-
A newly identified threat actor tracked as JINX-0164 is targeting cryptocurrency organizations through sophisticated LinkedIn-based social engineering campaigns. The financially motivated group has been active since at least mid-2025. It is leveraging …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are increasingly turning to generative AI tools such as ChatGPT and Google Gemini to accelerate cyberattack operations, lowering technical barriers and reshaping modern threat landscapes. A recent report by WithSecure highlights a Russia-…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly discovered malicious NuGet package disguised as a legitimate Sicoob software development kit (SDK) has been caught exfiltrating sensitive banking credentials, highlighting a dangerous evolution in software supply chain attacks. Security researc…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Attackers are increasingly weaponizing trusted developer tools to infiltrate software supply chains, with CISA warning of multiple ongoing campaigns targeting CI/CD ecosystems and developer workflows. Recent incidents, including a compromised Visual St…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A coordinated npm supply chain attack has been uncovered targeting developers working with OpenSearch, ElasticSearch, and DevOps tooling, with attackers actively stealing cloud credentials and CI/CD secrets from infected systems. The malicious packages…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitLab has released patch versions 19.0.1, 18.11.4, and 18.10.7 to fix seven security issues affecting GitLab CE and EE, including Duo AI workflow runner access control, a Wiki denial-of-service flaw, and several authorization bugs across GraphQL, Duo …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are actively exploiting trust in Adobe Document Cloud by using fake delivery pages to install remote access malware. The campaign leverages a sophisticated phishing kit named “RatPressto,” which abuses compromised WordPress sites and legitimate…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability in Samba’s printing subsystem has been disclosed, allowing unauthenticated attackers to execute arbitrary code remotely on affected servers. Tracked as CVE-2026-4480, the flaw carries a maximum CVSS score of 10.0, high…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
“Zapocalypse” is a newly disclosed attack chain that shows how attackers could have abused Zapier’s “Code by Zapier” feature to move from a single sandboxed Python step to a potential full-scale Zapier account takeover. The research, carried out by Tok…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenVPN has released a critical security update for its macOS client after researchers uncovered a vulnerability that could allow remote command execution on affected systems. The issue, tracked as CVE-2026-9560, impacts the privileged helper component…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
