GoExec is a new take on some of the methods used to gain remote execution on Windows devices. GoExec implements a number of largely unrealized execution methods and provides significant OPSEC improvements overall. Goexec supports...
Spanish police have begun casting a wary eye on users of Google Pixel smartphones, suspecting potential ties to criminal activity. In Catalonia, law enforcement officials report a growing trend of drug traffickers relying specifically...
One of the world’s largest steel manufacturing conglomerates, the Japanese company Nippon Steel, has reported a large-scale cyberattack during which hackers gained unauthorized access to data belonging to clients, employees, and business partners. The...
Researchers at Huntress have observed active exploitation of a critical vulnerability in Wing FTP Server—a mere day after its public disclosure. The flaw, tracked as CVE-2025-47812, received the highest possible severity rating (CVSS 10.0),...
Jack Dorsey, co-founder of Twitter and head of Block, recently unveiled his latest endeavor—Bitchat, a messaging application envisioned as a fully decentralized communication tool, independent of traditional internet infrastructure. Instead of relying on conventional...
The research laboratory Security Explorations has unveiled the results of a months-long investigation exposing critical vulnerabilities at the core of eSIM technology. The focus of their analysis was a GSMA-certified eUICC card developed by...
McDonald’s hiring system was found to be secured by a password so trivial that even a child might guess it—”123456.” Two elementary vulnerabilities granted access to the personal data of over 64 million job...
Four vulnerabilities within the Bluetooth stack BlueSDK, developed by OpenSynergy and collectively named PerfektBlue, pose a serious security threat to millions of vehicles. These flaws allow remote code execution on targeted devices and potentially...
Researchers have uncovered a new packer, Ducex, which conceals one of the most formidable mobile malware threats— the Triada Trojan—through advanced encryption and obfuscation techniques. Its analysis in the interactive sandbox environment ANY.RUN reveals...
A federal court in New York has issued a harsh ruling in a high-profile cryptocurrency theft case. Nicholas Truglia, previously convicted for his role in the cyberattack targeting entrepreneur Michael Terpin’s digital assets, has...
Domain Coverage Analysis Tool Tool for analyzing domain security based on various data sources: LDAP domain dump NTDS.dit dump Hashcat output List modules uv run main.py -l Available modules: – reversible_encryption – passwords_reuse –...
A lightweight, ergonomic framework for building bug bounty-ready Cybersecurity AIs (CAIs). Why CAI? The cybersecurity landscape is undergoing a dramatic transformation as AI becomes increasingly integrated into security operations. We predict that by 2028, AI-powered...
Experts at SentinelOne have reported the discovery of new traces of activity linked to the ZuRu malware, which specifically targets macOS users. Its primary method of distribution is the impersonation of popular macOS applications—most...
DeviceCodePhishing This is a novel technique that leverages the well-known Device Code phishing approach. It dynamically initiates the flow as soon as the victim opens the phishing link and instantly redirects them to the...
Activision has disabled the Microsoft Store version of Call of Duty: WWII after hackers began exploiting a critical vulnerability that enabled remote access to players’ computers. The affected users were those who installed the...
A Russian blockchain developer has fallen victim to a targeted attack executed through a counterfeit extension within the Cursor AI environment, resulting in the theft of approximately $500,000 worth of cryptocurrency. The incident was...
