Blind CSS Exfiltration: exfiltrate unknown web pages
This is a gif of the exfiltration process (We’ve increased the speed so you’re not waiting around for 1 minute). Read on to discover how…
Month: March 2026
Fake CleanMyMac Site Spreads SHub Stealer, Targets Crypto Wallets
Hackers are abusing a fake CleanMyMac download page to infect macOS users with SHub Stealer. This powerful infostealer drains crypto wallets and hijacks sensitive data. Instead…
Is Cybersecurity the Dark Horse for Venture Investors During the Iran Conflict?
If Defense Tech is the loud winner during the Iran conflict, Cybersecurity is the quiet one, and the opportunity is just as large, writes technology entrepreneur…
More AI tools, more burnout! New research explains why
Workflows built around multiple AI agents and constant tool switching are adding cognitive strain across large enterprises. A recent Harvard Business Review analysis describes this…
Fake Claude Code install pages hit Windows and Mac users with infostealers
Attackers are cloning install pages for popular tools like Claude Code and swapping the “one‑liner” install commands with malware, mainly to steal passwords, cookies, sessions,…
900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks
Ravie LakshmananFeb 27, 2026Network Security / Vulnerability The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as…
Check Fraud: How Intelligence Prevents Financial Loss
Stolen checks and the impact of Covid-19 Checks are one of the most vulnerable legacy payment methods. Check fraud can actively affect the bottom lines…
Automating GOAD and Live Malware Labs — Elastic Security Labs
Introduction: The Need for a Scalable, Automated Simulation Range In modern security operations, detection engineering is no longer a “set it and forget it” discipline.…
Microsoft Warns Fake AI Browser Extensions Compromised Chat Histories Across 20,000+ Enterprise Tenants
A wave of counterfeit AI-powered browser extensions has silently breached over 20,000 enterprise environments, compromising the chat histories of employees who routinely used AI tools…
Finding that one weird endpoint, with Bambdas
Security research involves a lot of failure. It’s a perpetual balancing act between taking small steps with a predictable but boring outcome, and trying out…
BoryptGrab Malware Abuses GitHub to Steal Browser and Crypto Wallet Data
A new Windows stealer dubbed BoryptGrab is being distributed through a large, ongoing campaign abusing fake GitHub repositories that pose as free tools, game cheats, and popular…
No more soft play, President Trump warns in new cyber strategy
The White House released “President Trump’s Cyber Strategy for America,” a policy framework outlining the administration’s priorities for maintaining U.S. leadership in cyberspace. The seven-page…