Rogue RMMs: Common Social Engineering Tactics We Saw in 2025
Special thanks to Austin Worline for his contributions to this blog post. The Huntress Security Operations Center (SOC) frequently comes across incidents involving rogue ScreenConnect…
Latest Cybersecurity News — Page 148
View all →
Critical ExifTool Flaw Lets Malicious Images Trigger Code Execution on macOS
ExifTool Flaw Malicious Images Trigger Code Execution on macOS A newly discovered vulnerability is challenging the long-held belief that macOS systems are inherently immune to…
Using form hijacking to bypass CSP
In this post we’ll show you how to bypass CSP by using an often overlooked technique that can enable password theft in a seemingly secure…
1-Click ZITADEL Vulnerability Could Allow Full System Takeover
A critical Cross-Site Scripting (XSS) vulnerability has been discovered in ZITADEL, a popular open-source identity and access management platform. Tracked as CVE-2026-29191 with a Critical…
Open-source tool Sage puts a security layer between AI agents and the OS
Autonomous AI agents running on developer workstations execute shell commands, fetch URLs, and write files with little or no inspection of what they are doing.…
Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement
New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini…
Ghanaian Man Pleads Guilty in U.S. Court for Romance Scams That Stole $100M – The Cyber Express
A Ghanaian national has pleaded guilty to his role in a large-scale cyber fraud scheme that used romance scams and business email compromise tactics to…
ClipXDaemon Malware, a Stealthy Cryptocurrency Clipboard Hijacker on Linux – The Cyber Express
Security researchers have identified a new Linux malware strain called ClipXDaemon, a stealthy threat designed to target cryptocurrency users by manipulating copied wallet addresses. Cyble’s Research & Intelligence Labs…
Recorded Future Expands Coverage of Scams and Financial Fraud with Money Mule Intelligence from CYBERA
Recorded Future is expanding its payment fraud prevention capabilities through a partnership with CYBERA, the industry leader in detecting and verifying data on scam-linked bank…
Reflecting on AI in 2025: Faster Attacks, Same Old Tradecraft
Background Reflecting on 2025, AI didn’t produce omnipotent, mind-bending offensive capabilities as many commentators heralded. The reality we observed was much more grounded. Adversaries leaned…
CISA Warns of macOS and iOS Vulnerabilities Exploited in Attacks
CISA Warns macOS and iOS Vulnerabilities Exploit The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding multiple Apple vulnerabilities currently facing…
Making desync attacks easy with TRACE
Have you ever found an HTTP desync vulnerability that seemed impossible to exploit due to its complicated constraints? In this blogpost we will explore a…