Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Security researchers at Straiker’s AI Research (STAR) team have uncovered Villager, an AI-native penetration testing framework developed by Chinese-based group Cyberspike that has already accumulated over 10,000 downloads within two months of its release on the official Python Package Index…

Read more →

Microsoft has released security advisories for four newly discovered vulnerabilities in its Windows Defender Firewall Service that could enable attackers to elevate privileges on affected Windows systems. The flaws, tracked as CVE-2025-53808, CVE-2025-54104, CVE-2025-54109, and CVE-2025-54915, were all disclosed on…

Read more →

ESET Research has uncovered a sophisticated new ransomware variant called HybridPetya, discovered on the VirusTotal sample sharing platform. This malware represents a dangerous evolution of the infamous Petya/NotPetya ransomware family, incorporating advanced capabilities to compromise UEFI-based systems and exploit CVE-2024-7344…

Read more →

EvilAI, a new malware family tracked by Trend™ Research, has emerged in recent weeks disguised as legitimate AI-driven utilities. These trojans sport professional user interfaces, valid code signatures, and functional features, allowing them to slip past both corporate and personal…

Read more →

In 2025, the cybersecurity landscape is defined by its complexity and the speed of modern threats. Security teams are overwhelmed by a fragmented array of security controls and a lack of clear visibility into what’s actually working. Breach and Attack…

Read more →

A sophisticated malvertising campaign has been uncovered targeting unsuspecting users through “dangling commits” in a legitimate GitHub repository. Attackers are injecting promotional content for a counterfeit GitHub Desktop installer into popular development and open-source projects. When users download what appears…

Read more →

A malicious ISO image named Servicenow-BNM-Verify.iso was uploaded to VirusTotal from Malaysia with almost no detections. The image contains four files—two openly visible and two hidden. The visible files include a Windows shortcut, servicenow-bnm-verify.lnk, which launches PanGpHip.exe, a legitimate Palo…

Read more →

Backdoor malware is a covert type of malicious software designed to bypass standard authentication mechanisms and provide persistent, unauthorized access to compromised systems. Unlike conventional malware that prioritizes immediate damage or data theft, backdoors focus on stealth and longevity, enabling…

Read more →

Recent threat campaigns have revealed an evolving use of BAT-based loaders to deliver Remote Access Trojans (RATs), including XWorm and Remcos. These campaigns typically begin with a ZIP archive—often hosted on seemingly legitimate platforms such as ImgKit—designed to entice user…

Read more →

A critical security vulnerability has been discovered in the popular Axios HTTP client library that allows attackers to crash Node.js applications through malicious data URL handling. The flaw, tracked as CVE-2025-58754, affects all versions of Axios before 1.11.0 and has been…

Read more →

In a striking evolution of its tactics, the Sidewinder advanced persistent threat (APT) group—also known as APT-C-24 or “Rattlesnake”—has adopted a novel delivery mechanism leveraging Windows shortcut (LNK) files to orchestrate complex, multi-stage intrusions across South Asia. Active since at…

Read more →

In a startling development on September 8, the Telegram channel “scattered LAPSUS$ hunters 4.0” declared its intention to “go dark” after taunting law enforcement for repeated missteps. With an audacious message aimed squarely at the FBI and French authorities, the…

Read more →

Apple has issued urgent warnings about sophisticated spyware attacks targeting specific users worldwide, including journalists, activists, politicians, and diplomats. Mercenary spyware attacks differ significantly from regular cybercriminal activity. These attacks cost millions of dollars and target only a small number…

Read more →

Microsoft announced the phased deprecation of VBScript in Windows, significantly impacting VBA developers who rely on VBScript libraries for regular expressions and external script execution. The company outlined a comprehensive timeline and provided migration guidance to help developers future-proof their…

Read more →

A groundbreaking vulnerability has emerged in the newly released K2 Think AI model from UAE’s Mohamed bin Zayed University of Artificial Intelligence (MBZUAI) in collaboration with G42. Security researchers have successfully jailbroken the advanced reasoning system within hours of its…

Read more →

A critical security flaw in Daikin Security Gateway systems has been discovered that could enable attackers to bypass authentication and gain unauthorized access to industrial control systems. The vulnerability, tracked as CVE-2025-10127, affects organizations worldwide that rely on Daikin’s security infrastructure…

