-
Attackers are increasingly targeting cloud logging platforms to evade detection and maintain persistent visibility into compromised environments. The report highlights how critical services such as AWS CloudTrail and Google Cloud Logging, designed to p…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Windows variants of SprySOCKS, a backdoor long associated with FishMonger (aka Earth Lusca/TAG-22), expanding a toolset that was until now Linux-only. The two Windows builds internally labelled WIN_DRV and WIN_PLUS preserve the original SprySOCKS proto…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A significant authentication flaw has been discovered in the PPP stack of OpenBSD, allowing attackers to bypass the Password Authentication Protocol (PAP) validation and gain unauthorized network access. Although this vulnerability was patched in June …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malware campaign has been abusing Steam Workshop’s sharing model to distribute backdoors, infostealers and crypto miners hidden inside Wallpaper Engine packages, primarily targeting gamers in China and Russia. The campaign exploits Wall…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools, identified as CVE-2026-35273. This vulnerability, cat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are injecting malicious JavaScript into compromised WordPress sites to deploy ErrTraffic-powered ClickFix lures, a campaign that achieved nearly 60% victim conversion rates an unprecedented figure in malware ecosystems. Threat actors exploit Wo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Rokarolla, a new Android banking trojan named after its Command-and-Control (C2) infrastructure, that combines sophisticated social engineering, broad permissions abuse, and a flexible command set to harvest credentials from 217 targeted banking and cr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A coordinated supply chain attack targeting JetBrains IDE users has exposed over 70,000 developers to silent credential theft. The campaign involves at least 15 malicious plugins distributed via the JetBrains Marketplace, masquerading as AI-powered cod…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
NVIDIA has disclosed multiple high-severity vulnerabilities in its NeMo Framework, including a critical command injection flaw that could allow attackers to execute arbitrary code on affected systems. These issues, outlined in the June 2026 security bu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fortra has reported a critical command injection vulnerability in its Core Privileged Access Manager (BoKS) platform, which could allow remote attackers to execute arbitrary commands with elevated privileges. This could potentially lead to a full syste…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
