-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Broadcom’s VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog. This flaw, identified as CVE-2026-22719, is currently …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated phishing campaign has recently emerged, leveraging Google Cloud’s trusted infrastructure to host malicious redirects. The campaign’s technical structure leverages Google Cloud Storage legitimate domain, googleapis.com, which is widely t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A threat actor known as FulcrumSec has claimed responsibility for a data breach at LexisNexis Legal & Professional, the legal information division of RELX Group. The actor alleges they have stolen 2.04 GB of structured data from the company’s…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft recently uncovered sophisticated phishing campaigns that exploit the by-design redirection mechanisms of the OAuth 2.0 protocol. Threat actors are targeting government and public-sector organizations by manipulating legitimate authentication …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Silver Dragon is a Chinese‑aligned APT group that has been targeting public sector and high‑profile organizations in Europe and Southeast Asia since at least mid‑2024, with strong operational overlap to APT41 tradecraft. The group combines classic post…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A persistent bug in Windows 11 in-place upgrades is reportedly wiping critical 802.1X wired authentication configurations, leaving enterprise workstations completely offline until manual intervention occurs. System administrators across Reddit’s r/sysa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Malicious Packagist packages masquerading as Laravel helper utilities are delivering an obfuscated PHP remote access trojan (RAT) that grants full remote control over compromised hosts. Two of these, nhattuanbl/lara-helper and nhattuanbl/simple-queue, …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers from the Google Threat Intelligence Group (GTIG) have uncovered “Coruna,” a highly sophisticated iOS exploit kit responsible for compromising thousands of iPhones. Targeting iOS versions 13.0 through 17.2.1, the framewo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SloppyLemming Espionage Campaign Targets Pakistan, Bangladesh with BurrowShell Backdoor and Rust RAT
SloppyLemming, an India-linked espionage group also known as Outrider Tiger and Fishing Elephant, has run a year-long cyber campaign against high‑value targets in Pakistan and Bangladesh using a new BurrowShell backdoor and a Rust-based remote access t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new phishing framework called Starkiller is raising the bar for “phishing-as-a-service” by serving victims the real login pages of major brands through attacker infrastructure, making pages look authentic and stay up to date. By acting as a live reve…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