Read more →

Oracle has released VirtualBox 7.2.2, a critical maintenance update that addresses multiple GUI crashes and stability issues affecting users across Windows, Linux, and macOS platforms. Released on September 10, 2025, this update represents a significant improvement in the virtualization software’s…

Read more →

The latest ToneShell variant introduces a notable advancement in its persistence strategy by leveraging the Windows Task Scheduler COM service. This lightweight backdoor, traditionally delivered through DLL sideloading techniques, now incorporates enhanced persistence mechanisms and sophisticated anti-analysis capabilities that pose…

Read more →

Microsoft is significantly enhancing security for its Teams platform by introducing automatic warning systems that alert users about malicious links in chat messages. This new protective feature represents a crucial advancement in safeguarding collaboration platforms from increasingly sophisticated cyber threats…

Read more →

Cybersecurity researchers at ETH Zurich have disclosed a critical new Spectre-based attack called VMSCAPE that exploits incomplete branch predictor isolation in virtualized cloud environments. The attack, tracked as CVE-2025-40300, affects multiple generations of AMD and Intel processors and enables malicious virtual machines to…

Read more →

Cornwell Quality Tools, a leading automotive and industrial tool supplier, has confirmed a significant data breach that compromised the personal information of 103,782 individuals. The cybersecurity incident occurred on December 12, 2024, when unauthorized attackers gained access to the company’s…

Read more →

Mobile Application Penetration Testing is a critical cybersecurity service in 2025, focusing on a unique and rapidly evolving attack surface. These tests go beyond static code analysis to assess an app’s runtime behavior, server-side interactions, and how it handles sensitive…

Read more →

Cloud is the foundation of modern business, but it comes with a complex and evolving security landscape. Traditional penetration testing, which focuses on on-premise networks and applications, is not sufficient to secure these dynamic environments. Cloud penetration testing requires specialized…

Read more →

In early May 2025, Unit 42 researchers observed multiple instances of AdaptixC2 being deployed to infect enterprise systems. Unlike many high-profile command-and-control (C2) platforms, AdaptixC2 has flown under the radar, with scant public documentation demonstrating its use in live adversary…

Read more →

A high vulnerability in Angular’s server-side rendering (SSR) feature can lead to sensitive data exposure when multiple requests are handled at the same time. This flaw, tracked as CVE-2025-59052, stems from a global race condition in the platform injector that…

Read more →

In a stark reminder of how vulnerable online services remain, Qrator Labs has revealed that a sprawling Layer 7 distributed denial-of-service (DDoS) botnet has swelled to over 5.76 million compromised devices, unleashing unprecedented traffic against critical infrastructures. Monitored since late…

Read more →

A newly discovered attack method targeting ArgoCD and Kubernetes that could give red-teamers fresh ammo and blue-teamers fresh headaches. This technique lets an attacker abuse Kubernetes DNS to steal powerful Git credentials from ArgoCD, potentially taking over entire Git accounts.…

Read more →

The revelation that commercially available FlexiSPY spyware was clandestinely installed on devices belonging to Kenyan filmmakers while in police custody has ignited fresh concerns over press freedom and governmental overreach. Forensic analysis conducted by the Citizen Lab at the University…

Read more →

A critical flaw in CoreDNS’s etcd plugin can let attackers pin DNS records in caches for years, effectively blocking legitimate updates. This vulnerability, tracked as CVE-2025-58063, stems from incorrect handling of etcd lease IDs. It affects every CoreDNS release from…

Read more →

London North Eastern Railway (LNER) has confirmed that an unauthorized breach at one of its third-party suppliers exposed contact details and travel histories of some passengers. No banking or password data were involved. The company says it is treating the…

Read more →

A Chinese APT group compromised a Philippine military company using a new, fileless malware framework called EggStreme. This multi-stage toolset achieves persistent, low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading to execute payloads. The core…

Read more →

The threat actor delivers three Remote Access Trojans (RATs)—ValleyRAT, FatalRAT, and a newly discovered RAT dubbed kkRAT—via phishing sites hosted on GitHub Pages. These sites masquerade as legitimate software installers for popular applications. In each instance, a ZIP archive contains…

Read more →

A newly disclosed vulnerability in the Palo Alto Networks User-ID Credential Agent on Windows systems allows service account passwords to be exposed in cleartext under certain non-default configurations. Tracked as CVE-2025-4235, the flaw carries a CVSS base score of 4.2…

