tools
-
From Disclosure to Exploitation in Hours: LMDeploy SSRF Vulnerability Exploited in the Wild
In the rapidly evolving landscape of AI infrastructure, the window between vulnerability disclosure and active exploitation is shrinking to a…
Read More » -
The Evolution of Deception: Unmasking North Korean ‘Laptop Farms’ and Remote Work Infiltration
North Korean threat actors are refining a high-stakes social engineering playbook, leveraging the global shift toward remote work to bypass…
Read More » -
Tropic Trooper Campaign: Leveraging GitHub and VS Code Tunnels for Stealthy C2
A sophisticated new campaign attributed to the threat actor Tropic Trooper (also known as Earth Centaur or Pirate Panda) has…
Read More » -
Security Patch: iOS and iPadOS 26.4.2 Fixes Notification Data Leakage Vulnerability
Apple has officially deployed iOS 26.4.2 and iPadOS 26.4.2, a targeted security release designed to mitigate a critical privacy vulnerability.…
Read More » -
Mozilla Leveraged Claude Mythos to Patch 271 Zero-Day Vulnerabilities
In a landmark release for web browser security, Mozilla has deployed Firefox 150, a version defined by an unprecedented security…
Read More » -
Inside the ProxySmart Ecosystem: How a Belarusian Platform is Powering a Global SIM Farm-as-a-Service Network
Infrastructure intelligence firm Infrawatch has recently uncovered a sprawling, globally distributed SIM Farm-as-a-Service ecosystem, all orchestrated through a single software…
Read More » -
Google Ads Weaponized for Crypto Theft
The traditional security perimeter is shifting. Malicious actors are increasingly bypassing technical firewalls by exploiting the one thing users trust…
Read More » -
The Trojan Candidate: How Jasper Sleet Infiltrates Cloud Environments via Remote Hiring Exploits
In a sophisticated evolution of social engineering, Microsoft has issued a critical warning regarding Jasper Sleet, a North Korea-aligned threat…
Read More » -
LOTUSLITE: How Mustang Panda is Weaponizing Trusted Binaries Against the Banking Sector
In a sophisticated display of “living off the land” tradecraft, threat actors are increasingly leveraging Microsoft-signed developer tools to mask…
Read More » -
The Human Vulnerability: Deconstructing Sapphire Sleet’s macOS Social Engineering Campaign
In the evolving landscape of cyber warfare, the most dangerous vulnerability isn’t always found in a line of code—it’s found…
Read More » -
PureRAT Hides PE Payload via Steganographic Delivery
Modern threat actors are increasingly moving away from traditional, disk-heavy malware in favor of “living-off-the-land” (LotL) techniques. A recent, highly…
Read More » -
CISA Issues Urgent Alert Over Compromised Axios NPM Package
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding a sophisticated software supply chain attack targeting…
Read More » -
The Rise of ‘Gentlemen’: A Multi-Platform RaaS Threat Targeting Enterprise Infrastructure
The ransomware landscape is witnessing the rapid ascent of a sophisticated Ransomware-as-a-Service (RaaS) operation known as Gentlemen. Unlike many opportunistic…
Read More » -
The Trojan Horse in Your Inbox: How Attackers Are Weaponizing GitHub Issue Notifications
In a sophisticated evolution of social engineering, threat actors are no longer just sending fake emails; they are hijacking the…
Read More » -
Stealth by Design: Unpacking the Sophisticated ‘Stealtok’ Malicious Extension Campaign
In a sobering reminder of how easily trust can be exploited, security researchers at LayerX have exposed a highly coordinated…
Read More » -
Machine-Speed Exploitation: How Frontier AI is Redefining the Cyber Threat Landscape
We are witnessing a fundamental paradigm shift in offensive cyber operations. Artificial Intelligence is moving beyond its role as a…
Read More »