web
-
From Disclosure to Exploitation in Hours: LMDeploy SSRF Vulnerability Exploited in the Wild
In the rapidly evolving landscape of AI infrastructure, the window between vulnerability disclosure and active exploitation is shrinking to a…
Read More » -
Needle Stealer Malware Hijacking Traders via Fake “TradingClaw” AI Agent
Cybersecurity researchers have identified a sophisticated social engineering campaign leveraging a fraudulent “TradingView AI agent” to distribute the Needle Stealer…
Read More » -
Mozilla Leveraged Claude Mythos to Patch 271 Zero-Day Vulnerabilities
In a landmark release for web browser security, Mozilla has deployed Firefox 150, a version defined by an unprecedented security…
Read More » -
Google Ads Weaponized for Crypto Theft
The traditional security perimeter is shifting. Malicious actors are increasingly bypassing technical firewalls by exploiting the one thing users trust…
Read More » -
Mozilla MFSA-2026-30: Critical Memory Safety & Privilege Escalation Fixes for Firefox 150 & Thunderbird 150
Mozilla has released a comprehensive security advisory (MFSA-2026-30) addressing a significant cluster of vulnerabilities affecting various components of the Firefox…
Read More » -
Exploiting the Frictionless Frontier: How Criminal Syndicates Weaponize French Freelancer Fintech Accounts
The rapid evolution of digital banking has provided unprecedented convenience for the modern entrepreneur, but it has also inadvertently engineered…
Read More » -
The Trojan Candidate: How Jasper Sleet Infiltrates Cloud Environments via Remote Hiring Exploits
In a sophisticated evolution of social engineering, Microsoft has issued a critical warning regarding Jasper Sleet, a North Korea-aligned threat…
Read More » -
Security Advisory: Discovery of “Auraboros,” an Unauthenticated, High-Capability RAT Framework
In a significant finding for the threat intelligence community, a previously undocumented Remote Access Trojan (RAT) framework, dubbed Auraboros, has…
Read More » -
Analyzing DinDoor, the Deno-Powered Backdoor Disguised as Legitimate Tooling
In the evolving landscape of advanced persistent threats (APTs), attackers are increasingly moving away from custom compiled binaries in favor…
Read More » -
Claude Mythos Breach Exposes Critical Flaw in AI Security Supply Chains
In a significant blow to the specialized AI security sector, a group of unauthorized actors has successfully bypassed multi-layered access…
Read More » -
Over 1,300 SharePoint Servers Remain Vulnerable to Active Spoofing Exploits
In what is becoming a stark case study in patch management latency, more than 1,370 Microsoft SharePoint servers remain exposed…
Read More » -
The Rise of GenAI-Assisted NFC Relays: Analyzing the New NGate Malware Campaign
Cybersecurity researchers have identified a sophisticated new evolution in the NGate malware family. In this latest iteration, threat actors are…
Read More » -
The Human Vulnerability: Deconstructing Sapphire Sleet’s macOS Social Engineering Campaign
In the evolving landscape of cyber warfare, the most dangerous vulnerability isn’t always found in a line of code—it’s found…
Read More » -
Stealth by Design: Unpacking the Sophisticated ‘Stealtok’ Malicious Extension Campaign
In a sobering reminder of how easily trust can be exploited, security researchers at LayerX have exposed a highly coordinated…
Read More » -
SideWinder APT Leverages Cloudflare Workers and Tailored PDF Lures in Sophisticated Zimbra Phishing Campaign
A highly sophisticated credential-harvesting operation, attributed to the SideWinder APT, has been identified targeting critical South Asian government infrastructure. The…
Read More » -
Inside MiningDropper: Unpacking the Sophisticated Modular Framework Targeting Android Ecosystems
In the ever-evolving landscape of mobile threats, a new player has emerged that operates less like a traditional piece of…
Read More »