Read more →

Spoof the email delivery platform SendGrid and employ fake Cloudflare CAPTCHA interstitials to lend legitimacy before redirecting unsuspecting users to credential harvesting pages. Since June 1, 2025, DomainTools Investigations has identified 21 newly registered domains exhibiting hallmarks of the eCrime…

Read more →

During a recent threat hunting exercise, the Sysdig Threat Research Team (TRT) identified a new sample dubbed ZynorRAT. This Go-based Remote Access Trojan (RAT) delivers a comprehensive suite of custom command-and-control (C2) capabilities for both Linux and Windows systems. First…

Read more →

Senator Ron Wyden has formally requested the Federal Trade Commission investigate Microsoft for cybersecurity negligence that has enabled ransomware attacks against critical infrastructure organizations nationwide. In a September 10 letter to FTC Chair Andrew Ferguson, Wyden detailed how Microsoft’s dangerous…

Read more →

A critical vulnerability in NVIDIA’s NVDebug tool could allow attackers to gain elevated system access, execute code, or tamper with data. NVIDIA released a security bulletin on September 8, 2025, reporting three distinct flaws in the NVDebug tool and urging…

Read more →

A critical vulnerability in the Cursor AI Code Editor exposes developers to stealthy remote code execution (RCE) attacks when opening code repositories, security researchers warn. The flaw, discovered by Oasis Security, allows attackers to deliver and run harmful code automatically,…

Read more →

FastNetMon today announced that it detected a record-scale distributed denial-of-service (DDoS) attack targeting the website of a leading DDoS scrubbing vendor in Western Europe. The attack reached 1.5 billion packets per second (1.5 Gpps) — one of the largest packet-rate floods publicly disclosed. The…

Read more →

A new wave of macOS-targeted malware has emerged under the radar—despite employing advanced process reconnaissance and maintaining successful notarization status for years. Jamf Threat Labs recently uncovered a developer-signed sample on VirusTotal that used sophisticated endpoint profiling and established persistence…

Read more →

 FastNetMon today announced it detected a record-scale distributed denial-of-service (DDoS) attack targeting the website of a leading DDoS scrubbing vendor in Western Europe. The attack peaked at 1.5 billion packets per second (1.5 Gpps), making it one of the largest…

Read more →

The U.S. District Court for the Eastern District of New York has charged Volodymyr Viktorovich Tymoshchuk, a Ukrainian national known as deadforz, Boba, msfv, and farnetwork, for his role in administering LockerGoga, MegaCortex, and Nefilim ransomware operations. The indictment alleges…

Read more →

The Australian Cyber Security Centre (ACSC) has issued an urgent warning about a critical vulnerability in SonicWall firewall devices that is being actively exploited by threat actors. The flaw, tracked as CVE-2024-40766, affects SonicOS management access and SSLVPN functionality across…

Read more →

A sophisticated campaign targeting Meta advertisers through fake AI-powered ad optimization tools has been uncovered, with cybercriminals deploying malicious Chrome extensions to steal credentials and hijack business accounts. Cybereason Security Services has identified an evolving malicious Chrome extension campaign that…

Read more →

On September 8th, 2025, at approximately 9AM EST, the npm ecosystem faced an acute supply chain attack. A threat actor leveraged social engineering techniques to compromise the account of well-known npm developer Qix, subsequently publishing malicious releases for several widely-used…

Read more →

A recent bug bounty discovery has drawn attention to a browser-specific reflected Cross-Site Scripting (XSS) vulnerability on help-ads.target.com. This flaw was found to bypass Amazon CloudFront’s Web Application Firewall (WAF) protections but could only be exploited on the Safari browser.…

Read more →

Dell has released a critical security update for its PowerProtect Data Manager (PPDM) platform, addressing multiple vulnerabilities that could allow attackers to compromise systems and execute arbitrary commands. The security advisory DSA-2025-326 reveals several high-severity flaws affecting versions 19.19 and…

Read more →

CyberVolk ransomware, which first emerged in May 2024, has escalated its operations against government agencies, critical infrastructure, and scientific institutions across Japan, France, and the United Kingdom. Operating with pro-Russian leanings, CyberVolk specifically targets states perceived as hostile to Russian…

Read more →

GitLab has released critical security updates across multiple versions to address six significant vulnerabilities that could enable denial-of-service attacks, server-side request forgery, and information disclosure. The company released versions 18.3.2, 18.2.6, and 18.1.6 for both Community Edition and Enterprise Edition,…

