Experts from Insikt Group have presented the first comprehensive investigation into the activities of Lumma Stealer affiliates—one of the most widespread families of data-stealing malware. Covering the period from mid-2024 through the first half...
A new entrant from the United Arab Emirates has shaken up the tightly controlled vulnerability market. Advanced Security Solutions, launched in August, has announced its willingness to pay up to $20 million for smartphone...
Microsoft has restricted Chinese companies’ access to early notifications about vulnerabilities in its products. The decision follows an internal investigation into potential leaks from the Microsoft Active Protections Program (MAPP), a system designed to...
Amid the escalating wave of cyberthreats—particularly from advanced threat groups—one of the most dangerous yet persistently underestimated attack vectors remains almost unchanged: the compromise of user accounts through password guessing. According to the newly...
The story of an enthusiast hacker breaching McDonald’s digital infrastructure in pursuit of free chicken nuggets has spiraled into a sweeping security investigation, exposing dozens of critical vulnerabilities within the corporation’s systems. On August...
Researchers at Resecurity have drawn attention to an exceptionally dangerous attack that enables adversaries to seize full control over an organization’s Active Directory domain infrastructure—all while exploiting default Windows configurations. The technique combines MITM6,...
Researchers have uncovered a new politically tinged campaign targeting the Solana blockchain ecosystem and, apparently, developers of cryptocurrency projects in Russia. Specialists at Safety, a company focused on securing software supply chains, identified a...
The popular Chrome extension FreeVPN.One, installed by more than 100,000 users and marked with a verification check, has been exposed as spyware. Researchers from Koi Security discovered that it secretly captures screenshots of user...
In its latest Fastly Threat Insights report, researchers analyzed more than 6.5 trillion monthly web requests to uncover emerging patterns in AI bot traffic. This rapidly expanding segment of automated systems is already exerting...
The website automation platform Lovable has found itself at the center of widespread abuse. Researchers from Proofpoint have documented a sharp increase in cases where its features, originally intended for legitimate web projects, were...