-
A malicious VS Code extension in the Open VSX registry that masquerades as the popular Angular Language Service. Published two weeks ago, it amassed 5,066 downloads before activating sophisticated malware. The extension bundles legitimate Angular tooli…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
NVIDIA has released critical security updates for its GPU Display Drivers after discovering multiple high-severity vulnerabilities that could allow attackers to execute malicious code and escalate privileges on affected systems. The security bulletin, …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Wireshark Foundation released Wireshark version 4.6.3 on January 14, 2026, addressing four critical security vulnerabilities and multiple stability issues affecting the popular network protocol analysis tool. The maintenance update targets crashes …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ivanti has disclosed two critical vulnerabilities affecting Endpoint Manager Mobile (EPMM) that could allow attackers to achieve unauthenticated remote code execution. The flaws, tracked as CVE-2026-1281 and CVE-2026-1340, both stem from code injection…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A stealthy data theft technique in Microsoft 365 that abuses Outlook add-ins to exfiltrate email content without leaving meaningful forensic traces. The technique, dubbed “Exfil Out&Look,” takes advantage of how Outlook Web Access (OWA) handles add…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An exposed command-and-control server hosting a complete deployment of the BYOB (Build Your Own Botnet) framework, a sophisticated post-exploitation tool targeting Windows, Linux, and macOS systems. The discovery, made through Hunt.io’s AttackCap…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Databricks introduced BlackIce at CAMLIS Red 2025, an open-source containerized toolkit that consolidates 14 widely-used AI security tools into a single, reproducible environment. This innovation addresses critical pain points in AI red teaming by elim…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Swarmer, a sophisticated tool designed to manipulate Windows registry hives while bypassing endpoint detection systems. The tool exploits legacy Windows infrastructure to achieve persistent access without triggering traditional EDR monitoring systems t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals are exploiting Google Search Ads to distribute malware through deceptive landing pages that impersonate Apple’s official website design. The malicious ads appear prominently in Google Search results when users search for “mac…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
MicroWorld Technologies’ eScan antivirus platform fell victim to a sophisticated supply chain attack on January 20, 2026, when threat actors compromised legitimate update infrastructure to distribute multi-stage malware to enterprise and consumer…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
