-
A long-running Telegram influence and fraud campaign where a solo threat actor leveraged stolen Google Gemini API keys and jailbroken AI to automate content generation, credential theft, and infrastructure operations at scale. Tracked as “bandcampro,” …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability in KMW CCTV security cameras could allow attackers to gain full, unauthorised access to live surveillance feeds and device settings, raising serious concerns for organisations that rely on these systems in sensitive en…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Russian authorities have disclosed a suspected large-scale cyber espionage operation targeting the mobile devices of senior government officials, raising fresh concerns over advanced spyware campaigns and mobile surveillance threats. The Federal Securi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Mustang Panda is using a fake “Browser Updater” and a multi‑stage LNK–PowerShell loader to sideload PlugX through a legitimate G DATA antivirus binary, ultimately beaconing over HTTPS to a hard‑coded C2 while hiding configuration and strings behind lay…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical supply chain vulnerability in Anthropic’s Claude Code GitHub Actions workflow has been disclosed, exposing thousands of repositories to potential full compromise through a single malicious GitHub issue. Security researcher Ryota K from GMO F…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert warning that threat actors are actively exploiting a critical vulnerability in Palo Alto Networks PAN-OS, tracked as CVE-2026-0257. The flaw, categorized as an …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Oracle WebLogic Server vulnerability, tracked as CVE-2024-21182, to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is actively exploited in …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has disclosed a critical Android zero-day vulnerability that is reportedly being actively exploited in targeted attacks, raising serious concerns about the risk of large-scale device compromise. The issue, tracked as CVE-2025-48595, was highligh…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are actively abusing open-source ecosystems to steal sensitive developer data through a large-scale supply chain attack dubbed “TrapDoor,”. The campaign spans npm, PyPI, and Crates.io, leveraging 34 malicious packages and 384 versions to target…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are actively deploying a sophisticated malware framework dubbed AZUREVEIL, an Adaptix-based command-and-control (C2) agent, through a targeted spearphishing campaign aimed at government and enterprise sectors in the Czech Republic and Taiwan. T…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
