Qualys Recognized as a Leader in the 2026 Forrester Wave for CNAPP
Qualys’ Key Takeaways Qualys Named a Leader: Recognized as one of only three leaders in The Forrester Wave: Cloud-Native Application Protection Solutions (CNAPP), Q1 2026.…
Latest Cybersecurity News — Page 675
View all →
Drag and Pwnd: Leverage ASCII characters to exploit VS Code
Control characters like SOH, STX, EOT and ETX were never meant to run your code – but in the world of modern terminal emulators, they…
APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
Ravie LakshmananMar 04, 2026Malware / Windows Security Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been…
Massive GitHub malware operation spreads BoryptGrab stealer
Massive GitHub malware operation spreads BoryptGrab stealer Pierluigi Paganini March 08, 2026 Trend Micro found BoryptGrab stealer spreading through 100+ GitHub repositories, stealing browser data,…
Stealthy Persistence With Non-Existent Executable File
I. INTRO One of the daily tasks of Pentesters or Redteamers is to establish and maintain persistence to ensure access to a compromised system…
Zero-day exploits hit enterprises faster and harder
Microsoft was the most targeted vendor, with 25 zero-days exploited across its products, followed by Google with 11, Apple with eight, and Cisco and Fortinet…
Microsoft releases urgent Office patch. Russian-state hackers pounce.
Russian-state hackers wasted no time exploiting a critical Microsoft Office vulnerability that allowed them to compromise the devices inside diplomatic, maritime, and transport organizations in…
IAM Identity Center now supports IPv6
Amazon Web Services (AWS) recommends using AWS IAM Identity Center to provide your workforce access to AWS managed applications—such as Amazon Q Developer—and AWS accounts.…
New Dohdoor malware campaign targets education and health care
Cisco Talos discovered an ongoing malicious campaign since at least as early as December 2025 by a threat actor we track as “UAT-10027,” delivering a previously undisclosed backdoor dubbed “Dohdoor.” Dohdoor utilizes the DNS-over-HTTPS (DoH)…
New malicious npm package ‘ambar-src’ targets developers with open source malware
Tenable Research investigated a malicious npm package with around 50,000 downloads in the public registry. We observed various detection-evasion techniques and saw it deploy multiple…
Repeater Strike: manual testing, amplified
Manual testing doesn’t have to be repetitive. In this post, we’re introducing Repeater Strike – a new AI-powered Burp Suite extension designed to automate the…
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
Ravie LakshmananMar 04, 2026Threat Intelligence / Application Security Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit…