-
Atlassian has disclosed a critical OS Command Injection vulnerability (CVE-2026-21571) in Bamboo Data Centre and Server, with a CVSS score of 9.4, enabling authenticated attackers to execute commands on affected systems remotely. The flaw, tracked as C…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft is warning that North Korea‑aligned group Jasper Sleet is abusing remote hiring to slip fake IT workers into cloud environments by posing as legitimate staff and then abusing trusted access. Since the pandemic, many companies hire globally, v…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A fully exposed command-and-control (C2) panel for a previously undocumented remote access trojan (RAT) framework dubbed Auraboros, supporting live audio streaming, intensive keylogging, browser credential theft, and multi-cookie hijacking all accessib…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
DinDoor is a newly documented backdoor that abuses the Deno JavaScript runtime and MSI installer files to execute attacker‑controlled code while sidestepping traditional detection controls quietly. Hiding behind trusted runtimes and common Windows tool…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Compromised Namastex npm packages are delivering a new TeamPCP-style CanisterWorm variant that targets developer secrets, browser and wallet data, and then attempts to spread across npm and PyPI ecosystems using canister-backed exfiltration infrastruct…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
More than 1,370 Microsoft SharePoint servers remain publicly exposed to an actively exploited spoofing vulnerability, putting countless corporate networks at severe risk. Identified by threat intelligence researchers at The Shadowserver Foundation, the…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Amazon and Anthropic have announced a massive expansion of their strategic partnership. The tech giants signed a new agreement to secure up to 5 gigawatts (GW) of compute capacity for training and deploying the Claude AI model. This aggressive push hig…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The French National Agency for Secure Documents (ANTS) has officially confirmed a severe data breach affecting its central government portal. This critical infrastructure system manages the issuance of national identity cards, passports, vehicle regist…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A direct operational link between Iran’s MuddyWater espionage group and the Russian TAG-150 CastleRAT malware-as-a-service (MaaS) platform, showing how state and criminal ecosystems are now tightly intertwined. Investigators recovered 15 malware sample…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft-signed developer tooling is being abused to quietly deploy a new LOTUSLITE backdoor variant against India’s banking sector, in what researchers link to the China‑nexus Mustang Panda espionage cluster with moderate confidence. The backdoor ret…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
