These special phone and app features can help protect you from spyware
Spyware attacks on journalists, human rights defenders, and political dissidents are no longer rare or exotic. In early 2025, WhatsApp notified roughly 90 users —…
Author: Cybernoz
Rapid Response: Microsoft Office RCE – “Follina” MSDT Attack
This post, as is the norm for emerging threats, is a developing article and may be subject to change as the Huntress team learns more…
Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes
Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify. Unlike…
Hackers Exploit F5 BIG-IP Appliance to Gain SSH Access and Pivot Into Enterprise Linux Networks
A multi-stage intrusion attack where a threat actor exploited an internet-facing F5 BIG-IP edge appliance as the entry point for a widespread, identity-focused attack that…
LiteSpeed cPanel Plugin 0-Day Exploited for Server Root Access
A critical zero-day privilege escalation vulnerability in the LiteSpeed User-End cPanel plugin is being actively exploited in the wild, enabling any authenticated cPanel user to…
CISA’s new KEV nomination form opens reporting to vendors and researchers
The Cybersecurity and Infrastructure Security Agency launched a new nomination form that lets researchers, vendors, and industry partners report known exploited vulnerabilities for possible inclusion…
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
Ravie LakshmananMay 23, 2026Artificial Intelligence / Vulnerability Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across…
‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains
Threat actors are exploiting a vulnerability in shared content delivery network (CDN) infrastructure to hide connections to malicious domains. Dubbed Underminr, the issue is a…
Why pure extortion is replacing traditional ransomware
Why pure extortion is replacing traditional ransomware Pierluigi Paganini May 23, 2026 Ransomware gangs are shifting from encryption to pure extortion, focusing on stolen data,…
Google folds CodeMender into agent ecosystem amid push for AI-led AppSec
The shift suggests that CodeMender may no longer be just a standalone remediation tool. Instead, it appears to be positioned as part of a broader…
Out of Sight, Top of Mind
Cybersecurity is a lot like insurance: it’s difficult to calculate ROI unless something bad happens. The first auto insurance policy was sold in the US…
Why Chargebacks are Just One Piece of the Fraud Puzzle
For most teams, fraud performance is still summed up in a single metric: chargeback rate. It is visible, painful, and tied directly to card network…