Threat actors are actively exploiting multiple critical vulnerabilities in Fortinet’s FortiSandbox platform, with live attack telemetry confirming exploitation attempts over the past 24 hours. Defused…
The concept of the IOC — the Indicator of Compromise — sits at the operational heart of modern threat detection. Block the IP. Flag the…
Danish pharmaceutical giant Novo Nordisk has confirmed a cyberattack in which threat actors gained unauthorized access to internal IT systems, exfiltrating pseudonymized patient data from…
A large-scale supply chain attack targeting widely used WordPress plugins has exposed more than 1.2 million websites to potential compromise after attackers injected malicious code…
Nearly 14,000 internet-facing SimpleHelp servers are exposed following the disclosure of a critical authentication bypass vulnerability tracked as CVE-2026-48558. The flaw raises serious concerns for…
The open-source DPAPISnoop tool has been enhanced to extract CREDHIST entries, enabling offline cracking of historical Windows credentials and deeper insight into password patterns. Lefteris…
Microsoft seems to have failed certificate management after a domain used by sysadmins globally to test connectivity to Microsoft 365 started generating untrusted connection warnings…
A coordinated campaign of 23 deceptive Chrome browser extensions has been quietly stealing users’ search queries and routing them through hidden revenue systems. The operation,…
A misconfigured PHP installation page exposed the internal infrastructure of a live malware distribution platform, allowing a security researcher to gain unintentional administrative access to…
A new and dangerous credential-stealing tool called OnyxC2 has emerged in the cybercrime underground, showing just how easy it has become for even low-skilled attackers…
152 Chrome “live wallpaper” extensions on the Chrome Web Store have been caught secretly logging user data and faking Google “organic search” traffic to inflate…
The Office of the Maine Attorney General has temporarily taken its public-facing data breach reporting database offline after discovering that an unknown entity submitted fabricated…
