Inline Style Exfiltration: leaking data with chained CSS conditionals
I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style…
Latest Cybersecurity News — Page 153
View all →
A Tool That Puts EDRs And Antivirus Into A Coma State
I. STARTER Currently, in addition to merely focusing on avoiding scrutiny from EDRs (Endpoint Detection and Response) and Antivirus, the trend of using BYOVD (Bring…
Targeted advertising is also targeting malware
Among the malware attacks leveraging ads, the company pointed to Ghost Cat, Click Fix and SocGholish but there are several new techniques in the pipeline.…
Inside the story of the US defense contractor who leaked hacking tools to Russia
A veteran cybersecurity executive who prosecutors said “betrayed” the United States will spend at least the next seven years behind bars, after pleading guilty to…
Once-hobbled Lumma Stealer is back with lures that are hard to resist
Last May, law enforcement authorities around the world scored a key win when they hobbled the infrastructure of Lumma, an infostealer that infected nearly 395,000…
AWS successfully completed its first surveillance audit for ISO 42001:2023 with no findings
In November 2024, Amazon Web Services (AWS) was the first major cloud service provider to announce the ISO/IEC 42001 accredited certification for AI services, covering:…
Flashpoint’s Threat Intelligence Capability Assessment
Many organizations today have some form of threat intelligence. Far fewer have a threat intelligence function that is structured, measurable, and trusted across the business.…
CVE-2026-20127 Zero-Day Auth Bypass Exploited
Exploitation of a maximum severity authentication bypass zero-day vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager has been reported. Immediate patching is recommended to thwart…
Hackers Allegedly Selling Exploit for Windows Remote Desktop Services 0-Day Flaw
A threat actor identified as “Kamirmassabi” is allegedly selling a zero-day exploit for a Windows Remote Desktop Services privilege escalation vulnerability, tracked as CVE-2026-21533, for…
Cookie Chaos: How to bypass __Host and __Secure cookie prefixes
Browsers added cookie prefixes to protect your sessions and stop attackers from setting harmful cookies. In this post, you’ll see how to bypass cookie defenses…
149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict
Cybersecurity researchers have warned of a surge in retaliatory hacktivist activity following the U.S.-Israel coordinated military campaign against Iran, codenamed Epic Fury and Roaring Lion.…
Books on Programming and Cybersecurity recommended by Zero Salarium Researchers
Books Recommended by Zero Salarium Programming is the backbone of the digital world. If you want to sharpen your cybersecurity skills, it’s the cornerstone you…