Information Security News Blog
-
Fraudsters have turned human trust into a global, multi-million-dollar industry. The latest coordinated strike against that industry is among the largest in recent years. Operation First Light 2026 brought together law enforcement from 97...
-
A ransomware negotiator is supposed to help victim organizations reduce what they pay. Angelo Martino did the opposite. He secretly told the attackers how much each client was willing to pay. He collected a...
-
The IRIS C2 cybersecurity startup promises millions of dollars for undiscovered zero-day vulnerabilities. Furthermore, it offers mobile phone hacking tools directly to government agencies. However, two convicted political provocateurs orchestrate this high-profile venture. These...
A single crafted network request can transform a Palo Alto Networks firewall from a security boundary into an entry point. A vulnerability in PAN-OS allows a remote, unauthenticated attacker to disrupt device operation and...
An ordinary cryptocurrency wallet library update quickly transformed into a devastating trap. Within just 49 minutes, this trap could hand attackers complete control over user funds. Specifically, malicious actors embedded a malicious code payload...
The US National Security Agency restored the name Tailored Access Operations (TAO) to its elite hacking unit. Furthermore, this decision forms part of an internal reorganization. This shift aims to accelerate missions against foreign...
Iranian hackers have transformed ubiquitous system administration tools into clandestine pathways for infiltrating highly secure networks. The threat actor known as Cavern Manticore leverages a novel, modular framework dubbed “Cavern.” They orchestrate sophisticated cyberattacks...
Sometimes a single opened email is all it takes to compromise a university network. Researchers at Proofpoint have uncovered a campaign they call UNK_MassTraction. A threat group believed to have ties to China was...
A security research firm has disclosed a two-vulnerability exploit chain named IonStack that affects Android 17. Nebula Security identified both vulnerabilities and has already notified the relevant developers. The company reports no evidence of...
CrowdStrike has expanded its critical classification of artificial intelligence attacks. Malicious actors frequently inject harmful instructions directly into AI prompts. Therefore, security specialists recently added 18 new methods to their extensive database. Consequently, the...
Specialists at Cisco Talos have unveiled new details regarding the UAT-7810 group. This collective actively develops the sophisticated LapDogs ORB network. They strategically infect internet routers to help other China-affiliated factions safely conceal their...
In a recent update, Adobe patched a suite of dangerous vulnerabilities. Several of these flaws allowed attackers to execute code directly on the server. These severe problems affect Adobe ColdFusion 2025 through Update 9....
The Scope of the FortiBleed Breach According to a report detailing how Russian hackers steal government logins, cybercriminals have successfully acquired the usernames and passwords of British government personnel. This breach affects overseas workers...
A New Breed of Cloud Warfare Cloud infrastructure represents a modern battleground. This conflict occurs not merely between cybersecurity defenders and malicious actors. Surprisingly, rival cybercriminal syndicates also war among themselves. For example, a...
A seemingly mundane submission within a bug-tracking system can masquerade as a covert directive for artificial intelligence. Recently, researchers at Noma Labs demonstrated how a singular GitHub Issue can manipulate GitHub Agentic Workflows. Consequently,...