-
Security researchers at EXPMON have uncovered a highly sophisticated, unpatched zero-day vulnerability actively targeting Adobe Reader users. The exploit, first detected in the wild late last month, allows threat actors to silently steal local files, g…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
EvilTokens is a new Phishing-as-a-Service (PhaaS) platform that turns stolen Microsoft 365 tokens and AI into an end‑to‑end factory for Business Email Compromise (BEC) at scale. By combining device-code phishing, custom tooling, and large language mode…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
IBM has issued an urgent security bulletin addressing a slew of vulnerabilities impacting IBM Verify Identity Access and IBM Security Verify Access. These flaws span across critical dependencies and internal mechanisms, exposing organizations to risks …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are abusing the Masjesu botnet to run high-volume DDoS-for-hire attacks against routers, gateways, and other exposed IoT infrastructure, turning everyday network hardware into commercial attack firepower. Operating quietly since early 2023 and …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GreyNoise has introduced a new capability, C2 Detection, to identify compromised edge devices such as firewalls, routers, and VPN systems assets that are increasingly targeted but often lack visibility in traditional security tools. Unlike endpoints, t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed flaw in OpenSSL could allow attackers to access sensitive data stored in application memory. Tracked as CVE-2026-31790, this moderate-severity vulnerability affects the handling of RSA Key Encapsulation Mechanism (KEM) RSASVE encapsul…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A high-severity security vulnerability has been discovered in Docker Engine, exposing hosts to potential authorization bypass attacks. Tracked as CVE-2026-34040, the flaw allows attackers to evade authorization plugins (AuthZ) by manipulating API reque…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are rolling out a new 64‑bit infostealer dubbed Remus. The code strongly suggests it is a direct successor to the notorious Lumma Stealer, arriving just months after law‑enforcement disruption and public doxxing of Lumma’s core operators in 202…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are turning the Claude Code source leak into an active malware-delivery channel, using GitHub Releases to push the Vidar stealer and GhostSocks under the guise of “leaked” Anthropic tooling. The incident shows how human and governance failures …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a major counter-cyberespionage action dubbed “Operation Masquerade,” the U.S. Justice Department and the FBI successfully neutralized a global network of compromised small office/home office (SOHO) routers. The infrastructure was control…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
