has confirmed a major…
Read More » -
Critical Security Alert: Addressing the .NET 10.0.7 Out-of-Band Patch for CVE-2026-40372
In a rare move that highlights the severity of a recent cryptographic regression, Microsoft has released an emergency out-of-band (OOB)…
Read More » -
The Rise of GenAI-Assisted NFC Relays: Analyzing the New NGate Malware Campaign
Cybersecurity researchers have identified a sophisticated new evolution in the NGate malware family. In this latest iteration, threat actors are…
Read More » -
Analyzing the Critical Groovy-Based RCE in Apache Syncope (CVE-2025-57738)
In a significant blow to identity management security, security researchers have unveiled a high-severity Remote Code Execution (RCE) vulnerability within…
Read More »