Read more →

Fileless malware has become a formidable adversary for security teams, operating entirely in memory and evading disk-based detection. A recent incident demonstrates how attackers leveraged a multi-stage fileless loader to deploy AsyncRAT, a powerful Remote Access Trojan (RAT), through legitimate…

Read more →

Content creators and small businesses are facing a sophisticated new threat targeting their Facebook accounts through deceptive advertisements promising free Meta verification badges. A new malvertising campaign is targeting Facebook users with malicious ads that promise to unlock Meta’s coveted…

Read more →

Sofia, Bulgaria, September 10th, 2025, CyberNewsWire Kikimora, a cybersecurity specialist and a product developer, has announced the launch of Kikimora Agent, a new AI-powered platform providing accessible cybersecurity management, vulnerability detection, and asset monitoring for businesses, individuals, and students. Kikimora…

Read more →

A newly disclosed vulnerability in Apple’s CarPlay ecosystem enables remote code execution with root privileges, posing a serious risk to connected vehicles. Discovered by the Oligo Security Research team and tracked as CVE-2025-24132, the flaw resides within the AirPlay protocol implementation used…

Read more →

KuCoin’s security team has uncovered a new phishing campaign orchestrated by the Lazarus Group (APT38), the notorious state-sponsored collective renowned for financially motivated cyberespionage. Armed with government resources and a history of high-profile breaches, Lazarus continues to evolve its tactics…

Read more →

Millions of people and businesses trust Google Drive every day to store important files like contracts, reports, photos, and research papers. The desktop app for Windows promises secure and seamless syncing of files between local folders and the cloud. Yet…

Read more →

The Amp’ed RF BT-AP 111 Bluetooth Access Point has been discovered to expose its HTTP-based administrative interface entirely without authentication controls, enabling unauthenticated attackers with network access to seize full administrative privileges. This critical security oversight undermines fundamental defensive measures…

Read more →

Microsoft has disclosed two serious security vulnerabilities in its Office suite that allow attackers to execute arbitrary code on affected systems. Both flaws were publicly released on September 9, 2025, and have been assigned CVE identifiers CVE-2025-54910 and CVE-2025-54906. These…

Read more →

HackerOne, a leading vulnerability coordination platform, has confirmed that its Salesforce environment was compromised in a recent third-party data breach. The incident stemmed from an attack on the Drift application provided by Salesloft, which allowed unauthorized actors to gain entry…

Read more →

In a twist of fate that underscores both the power and inherent transparency of endpoint detection and response (EDR) solutions. By investigating alerts generated through this deployment, the Huntress Security Operations Center (SOC) gained unprecedented insight into the adversary’s day-to-day…

Read more →

The cybersecurity landscape has witnessed a novel phishing campaign that weaponizes Google’s no-code platform, AppSheet, to harvest user credentials. By abusing AppSheet’s trusted email infrastructure, attackers are bypassing traditional security controls and delivering malicious content from legitimate domains. This development…

Read more →

Microsoft has released a warning about two serious security flaws in Windows BitLocker that could allow attackers to gain elevated privileges on affected machines. These vulnerabilities, tracked as CVE-2025-54911 and CVE-2025-54912, were publicly disclosed on September 9, 2025. Both issues…

Read more →

A sophisticated espionage campaign leveraging a previously unknown malware strain dubbed GONEPOSTAL, attributed to the notorious Russian state-sponsored group KTA007, better known as Fancy Bear or APT28. The malware transforms Microsoft Outlook into a covert command and control channel, representing…

Read more →

Sophos has released an important security advisory addressing a critical authentication bypass vulnerability in its AP6 Series Wireless Points. Attackers who can reach the management interface of an affected device may exploit this flaw to gain full administrator privileges. Sophos discovered…

Read more →

A critical security vulnerability has been discovered in SAP NetWeaver AS Java Deploy Service that enables authenticated attackers to execute arbitrary code and potentially achieve complete system compromise. The flaw, tracked as CVE-2025-42922, affects the Deploy Web Service component and poses significant risks…

Read more →

DarkSamural, a newly identified subspecies of the notorious OceanLotus APT, has launched a sophisticated campaign targeting high-value organizations in Pakistan. Leveraging malicious LNK files masquerading as PDF documents and sophisticated MSC containers empowered by GrimResource technology, the group delivered a…

