Storm-0249, once known primarily as a mass phishing group, has undergone a significant transformation into a sophisticated initial access broker specializing in precision attacks. This…
Shannon is a fully autonomous AI pentesting tool for web applications that identifies attack vectors via code analysis and validates them with live browser exploits.…
Microsoft’s December 2025 security updates have unleashed an unexpected headache for enterprise admins relying on Message Queuing (MSMQ). Installed via KB5071546 on December 9, the…
Gentlemen ransomware, first identified in August 2025, has rapidly evolved into a significant threat targeting corporate networks globally. Operating on a double extortion model, this…
A critical security issue involving the Windows Remote Access Connection Manager (RasMan) that allows local attackers to execute arbitrary code with System privileges. While investigating CVE-2025-59230,…
A critical vulnerability affecting Sierra Wireless routers has been added to its Known Exploited Vulnerabilities (KEV) catalog. This decision comes after evidence emerged that the…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the National Security Agency (NSA), has issued new guidance urging enterprises to verify and…
A critical alert regarding an active zero-day vulnerability affecting the Microsoft Windows Cloud Files Mini Filter Driver. The vulnerability poses a significant risk to organizations…
Google Threat Intelligence Group (GTIG) has issued a warning regarding the widespread exploitation of a critical security flaw in React Server Components. Known as React2Shell (CVE-2025-55182),…
BC Security has announced the release of Empire 6.3.0, the latest iteration of the widely used post-exploitation and adversary emulation framework. This update reinforces Empire’s position…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability in Google Chromium’s ANGLE graphics engine to its Known Exploited Vulnerabilities…
Threat actors are increasingly abandoning traditional languages like C and C++ in favor of modern alternatives such as Golang, Rust, and Nim. This strategic shift…
