tracking
-
Beyond Credentials: How Tycoon 2FA is Weaponizing Microsoft’s OAuth Device Flow
In late April 2026, a sophisticated new phishing campaign surfaced, signaling a dangerous evolution in the capabilities of the threat…
Read More » -
CVE-2026-33017 in the Wild: Tracking NATS C2, AWS Theft, and AI Model Hijacking
Security teams monitoring AI infrastructure should be on high alert: unpatched instances of Langflow are being actively weaponized. While the…
Read More » -
Phishing 2.0: How Hackers Hijacked 1,000,000+ Chrome Users to Steal Tron Wallets
A sophisticated new phishing campaign has surfaced, specifically targeting the TRON ecosystem through a highly deceptive Chrome extension. By masquerading…
Read More » -
PCPJack: Python-Based Worm Leveraging Common Crawl, Telegram C2, and Kubernetes Escapes
A sophisticated new malware framework, identified as PCPJack, has emerged as a potent threat to exposed cloud and containerized infrastructures.…
Read More » -
The FEMITBOT Ecosystem: How Threat Actors Weaponize Telegram Mini Apps for Scalable Fraud and Malware
A sophisticated, large-scale cybercrime operation known as FEMITBOT has emerged, leveraging the inherent trust of Telegram Mini Apps to orchestrate…
Read More » -
The Rise of “Darkhub”: Analyzing a New Multi-Vector Hacking-for-Hire Marketplace
A sophisticated new player has emerged within the dark web ecosystem: Darkhub. This platform, operating via the Tor network, functions…
Read More » -
Breaking the Vault: Anatomy of the Salesforce Marketing Cloud Cryptographic and Injection Flaws
Salesforce Marketing Cloud (SFMC) recently orchestrated a critical patching cycle to address a cluster of high-impact vulnerabilities. These flaws represented…
Read More » -
The Rise of Bluekit: A Centralized, All-in-One Phishing Framework for Modern Cybercrime
The landscape of social engineering is undergoing a significant structural shift. A newly identified phishing framework, dubbed “Bluekit,” is moving…
Read More » -
Criminal IP and Securonix Integrate Exposure-Based Intelligence into ThreatQ
In an era where threat actors leverage increasingly sophisticated infrastructure, traditional indicator feeds often fall short by providing “what” is…
Read More » -
The Rise of Spyware-as-a-Service: How “KidsProtect” is Commercializing Digital Stalking
A sophisticated new threat is emerging in the Android ecosystem, signaling a dangerous shift in how surveillance malware is distributed.…
Read More » -
Shadow Intelligence: Deconstructing the Vibing.exe Privacy Breach and the Governance Failure
A sophisticated privacy breach has surfaced involving a seemingly benign application known as Vibing.exe, sparking intense scrutiny within the cybersecurity…
Read More » -
The Invisible Shadow: How Signaling Vulnerabilities Enable Global Mobile Surveillance
A groundbreaking investigation by Citizen Lab has pulled back the curtain on a series of sophisticated, multi-year surveillance campaigns that…
Read More » -
500,000 Britons’ Genetic Data Listed for Sale on Alibaba — And No One Noticed Until It Was Too Late
Sometime in mid-April 2026, a product appeared on Alibaba — China’s sprawling, Amazon-like e-commerce platform — that had no business…
Read More » -
Google Ads Weaponized for Crypto Theft
The traditional security perimeter is shifting. Malicious actors are increasingly bypassing technical firewalls by exploiting the one thing users trust…
Read More » -
The Trojan Candidate: How Jasper Sleet Infiltrates Cloud Environments via Remote Hiring Exploits
In a sophisticated evolution of social engineering, Microsoft has issued a critical warning regarding Jasper Sleet, a North Korea-aligned threat…
Read More »