Read more →

GitHub repositories for malware delivery through sophisticated weaponized LNK files, according to recent analysis by S2W’s Threat Intelligence Center, TALON. This campaign demonstrates the group’s evolving tactics in leveraging trusted platforms to bypass security measures and establish persistent access to…

Read more →

Google has released an urgent security update for Chrome to address two significant vulnerabilities, including a critical remote code execution flaw that could allow attackers to completely compromise user systems. The stable channel update brings Chrome to version 140.0.7339.127/.128 for…

Read more →

Major enterprise software provider Workday has disclosed a significant security incident that exposed customer data through a compromised third-party application, affecting business contact information and support case details. Third-Party Security Breach On August 23, 2025, Workday discovered a critical security…

Read more →

The Gentlemen ransomware group has emerged as a sophisticated threat actor, demonstrating advanced capabilities through systematic compromise of enterprise environments across 17 countries. Their campaign combines legitimate driver abuse, Group Policy manipulation, and custom anti-AV utilities to bypass enterprise endpoint…

Read more →

Microsoft has released its September 2025 Patch Tuesday update, addressing a total of 81 security vulnerabilities across its product portfolio. This extensive release includes fixes for two zero-day vulnerabilities that are actively being exploited. Among the patched flaws, ten are…

Read more →

In a world of evolving threats, the security of an organization’s internal network is just as important as its external defenses. An internal network penetration test simulates a real-world attack from a threat actor who has already gained a foothold…

Read more →

Fortinet has disclosed a significant OS command injection vulnerability in its FortiDDoS-F appliances that could allow privileged attackers to execute unauthorized code or commands through the command-line interface (CLI). The security flaw, identified as CVE-2024-45325, affects multiple versions of the FortiDDoS-F…

Read more →

 Ivanti released Security Advisory for Endpoint Manager versions 2024 SU3 and 2022 SU8, detailing two high‐severity flaws (CVE-2025-9712 and CVE-2025-9872). Both issues stem from insufficient filename validation and require only minimal user interaction, potentially granting full control over affected systems.…

Read more →

Ivanti on September 9 released a security advisory detailing six medium and five high severity vulnerabilities impacting Ivanti Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access. No evidence of customer exploitation has surfaced so far. Patches and fixes are available immediately…

Read more →

Zoom has released an urgent security update for its Windows client and Workplace platform to address multiple flaws, including a critical vulnerability that could allow attackers to hijack or manipulate the application. Users are strongly encouraged to apply the patch…

Read more →

Microsoft is rolling out AI-powered actions in File Explorer, allowing users to interact with files more deeply without leaving the folder view. By right-clicking any supported file, a new “AI actions” menu entry will appear. From there, users can choose various…

Read more →

South Korean internet users are being targeted by a sophisticated phishing campaign attributed to the North Korean threat actor known as Kimsuky. The malicious emails, masquerading as official notices from the National Tax Service (NTS), inform recipients of a “September…

Read more →

Dubbed RatOn, that combines traditional overlay attacks with NFC relay tactics to hijack bank accounts and initiate automated money transfers. Developed from scratch by a threat actor group observed since July 2025, RatOn represents a significant evolution in mobile fraud…

Read more →

Adobe has broken its regular patch schedule to address CVE-2025-54236, a critical vulnerability in Magento Commerce and open-source Magento installations. Dubbed “SessionReaper,” this vulnerability allows attackers to bypass input validation in the Magento Web API, enabling automated account takeover, data…

Read more →

Windows devices rely on a complex ecosystem of drivers to manage hardware and software interactions. When one driver fails to complete a critical task, the entire operating system can halt in a fatal error known as the Blue Screen of…

Read more →

In a sweeping effort to curb transnational cybercrime and human rights abuses, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) today imposed sanctions on a sprawling network of scam centers operating in Southeast Asia. These centers,…

Read more →

SAP’s Security Patch Day on September 9, 2025, introduced fixes for 21 newly discovered vulnerabilities across its product portfolio and provided updates to four previously released security notes. With four issues rated as Critical, organizations running SAP environments are urged to…

Read more →

A novel AI-driven email attack toolkit named SpamGPT has surfaced on underground hacking forums, promising cybercriminals an all-in-one platform for launching large-scale phishing campaigns. Advertised as an “AI-powered spam-as-a-service” solution, SpamGPT automates compromise of email servers, bypasses major spam filters, and offers…

