-
A recent authorized red team operation by Howler Cell has demonstrated a critical attack path that completely bypasses Microsoft Entra ID (Azure AD) Conditional Access. Azure Conditional Access acts as the primary gatekeeper for cloud identity security…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ransomware and data extortion groups are increasingly targeting the aviation and aerospace sector, exploiting interconnected systems, shared platforms, and identity-based access models to cause operational disruption and data compromise. Cyber risk acr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Palo Alto Networks has issued an urgent security advisory concerning a critical vulnerability affecting its PAN-OS software. Tracked as CVE-2026-0300, this high-severity security flaw carries a CVSS 4.0 base score of 9.3 and is currently experiencing l…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated supply-chain attack has compromised the official distribution channel for DAEMON Tools, delivering multi-stage malware to users worldwide. Since April 8, 2026, threat actors have distributed trojanized installers signed with legitimate …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated multiplatform supply-chain attack orchestrated by the North Korea-aligned APT group ScarCruft, targeting ethnic Koreans in China’s Yanbian region through a compromised gaming platform. The attack, believed to have been ongoing sin…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Silver Fox is running a tax‑themed phishing campaign that abuses fake notices from Indian and Russian tax authorities to drop ValleyRAT and a new Python backdoor dubbed ABCDoor, using a customized RustSL loader to evade detection and enforce strict geo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical unauthenticated remote code execution vulnerability in Weaver (Fanwei) E-cology is being actively exploited in the wild, with real-world intrusion activity traced back to mid-March 2026, weeks before public awareness. Tracked as CVE-2026-226…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Networking and security leader Cisco has announced its intent to acquire Astrix Security, a pioneer in Non-Human Identity (NHI) management. Announced in May 2026, this acquisition is designed to help enterprises secure the rapidly expanding “agen…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cerberus Anti-theft, a long-running Android “security” app, is operating as full-featured stalkerware on Google Play, abusing accessibility services and Google Firebase to give abusers near-total remote control over victims’ phones. Once installed, Cer…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
WhatsApp has recently patched two notable security vulnerabilities that could have allowed attackers to execute malicious links and disguise dangerous files. The most alarming discovery involves a flaw in how WhatsApp processes Instagram Reels. This vu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
