-
Socket’s Threat Research Team has uncovered a coordinated Chrome extension campaign targeting enterprise HR and ERP platforms, including Workday, NetSuite, and SAP SuccessFactors. Five malicious extensions, collectively installed over 2,300 times, work…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have identified a sophisticated backdoor malware variant, PDFSIDER, that leverages DLL side-loading to evade endpoint detection and response (EDR) systems. The threat demonstrates advanced persistent threat (APT) tradecraft, combin…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Mandiant has publicly released comprehensive rainbow tables designed to crack Net-NTLMv1 authentication hashes, addressing a critical security gap that has persisted for over two decades, despite the protocol being deprecated and widely recog…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers and penetration testers gain a comprehensive open-source reconnaissance platform with the release of Argus v2.0, a Python-based information gathering toolkit that consolidates 135 specialised modules into a unified command-line int…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researcher has disclosed a critical vulnerability in ServiceNow’s Virtual Agent API and Now Assist AI Agents application, tracked as CVE-2025-12420. Dubbed “BodySnatcher,” this flaw enables unauthenticated attackers to impers…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers from Infoblox have successfully intercepted millions of malicious push notification advertisements by exploiting a DNS misconfiguration technique known as “lame nameserver delegation,” gaining complete visibility into a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat intelligence researchers at Huntress have uncovered a sophisticated browser extension campaign orchestrated by the KongTuke threat actor group, featuring a malicious ad blocker impersonating the legitimate uBlock Origin Lite extension. The campa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft’s January 2026 security update has disrupted enterprise Remote Desktop infrastructure, triggering widespread credential prompt failures that prevent users from accessing Azure Virtual Desktop and Windows 365 environm…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in Windows Kerberos authentication that enables attackers to conduct credential-relay attacks by exploiting DNS CNAME records. Tracked as CVE-2026-20929, this flaw allows threat actors to force victims into requesting Kerberos …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malware campaign has compromised users of Chrome, Firefox, and Edge by deploying 17 malicious extensions that employ advanced steganography techniques to evade detection. Collectively downloaded more than 840,000 times, the GhostPoster …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