Read more →

An emerging threat campaign has been identified that weaponizes a trojanized version of DeskSoft’s EarthTime application to deploy sophisticated malware, leveraging Remote Desktop Protocol (RDP) access for command execution and network reconnaissance. Security analysts attribute the intrusion to an affiliate…

Read more →

The Akamai Hunt Team has uncovered a new strain of malware that targets exposed Docker APIs with expanded infection capabilities. First observed in August 2025 within Akamai’s honeypot infrastructure, this variant diverges from the June 2025 Trend Micro report by…

Read more →

Jaguar Land Rover’s UK factories will remain closed until at least Wednesday as the company continues to recover from a cyberattack that struck its systems on 31 August. The carmaker shut down its IT networks in response to the breach,…

Read more →

Cybersecurity researchers at FortiGuard Labs have uncovered a sophisticated phishing campaign that deploys the MostereRAT remote access trojan to compromise Windows systems. The malware leverages advanced evasion techniques and installs legitimate remote access tools like AnyDesk and TightVNC to maintain…

Read more →

Dynatrace has confirmed that customer data stored in Salesforce was exposed following a third-party breach involving Salesloft’s Drift application. The incident, which occurred in August 2025, allowed unauthorized access to Salesforce CRM data across multiple companies. Both Salesloft and Salesforce…

Read more →

A new exploitation method has been discovered for the Linux kernel use-after-free (UAF) vulnerability tracked as CVE-2024-50264. The vulnerability was awarded the Pwnie Award 2025 for Best Privilege Escalation due to its complexity and impact on major Linux distributions. Researchers developed innovative techniques…

Read more →

A newly demonstrated attack technique has revealed a flaw in how Windows Defender manages its update and execution mechanism. By exploiting symbolic links, attackers can hijack Defender’s service folders, gain full control over its executables, and even disable the antivirus…

Read more →

Cybersecurity researchers at Silent Push have uncovered a sophisticated Chinese espionage operation linking two prominent threat actors, Salt Typhoon and UNC4841, revealing previously unreported infrastructure used to target government and corporate networks across more than 80 countries. The discovery of…

Read more →

The North Korean-aligned threat group APT37, also known as ScarCruft, Ruby Sleet, and Velvet Chollima, has evolved its cyber warfare capabilities by deploying sophisticated Rust and Python-based malware in recent campaigns targeting Windows systems. Active since 2012, this advanced persistent…

Read more →

Venezuelan President Nicolás Maduro made bold claims about cybersecurity during a press conference on September 1, 2025, as he showcased a Huawei smartphone gifted to him by Chinese President Xi Jinping. Holding up the device before international media in Caracas,…

Read more →

Hackers have hijacked 18 extremely popular npm packages, downloaded more than 2 billion times every week, injecting them with sophisticated malware that targets cryptocurrency users and developers. Early on September 8th, a security feed flagged the sudden update of 18…

Read more →

Qualys has confirmed that it was recently impacted by a cybersecurity campaign targeting Salesloft and Drift, two third-party SaaS platforms that integrate with Salesforce. The company emphasized that customer data and its own production environments on the Qualys Cloud Platform…

Read more →

LunaLock, a newly surfaced ransomware strain, has launched a targeted campaign against independent artists and their clients, demanding a hefty ransom in exchange for stolen creative works and leaked personal data. Emerging in early September 2025, the LunaLock group claims…

Read more →

A rare breach attributed to a North Korean–affiliated actor named “Kim” by the leakers has unveiled unprecedented insight into Kimsuky (APT43) operations. Dubbed the “Kim” dump, the 9 GB dataset includes active bash histories, phishing domains, OCR workflows, custom stagers,…

Read more →

A sophisticated cyberattack campaign where threat actors exploited compromised AWS credentials to hijack Amazon’s Simple Email Service (SES), launching large-scale phishing operations capable of sending over 50,000 malicious emails daily. The Wiz Research team identified this alarming SES abuse campaign…

Read more →

A newly disclosed security flaw in pgAdmin4, the widely used open-source tool for managing PostgreSQL databases, has raised serious concerns among developers and database administrators across the world. The vulnerability, tracked as CVE-2025-9636, was recently highlighted in the GitHub Advisory Database and…

Read more →

In a recent autonomous penetration test, a novel cross-site scripting (XSS) bypass that sidesteps even highly restrictive Web Application Firewalls (WAFs). Security researchers uncovered a ASP.NET application protected by a rigorously configured WAF. Conventional XSS payloads—breaking out of single-quoted JavaScript…

Read more →