-
A persistent bug in Windows 11 in-place upgrades is reportedly wiping critical 802.1X wired authentication configurations, leaving enterprise workstations completely offline until manual intervention occurs. System administrators across Reddit’s r/sysa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Malicious Packagist packages masquerading as Laravel helper utilities are delivering an obfuscated PHP remote access trojan (RAT) that grants full remote control over compromised hosts. Two of these, nhattuanbl/lara-helper and nhattuanbl/simple-queue, …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers from the Google Threat Intelligence Group (GTIG) have uncovered “Coruna,” a highly sophisticated iOS exploit kit responsible for compromising thousands of iPhones. Targeting iOS versions 13.0 through 17.2.1, the framewo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SloppyLemming Espionage Campaign Targets Pakistan, Bangladesh with BurrowShell Backdoor and Rust RAT
SloppyLemming, an India-linked espionage group also known as Outrider Tiger and Fishing Elephant, has run a year-long cyber campaign against high‑value targets in Pakistan and Bangladesh using a new BurrowShell backdoor and a Rust-based remote access t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new phishing framework called Starkiller is raising the bar for “phishing-as-a-service” by serving victims the real login pages of major brands through attacker infrastructure, making pages look authentic and stay up to date. By acting as a live reve…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new wave of malvertising activity linked to the threat group “D‑Shortiez” has been observed exploiting a WebKit browser flaw to hijack the back button on Safari and other iOS browsers. This technique revives a classic forced‑redirect approach that tr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Keygraph has released Shannon, a fully autonomous AI-powered penetration testing tool designed to identify and actively exploit real vulnerabilities in web applications before malicious actors can. Unlike traditional scanners that generate alerts, Shan…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An active Zerobot campaign abusing two critical vulnerabilities CVE-2025-7544 in Tenda AC1206 routers and CVE-2025-68613 in the n8n workflow automation platform to deploy a Mirai-based payload dubbed Zerobotv9. The campaign uses common download tools a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hewlett Packard Enterprise (HPE) has disclosed a remote authentication-bypass vulnerability in HPE AutoPass License Server (APLS) that could let unauthenticated attackers bypass login controls over the network. The issue is tracked as CVE-2026-23600 an…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new supply-chain attack dubbed StegaBin is targeting JavaScript developers through 26 malicious npm packages that appear to be popular open-source libraries but secretly deploy a multi-stage credential-stealing toolkit and a Remote Access Trojan (RAT…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