Uptick in Bomgar RMM Exploitation
Acknowledgments: Special thanks to Olly Maxwell, Josh Kiriakoff, Jordan Sexton, Ryan Dowd, Jamie Dumas, Amelia Casley, Austin Worline, and Lindsey O’Donnell-Welch for their contributions to…
Month: April 2026
Stopping Fraud at Each Stage of the Customer Journey Without Adding Friction
Fraud prevention and user experience have long been treated as opposing forces: tighten security, and you risk alienating legitimate customers; loosen it, and you open…
Hackers Abuse GitHub Issue Notifications to Phish Developers Through Malicious OAuth Apps
Cybersecurity researchers have uncovered a sophisticated phishing technique that targets software developers by abusing GitHub’s own notification system to deliver malicious OAuth app authorization requests.…
They Built a Legendary Privacy Tool. Now They’re Sworn Enemies
It’s difficult to find much information about Daniel Micay online. Google him and you’ll turn up an impersonal X account and a barren LinkedIn page,…
AI-Powered NGate Malware Evades Detection Inside NFC Payment Apps
A new NGate malware variant that hides inside a trojanized version of HandyPay, a legitimate NFC payment relay app for Android, to steal card data…
The worrying gap in industry threat intelligence – and how to solve it
The past year has seen cyber criminals attacking a range of targets, from International airports, to brewery chains to childcare institutions. It is increasingly clear…
Threat Intel Scraping Without Burning Your Cover or Your Stack
Cybersecurity teams track breach dumps, new malware runs, and fresh exploit chains. Many teams now scrape open web pages, paste sites, and dark web mirrors…
Android 17 ends all-or-nothing access to your contacts
Some of the apps on your phone want your contacts. Most don’t need them all, but have been happily slurping up the lot for years.…
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry…
Danish logistics giant under pressure to rush world’s largest IT integration
Danish logistics giant DSV is under pressure to rush through a colossal IT integration so its sprawling global computer systems can compete with artificial intelligence…
Italian Data Protection Authority Fine Over Data Misuse
The Italian Data Protection Authority fine against Poste Italiane and Postepay has reached over €12.5 million, after regulators found unlawful processing of personal data affecting…
CISA Adds 8 Flaws To KEV Catalog, Cisco Catalyst Included
The Cybersecurity and Infrastructure Security Agency (CISA) have expanded its Known Exploited Vulnerabilities, commonly referred to as the KEV catalog, with eight newly identified security flaws that are…