OPSEC Basic: Virtualization Technology
I. Introduction This time, I will introduce the use of virtualization technology to mitigate potential threat models when using suspicious software and tools. By…
Latest Cybersecurity News — Page 143
View all →
Iranian cyberattacks fail to materialize but threat remains acute
Security company Radware detected 149 DDoS attacks that appeared to be connected to Iran between February 28 and March 2, the majority targeting government entities…
Scaling security operations with Microsoft Defender autonomous defense and expert-led services
Today’s security leaders are operating in an environment of truncated cyberattack timelines with aging defenses built for slower, linear cyberthreats that can no longer keep…
Huntress Catches SmarterMail Account Takeover Leading to RCE
Background / Summary The Huntress DE&TH (Detection Engineering and Threat Hunting) Team has observed in-the-wild exploitation of a privileged account takeover vulnerability (CVE-2026-23760) in SmarterTool’s…
Introducing the URL validation bypass cheat sheet
URL validation bypasses are the root cause of numerous vulnerabilities including many instances of SSRF, CORS misconfiguration, and open redirection. These work by using ambiguous…
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
Ravie LakshmananMar 02, 2026Vulnerability / Artificial Intelligence Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers…
OPSEC Basic Awareness. Blend into the background
I. Introduction Typically, how do you choose your Username and set your PC name? Some people use their real names, while others opt for a…
Microsoft leads takedown of Tycoon2FA phishing service infrastructure
Because authentication is bound to the origin (domain) and the cryptographic challenges cannot be replayed through a reverse proxy, these methods cannot be proxied, he…
Overrun with AI slop, cURL scraps bug bounties to ensure “intact mental health”
The project developer for one of the Internet’s most popular networking tools is scrapping its vulnerability reward program after being overrun by a spike in…
Timeline of Failed Successors to Breach, Raid Forums
Race to the bottom Starting June 24, 2023, visitors to the former domain of Raid Forums were greeted by the avatar of arrested administrator “pompompurin”…
How Huntress Managed ITDR’s New Incident Report Timeline Changes Response
Data exfiltration has quietly become one of the fastest-moving—and most damaging—outcomes of modern cyberattacks. Today’s attackers aren’t breaking in and lurking for weeks before touching…
Concealing payloads in URL credentials
Last year Johan Carlsson discovered you could conceal payloads inside the credentials part of the URL . This was fascinating to me especially because the…