Security researchers have successfully demonstrated a sophisticated exploit of the Retbleed vulnerability, a critical CPU security flaw that allows attackers to read arbitrary memory from any…
Researchers at Cyata have disclosed nine previously unknown zero-day vulnerabilities in HashiCorp Vault, a widely adopted open-source secrets management platform, enabling attackers to bypass authentication,…
Elite cybercriminals prefer LotL attacks because they’re incredibly hard to spot. Instead of deploying obvious malware, attackers use the same trusted tools that an IT…
Splunk has introduced PLoB (Post-Logon Behaviour Fingerprinting and Detection) in a world where compromised credentials remain the primary vector for initial access in more than…
Threat actors are increasingly using Scalable Vector Graphics (SVG) files to get beyond traditional defenses in the quickly developing field of cybersecurity. Unlike raster formats…
Security researchers have discovered a series of critical vulnerabilities in Google’s Gemini AI assistant that allow attackers to exploit the system through seemingly innocent Google…
Security researchers at StrongestLayer, in collaboration with Jeremy, a seasoned Security Architect at a major manufacturing firm, have exposed a multi-layered spear phishing attack that…
Chukwuemeka Victor Amachukwu, also known as Chukwuemeka Victor Eletuo and So Kwan Leung, was extradited from France to the United States to face charges related…
The North Korean state-sponsored advanced persistent threat (APT) group known as ScarCruft has been linked to a sophisticated malware campaign targeting South Korean users. Disguised…
Socket’s Threat Research Team has uncovered a sophisticated supply chain attack targeting developers integrating with the WhatsApp Business API. Two malicious npm packages, naya-flore and…
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding an exploitation chain dubbed “ToolShell” targeting on-premises Microsoft SharePoint servers. It leverages…
A sophisticated network of hackers with ties to Iran’s Islamic Revolutionary Guard Corps (IRGC) unleashed a barrage of cyber-operations designed to disrupt adversaries, steal sensitive…
