Hackers abuse .arpa DNS and ipv6 to evade phishing defenses
Threat actors are abusing the special-use “.arpa” domain and IPv6 reverse DNS in phishing campaigns that more easily evade domain reputation checks and email…
Latest Cybersecurity News — Page 149
View all →
SAML roulette: the hacker always wins
Introduction In this post, we’ll show precisely how to chain round-trip attacks and namespace confusion to achieve unauthenticated admin access on GitLab Enterprise by exploiting…
Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control…
Windows Process Command Line Spoofing Through Symbolic Link
I. INTRODUCTION Endpoint Detection & Response (EDR) systems often use the ProcessParameters field of the Process Environment Block (PEB) to retrieve information about the path…
Europa im Visier von Cyber-Identitätsdieben
Deutsche Unternehmen müssen sich warm anziehen: Sowohl staatliche als auch „private“ Akteure haben es auf sie abgesehen. Shutterstock Wie die Experten von Darktrace in ihrem…
Notepad++ users take note: It’s time to check if you’re hacked
According to independent researcher Kevin Beaumont, three organizations told him that devices inside their networks that had Notepad++ installed experienced “security incidents” that “resulted in…
Updated PCI PIN compliance package for AWS Payment Cryptography now available
Amazon Web Services (AWS) is pleased to announce the successful completion of Payment Card Industry Personal Identification Number (PCI PIN) audit for the AWS Payment…
Threat modeling AI applications | Microsoft Security Blog
Proactively identifying, assessing, and addressing risk in AI systems We cannot anticipate every misuse or emergent behavior in AI systems. We can, however, identify what…
Microsoft and Adobe Patch Tuesday, February 2026 Security Update Review
Microsoft’s February 2026 Patch Tuesday focuses on closing security gaps that attackers could exploit, reinforcing the importance of timely patching in enterprise environments. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for February 2026 This month’s release addresses 61 vulnerabilities, including five critical and 52 important-severity vulnerabilities. In…
EU court adviser says banks must immediately refund phishing victims
Athanasios Rantos, the Advocate General of the Court of Justice of the EU (CJEU), has issued a formal opinion suggesting that banks must immediately refund account…
Document My Pentest: you hack, the AI writes it up!
Tired of repeating yourself? Automate your web security audit trail. In this post I’ll introduce a new Burp AI extension that takes the boring bits…
CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog
Ravie LakshmananMar 04, 2026Vulnerability / Enterprise Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom…