Bypassing character blocklists with unicode overflows
Unicode codepoint truncation – also called a Unicode overflow attack – happens when a server tries to store a Unicode character in a single byte.…
Latest Cybersecurity News — Page 158
View all →
AI Agents: The Next Wave Identity Dark Matter
The Rise of MCPs in the Enterprise The Model Context Protocol (MCP) is quickly becoming a practical way to push LLMs from “chat” into real…
US suspects China in breach of FBI surveillance network
US investigators believe hackers affiliated with the Chinese government are responsible for a cyber intrusion on an internal Federal Bureau of Investigation computer network that…
BYOVD to the next level. Blind EDR with Windows Symbolic Link
I. INTRODUCTION In this article, I will introduce you to a completely new method of exploiting the BYOVD technique. I have discovered that by using…
Coruna iOS exploit kit moved from spy tool to mass criminal campaign in under a year
The same framework resurfaced in summer 2025, this time repurposed by UNC6353, a suspected Russian espionage group, which embedded it as hidden iframes on compromised…
Site catering to online criminals has been seized by the FBI
RAMP—the predominantly Russian-language online bazaar that billed itself as the “only place ransomware allowed”—had its dark web and clear web sites seized by the FBI…
New threat actor, UAT-9921, leverages VoidLink framework in campaigns
Cisco Talos recently discovered a new threat actor, UAT-9921, leveraging VoidLink in campaigns. Their activities may go as far back as 2019, even without VoidLink.…
February 2026 Microsoft Patch Tuesday
2Critical 51Important 1Moderate 0Low Microsoft addresses 54 CVEs in the February 2026 Patch Tuesday released, including six zero-day vulnerabilities that were exploited in the wild…
Top 10 web hacking techniques of 2024
Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web…
Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries
Ravie LakshmananMar 03, 2026Vulnerability / Artificial Intelligence The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source,…
Critical Nginx UI flaw CVE-2026-27944 exposes server backups
Critical Nginx UI flaw CVE-2026-27944 exposes server backups Pierluigi Paganini March 08, 2026 Nginx UI flaw CVE-2026-27944 lets attackers download and decrypt server backups without…
Path masquerading: Hide in plain sight
I. INTRODUCTION With low privileges as a normal user, how will you fly under the radar of Endpoint Detection and Response (EDR)? EDR evasion techniques…