Attackers are Using WSL2 as a Stealthy Hideout Inside Windows Systems
Windows Subsystem for Linux 2 (WSL2) is meant to give developers a fast Linux environment on Windows. Now attackers are turning that benefit into a…
Author: Cybernoz
Attackers Rerouted Employee Pay Without Breaching IT Systems
An unnamed organization recently discovered that several employees’ paychecks had silently vanished not because of a ransomware attack, data-wiping malware, or a cloud breach, but…
Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites
Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and…
Cloudflare Zero-Day Vulnerability Enables Any Host Access Bypassing Protections
A critical zero-day vulnerability in Cloudflare’s Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers through a certificate…
Attackers Abuse WSL2 to Operate Undetected on Windows Systems
Windows Subsystem for Linux (WSL) has transformed the developer experience on Windows. However, it has also quietly created a powerful hiding place for attackers. With…
UK govt. warns about ongoing Russian hacktivist group attacks
The U.K. government is warning of continued malicious activity from Russian-aligned hacktivist groups targeting critical infrastructure and local government organizations in the country in disruptive…
Attackers Redirected Employee Paychecks Without Breaching a Single System
A seemingly simple phone call became the gateway to a sophisticated attack that diverted employee paychecks without any malware or network breach. An organization discovered…
Cybercriminals Impersonate Malwarebytes to Steal User Credentials
As part of an ongoing effort to highlight active and technically interesting intrusions, a new “Flash Hunting Findings” investigation has uncovered a short but well‑structured…
New Spear-Phishing Attack Abusing Google Ads to Deliver EndRAT Malware
A new spear-phishing campaign known as Operation Poseidon has emerged, exploiting Google’s advertising infrastructure to distribute EndRAT malware while evading traditional security measures. he attack…
Windows SMB Client Vulnerability Exposes Organizations to Full Active Directory Compromise
A severe vulnerability in Windows Server Message Block (SMB) client authentication has emerged as a critical threat to Active Directory environments. CVE-2025-33073, a logical flaw in NTLM…
Microsoft releases fix for flawed January security update
Microsoft has released fixes for a set of flawed January 2026 security updates that caused authentication and power management issues for some users. The updates are…
Hacker admits to leaking stolen Supreme Court data on Instagram
A Tennessee man has pleaded guilty to hacking the U.S. Supreme Court’s electronic filing system and breaching accounts at the AmeriCorps U.S. federal agency and…