-
A financially motivated campaign dubbed “Payroll Pirate” has emerged using advanced phishing and adversary-in-the-middle (AiTM) session hijacking to bypass multifactor authentication (MFA) and reroute payroll disbursements. This operation t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A remote code execution (RCE) vulnerability in Jenkins, tracked as CVE-2026-53435, is now actively exploited in the wild. The flaw, stemming from insecure deserialization during Jenkins’ config.xml processing, allows unauthenticated or low-privileged a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Windows 11 cumulative update KB5094126, released on June 9, 2026, for builds 26200.8655 and 26100.8655, is triggering a wave of user reports about system freezes, forced BitLocker recovery screens, and broken OneDrive integration in File Explorer on so…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A long-running, highly disciplined intrusion attributed to the China-nexus actor known as Velvet Ant has been revealed as a near-decade campaign of silent access that culminated in the replacement of core authentication components OpenSSH binaries and …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly enhanced version of the open-source DPAPISnoop tool is drawing attention in the security community after researchers demonstrated its ability to extract offline-crackable hashes from Windows DPAPI credential history (CREDHIST) files, potentiall…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A coordinated campaign of 23 seemingly legitimate Chrome extensions tracked as “SearchJack” has quietly hijacked the default search settings of roughly 758,000 users, routing queries through operator-controlled monetization middleware befor…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat intelligence sources have flagged a potential cybersecurity incident involving Nintendo after threat actor “SHADOWBYT3$” allegedly claimed responsibility for breaching internal systems and exfiltrating sensitive data. The claim surfaced on June …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Palo Alto Networks has issued an urgent warning after confirming active exploitation of a GlobalProtect VPN vulnerability, tracked as CVE-2026-0257, impacting PAN-OS deployments with specific configurations. The flaw, which affects the GlobalProtect po…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
PromptSnatcher (internal identifier: Panel 231) is a modern, stealthy data collection operation embedded inside two browser extensions that masquerade as ad‑blockers while harvesting full chat conversations and account metadata from major AI platforms….
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CVE-2025-8088, a WinRAR path traversal vulnerability patched in July 2025, remains a potent initial access vector for multiple intrusion sets targeting Ukraine. Analysis of attacks through April 2026 shows at least two distinct campaigns exploiting thi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
